|
|
panchostein1
new user
Reg'd: Wed
Posts: 12
|
|
this is myLogfile of HijackThis v1.97.7
Scan saved at 7:20:03 PM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\PANICW~1\dpps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\HTJ\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FRANCI~1.VAI\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\FRANCI~1.VAI\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\dpps2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [System Tray] D:\My Documents\statedocff\doc_details.pif
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: BellSouth Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38111.6494212963
O16 - DPF: {C74190B6-8589-11D1-B16A-00C0F0283628} (Microsoft TreeView Control 6.0 (SP4)) - http://sipnet.stateindustrial.com/CAB Files/mscomctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
|
|
putasolutions
regular
Reg'd: Tue
Posts: 12845
Loc: Infinity and beyond
|
|
Close all windows, restart Hijack this and put a check mark against the following
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FRANCI~1.VAI\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\FRANCI~1.VAI\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKCU\..\Run: [System Tray] D:\My Documents\statedocff\doc_details.pif
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
Click Fix Checked
Restart your PC
Do your computer a favour and uninstall Webshots
Do a fresh Hijack this log, if these two show in your new log, add these
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
Post a fresh log to the forum
Please post your query to the boards, so that others can learn
Remember there is no such thing as a simple question, just a question you don't know the answer to, though they are the easiest to answer 
|
Barney_Rubble
regular
Reg'd: Tue
Posts: 2699
|
|
Ad Watch, Puta?
Is that because, like me, you think it's more trouble than it's worth, or is there something I don't know?
I paid for Ad Aware Plus (which includes Ad Watch) some time ago, but I've long since gone back to the plain old free Ad Aware instead.
Click here for Barney's Place.
Links to a wide range of useful and essential freeware all in one place.
There is intelligent life on Earth, but I'm only visiting.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
i think it's more you just don't need it running at start up. (bet i'm wrong) 
AVG ANTIVIRUS..AVG email scanner..SYGATE FIREWALL..ADAWARE..SPYWAREBLASTER..HIJACK THIS..WINDOWS UPDATE..COOLWEBSHREDDER.. SPYWARE GUARD..WINZIP.. DISKEEPERLITE
BARNEYS PLACE
|
putasolutions
regular
Reg'd: Tue
Posts: 12845
Loc: Infinity and beyond
|
|
Correctomundo!
Please post your query to the boards, so that others can learn
Remember there is no such thing as a simple question, just a question you don't know the answer to, though they are the easiest to answer
|
panchostein1
new user
Reg'd: Wed
Posts: 12
|
|
i tried four times already and keep getting the same results this is my latest
Logfile of HijackThis v1.97.7
Scan saved at 4:45:43 PM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\program files\support.com\client\bin\tgcmd.exe
C:\PROGRA~1\PANICW~1\dpps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\HTJ\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FRANCI~1.VAI\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\FRANCI~1.VAI\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E8B9D0ED-C3BD-433B-9A57-27A28C7F9FA4} - C:\WINDOWS\System32\mmllhaa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\dpps2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [System Tray] D:\My Documents\statedocff\doc_details.pif
O4 - Global Startup: ZoneAlarm Pro.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: BellSouth Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38111.6494212963
O16 - DPF: {C74190B6-8589-11D1-B16A-00C0F0283628} (Microsoft TreeView Control 6.0 (SP4)) - http://sipnet.stateindustrial.com/CAB Files/mscomctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
|
KangarooPoo
regular
Reg'd: Thu
Posts: 1090
|
|
Click Here or Here to download FindnFix.exe. Double-click on the FINDnFIX.exe and it will install a folder called FINDnFIX on your system. Go to that folder and double-click on !LOG!.bat. The program takes a few minutes to collect the necessary information. When done post the contents of Log.txt back here.
|
panchostein1
new user
Reg'd: Wed
Posts: 12
|
|
i tried to run the findfix.exe but it said that i don't have notepad.exe file. so i can get log file post it.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
try this to get notepad.exe back.
Go to this folder C:\Windows\System32\dllcache
Click Tools/Folder Options Turn on show hidden files and folders.
Then turn OFF "hide protected operating system files".
This is your backup of windows system files which notepad is one of.
Find notepad.exe, right click and click copy. Next go to the shortcut for notepad in your start menu. Right click and choose properties.
Click "find target". This will open the containing folder.
Right click in this folder and click paste. Windows will tell you the file already exists do you want to replace it. Click yes and you have restored notepad.
Go back to Folder Options and hide the system files and hidden files again.
AVG ANTIVIRUS..AVG email scanner..SYGATE FIREWALL..ADAWARE..SPYWAREBLASTER..HIJACK THIS..WINDOWS UPDATE..COOLWEBSHREDDER.. SPYWARE GUARD..WINZIP.. DISKEEPERLITE
BARNEYS PLACE
Sic biscuitus disintegratum
|
panchostein1
new user
Reg'd: Wed
Posts: 12
|
|
this is the log,i opened with word but i will try to get back notepad.thanks for the tip
*** freeatlast100.100free.com ***
Microsoft Windows XP [Version 5.1.2600]
IE build and last SP(s)
6.0.2800.1106 SP1-Q328970-Q324929-Q810847-Q813951-Q813489-Q330994-Q818529-Q822925-Q828750-Q824145-Q832894-Q837009-Q831167
The type of the file system is FAT32.
