Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

regedit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

regedit

Unread postby chuky_r_law » September 14th, 2006, 12:59 pm

i have windows xp. i am trying to run the registry. before i used to just type 'regedit' and i would be able to access the registry. now when i enter this command i get this message:'regedit is not a valid win32 application'. can anyone please tell me what that is all about? it certainly looks suspicious. als, i have winguard.exe(something to do with the south park worm). any tips on to best to delete it?(simply hitting delete doesn't work).

thanks!


chuky
chuky_r_law
Regular Member
 
Posts: 26
Joined: June 16th, 2005, 2:18 am
Top
Advertisement
Register to Remove

Unread postby 1972vet » September 14th, 2006, 2:33 pm

Please download:
Dr.Web Cure it.
Double click on the cureit.exe then click "Start".

During the scan infected files are cured, incurable files are moved to the quarantine directory. When the scanning is finished, the log file and the quarantined item/s will not be deleted. Once you determine that the quarantined file is indeed bad, you must manually delete it/them.

To scan your computer with the most up-to-date Dr.Web virus bases next time you scan, you should download a new Dr.Web CureIt! package. To do this, press the "Update" link on the first utility screen, which leads to the ftp-server where the latest version of CureIt! is located. Download the utility anew and run it again. Be sure to delete the out dated version each time.

Please post back the contents of the log generated during the scan along with a fresh HijackThis log. Thanks!


Click HERE to download a self extractable version of hijackthis.

Double click on the hjthis.exe then click "extract". It will be extracted automatically to it's own folder located here:
C:\hijackthis

This folder is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

You can double click the icon that was placed on the Desktop to run hijackthis or you can use the icon inside the folder.

Click Do a system scan and save a logfile. Copy and paste the contents of that log back here in this thread. Thanks!
1972vet
Regular Member
 
Posts: 34
Joined: June 2nd, 2006, 11:44 pm
Top

Unread postby chuky_r_law » September 18th, 2006, 6:38 am

im not sure if this is what you wanted from dr. web. if not let me know

attachmanager.asp;C:\Jeannie MIXED NB\Fireball SITE\clients\bisopp\nmanagerpro\admin\attachmanager;Probably SCRIPT.Virus;;
webedit.asp;C:\Jeannie MIXED NB\Fireball SITE\cms;Probably SCRIPT.Virus;;
webedit.asp;C:\Jeannie MIXED NB\Fireball SITE\OLD_Fireball\cms;Probably SCRIPT.Virus;;
A0028650.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262;Adware.Casino;Incurable.Deleted.;
A0030220.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP282;Adware.WildMedia;Incurable.Deleted.;
A0030699.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP296;Adware.Zango;Incurable.Deleted.;
also here is my hijack this log. anything you see in relation to poker is something i know i have downloaded. i have also noted a new process operating called wincfg.exe. i googled it and it came up as malware. thanks for your time on this.


Logfile of HijackThis v1.99.1
Scan saved at 11:31:37, on 18/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\wincfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Cathal Donnellan\Desktop\cureit.exe
C:\DOCUME~1\CATHAL~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\CATHAL~1\LOCALS~1\Temp\RarSFX0\cureit.exe
C:\Documents and Settings\Cathal Donnellan\Desktop\Protection\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=no&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/defau ... l=no&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C64 Series (Copy 1)" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [winguard] c:\windows\winguard.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: DATEwise.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Paddy Power Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PADDYP~1\client.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Boyle Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
chuky_r_law
Regular Member
 
Posts: 26
Joined: June 16th, 2005, 2:18 am
Top

Unread postby 1972vet » September 18th, 2006, 1:07 pm

Your Java application is out of date. Older versions of Java still running on your system can create a slight security risk and should be removed. Please remember with each Java update, the software does not uninstall the previous version. With each update, ususlly at about 100MB's or so, you can see how the benefit will also be from having recovered quite a bit of Disk space.

Please follow these steps to remove older version Java components

1. Close any open programs you may have running, especially your web
browser.

2. Click Start-->Control Panel-->Add or Remove Programs.
For those just reading this thread:
Depending on your OS, you may have to click Start-->Settings-->Control Panel-->Add or Remove Programs.

3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.
Not every version of Java will begin with "Java" so be sure to read each entry in the list.
Repeat step 3 as many times as necessary to remove all versions of Java.
**If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

4. Navigate to and delete:
    C:\Program Files\Java <=this folder if found
5. Then go to this page.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"and click the "Download" button to the right.

6. Check the box that says: "Accept License Agreement" the page will refresh and click on the link to download Windows Offline Installation with or without Multi-language. Save it to your desktop.
Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.


I don't know what this process is...there are quite a few legitimate applications that could be using this, but it should not be running from a temp folder. It may be because the application using it was run from the zipped file and was not extracted properly (Dr. Web Cureit possibly?):
C:\DOCUME~1\CATHAL~1\LOCALS~1\Temp\RarSFX0\_start.exe

Read here how to unzip/extract properly.

Please download the KILLBOX, extract it to your desktop. DO NOTHING WITH IT YET.

Next, please run an update of your on board antivirus software. DO NOT RUN A SCAN YET, JUST UPDATE THE SOFTWARE AND CLOSE THE APPLICATION.

Please make sure your on board Ewido scanner is configured as outlined below, and continue with the instructions to run a complete system scan in safe mode:
  • Open Ewido. on the main screen select the icon Update then click the Start Update button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  • Once in the Settings screen click on Recommended actions and then select Quarantine.
  • Under Reports
  • Select Automatically generate report after every scan
  • Un-Select Only if threats were found

Close ewido anti-spyware.

Please boot into Safe mode:

Restart the computer and immediately begin tapping the F8 key (or F5 on some Dell machines).
Use the arrow keys to highlight Safe Mode and press the Enter key. Once in safe mode, continue with the instructions below:

  • Launch ewido anti-spyware by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top, then the Scan tab then click on Complete System Scan.
  • ewido will now begin the scanning process, be patient this may take some time.
  • When prompted of an infection, please select Apply all actions

Once the scan is complete do the following:
  • Next select the Reports icon at the top.
  • Select the Save report as button in the lower left hand of the screen and save it to your Desktop.

Now close ewido anti-spyware and run a complete system scan using your on board antivirus application.

Allow the software to remove what it finds.

Next, please open killbox.exe.

First click on Tools>Delete Temp Files.
A box will open with a list of all user profiles.

Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.

Temporary Internet Files
Temp Files
XP Prefetch

If you want to clean your cookies, history, and list of recent files run you may check those boxes as well.

Then, click on the Button titled "Delete Selected Temp Files".
Exit by clicking the Button titled "Exit(Save Settings)".

Once back into the main killbox program, check the box:

Delete on Reboot

Highlight the entries in the quote box below and then copy them.
c:\windows\wincfg.exe
c:\windows\winguard.exe

Then in killbox click File>>Paste from Clipboard

At this point the "All Files" button should be enabled so you can click it.
Click the "All Files" button.

Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes.

A second message will ask to Reboot now? you will need to click No for now.
Note: Killbox will let you know if a file does not exist.

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until you've completed the instructions below.

Please run HijackThis again and check the following that may still exist:
O4 - HKCU\..\Run: [winguard] c:\windows\winguard.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

Now, close all windows except for the HijackThis application window Then click Fix Checked.

Reboot the computer and post the log from your Ewido scan along with a fresh HijackThis log. Thanks!
1972vet
Regular Member
 
Posts: 34
Joined: June 2nd, 2006, 11:44 pm
Top

Unread postby chuky_r_law » September 18th, 2006, 8:22 pm

everything seemed to go well. 2 things though:

1. i couldnt find this file

C:\DOCUME~1\CATHAL~1\LOCALS~1\Temp\RarSFX0\_start.exe

2. i couldnt find winguard.exe either

besides that all good.

below are my the ewido and hijackthis files. once again thank you for sparing your time.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:28:06 18/09/2006

+ Scan result:



C:\WINDOWS\winguard.exe -> Downloader.Preved.a : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.395:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.412:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.413:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.414:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.415:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.416:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Cathal Donnellan\Cookies\cathal donnellan@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 01:22:31, on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cathal Donnellan\Desktop\Protection\HijackThis.exe
C:\Documents and Settings\Cathal Donnellan\Desktop\Protection\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=no&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/defau ... l=no&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C64 Series (Copy 1)" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: DATEwise.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Paddy Power Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PADDYP~1\client.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Boyle Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
chuky_r_law
Regular Member
 
Posts: 26
Joined: June 16th, 2005, 2:18 am
Top

Unread postby 1972vet » September 18th, 2006, 9:57 pm

everything seemed to go well. 2 things though:

1. i couldnt find this file
C:\DOCUME~1\CATHAL~1\LOCALS~1\Temp\RarSFX0\_start.exe
It may be a moot point, as of now it no longer shows in the log. The Documents and Settings folders are hidden. You would have to change your system settings in order to view the folders. I suspect it was being used by the Dr. Web Cureit. You can check it by running Dr. Web Cureit and while you have the application open, run a new HijackThis log. See if that line appears under the "Running Processes" section. If so, it's fine.
2. i couldnt find winguard.exe either
besides that all good.
That's because the killbox did the trick. It's gone.


Congratulations, your log looks clean!

Now that your system is clean, let's create a new restore point.
Please click "Start > Programs > Accessories > System Tools > System Restore"
In the new window, check the 'Create a restore point' in the right pane and click "Next".
In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean)
Click "Create" and reboot your computer.

In the future, there are some things you can do to prevent spyware infections:

Install the following freeware programs:
SpywareGuard
Spywareblaster

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

Stay updated with the most recent Windows patches using
Microsoft's Windows Update.

Using the alternate http://www.mozilla.org]browser that you have chosen can reduce your chance of certain infections installing themselves. Good choice!

If you should decide to use Internet Explorer in the future for any surfing, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Run CCleaner often
or Disk Cleanup ("Start > Programs > Accessories > System Tools > Disk Cleanup" ) and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files

So how did I get infected in the first place?
Regards, and Happy Surfing!
1972vet
Regular Member
 
Posts: 34
Joined: June 2nd, 2006, 11:44 pm
Top

Unread postby chuky_r_law » September 19th, 2006, 1:33 am

my laptop is running much better now than before. the slowness is gone. however i still cant open the registry. am i doing something wrong? i type regedit, hit run, and still get the 'regedit is not a valid Win32 application'. any hints on what to do here?
chuky_r_law
Regular Member
 
Posts: 26
Joined: June 16th, 2005, 2:18 am
Top

Unread postby 1972vet » September 19th, 2006, 11:56 am

Do you have your Windows XP installation CD handy? If not, can you search your system for a folder named I386?

The I386 folder would be approximately 400MB's and most probably located at C:\ or maybe C:\Windows

Post back and let me know if either you have the CD, or if not then let me know the full path to the I386 folder if you have it.

If neither, I can tell you there is a script you can use that produces a copy of the utility "Regedit"...as well as Task Manager and Msconfig...but I would prefer to investigate the possibility of using the original installation CD or the I386 folder. Please advise.
1972vet
Regular Member
 
Posts: 34
Joined: June 2nd, 2006, 11:44 pm
Top

Unread postby Nick-YF19 » September 28th, 2006, 3:01 am

While we appreciate that you may be busy, it has been 10 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 164 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index