C: is not dirty.
Sat 07/03/2004
10:39am up 0 days, 0:05
***LOG!***
Scanning for file(s)...
*********
(*1*) .........
Locked or 'Suspect' file(s) found...
C:\WINDOWS\System32\LOGH.DLL File read error
\\?\C:\WINDOWS\System32\LOGH.DLL File read error
(*2*) ........
**File C:\FINDnFIX\LIST.TXT
LOGH.DLL Can't Open!
(*3*) ........
C:\WINDOWS\SYSTEM32\
logh.dll Mon Jun 21 2004 10:36:34p ....R 57,344 56.00 K
1 item found: 1 file, 0 directories.
Total of file sizes: 57,344 bytes 56.00 K
unknown/hidden files...
No matches found.
(*4*) .........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.
Sniffed -> C:\WINDOWS\SYSTEM32\LOGH.DLL
*********
Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)
Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448
Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = (*** MISSING TRAILING NULL CHARACTER ***)
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710
Security settings for 'Windows' key:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
Member of...: (Admin logon required!)
User is a member of group VAIO\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group \LOCAL.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
Service search:(different variant) '"Network Security Service","__NS_Service_3"...
[SC] GetServiceKeyName FAILED 1060:
The specified service does not exist as an installed service.
[SC] GetServiceDisplayName FAILED 1060:
The specified service does not exist as an installed service.
Notepad check....
C:\WINDOWS\
notepad.exe Mon Jun 21 2004 10:36:30p A.... 66,048 64.50 K
1 item found: 1 file, 0 directories.
Total of file sizes: 66,048 bytes 64.50 K
No matches found.
C:\WINDOWS\SYSTEM32\DLLCACHE\
notepad.exe Mon Jun 21 2004 10:36:30p A.... 66,048 64.50 K
1 item found: 1 file, 0 directories.
Total of file sizes: 66,048 bytes 64.50 K
--a-- W32i APP ENU 5.1.2600.0 shp 66,048 06-21-2004 notepad.exe
Language 0x0409 (English (United States))
CharSet 0x04b0 Unicode
OleSelfRegister Disabled
CompanyName Microsoft Corporation
FileDescription Notepad
InternalName Notepad
OriginalFilenam NOTEPAD.EXE
ProductName Microsoft Windows Operating System
ProductVersion 5.1.2600.0
FileVersion 5.1.2600.0 (xpclient.010817-1148)
LegalCopyright Microsoft Corporation. All rights reserved.
VS_FIXEDFILEINFO:
Signature: feef04bd
Struc Ver: 00010000
FileVer: 00050001:0a280000 (5.1:2600.0)
ProdVer: 00050001:0a280000 (5.1:2600.0)
FlagMask: 0000003f
Flags: 00000000
OS: 00040004 NT Win32
FileType: 00000001 App
SubType: 00000000
FileDate: 00000000:00000000
Dir 'junkxxx' was created with the following permissions...
(FAT32=NA)
Directory "C:\junkxxx"
Permissions:
NA
Auditing:
NA
Owner: \Everyone
Primary Group: \Everyone
Backups created...
10:40am up 0 days, 0:07
Sat 07/03/2004
A C:\FINDnFIX\winBack.hiv
--a-- - - - - - 8,192 07-02-2004 winback.hiv
A C:\FINDnFIX\keys1\winkey.reg
--a-- - - - - - 287 07-02-2004 winkey.reg
Performing 16bit string scan....
00001150: vk : f AppInit_DLLs G
00001190: C : \ W I N D O W S \ S y s t e m 3 2 \ l o g h . d l l
000011D0: h vk UDeviceNotSelectedTimeout 1 5
00001210: P 9 0 vk ' zGDIProcessHandle
00001250:Quota" vk x Spooler2 y e s _ h
00001290: ( X vk 5swapdisk vk
000012D0: . TransmissionRetryTimeout h ( X
00001310: vk ' o USERProcessHandleQuotan
00001350:
00001390:
000013D0:
00001410:
00001450:
00001490:
000014D0:
00001510:
00001550:
---------- WIN.TXT
fAppInit_DLLs֍GC
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
Windows
AppInit
UDeviceNotSelectedTimeout
zGDIProcessHandleQuota"
Spooler2
5swapdisk
TransmissionRetryTimeout
USERProcessHandleQuotan
**File C:\FINDnFIX\WIN.TXT
Edited by panchostein1 on 03/07/2004 15:49 (server time).
|
KangarooPoo
regular
Reg'd: Thu
Posts: 1090
|
|
Be sure to follow the next set of steps carefully, in
the exact order specified:
-Open the FINDnFIX\Keys1 Subfolder.
- Locate the "MOVEit.bat" file, Right-Click
on it, select->edit:
The file will open as text file.
-Copy and paste the following line into the 'MOVEit' file, replacing it's contents:
move%WinDir%\System32\LOGH.DLL%SystemDrive%\junkxxx\LOGH.DLL
Be sure to Replace the text in the file with the command above!
-Save the file and close.
*Get ready to restart your computer:
-In the same folder, DoubleClick on the "FIX.bat" file.
You will be prompted by popup -Alert to restart in 15 seconds.
-Allow it to restart the computer!
-On restart, Navigate to:
C:\FINDnFIX\ main folder:
-DoubleClick on the "RESTORE.bat" file.
It'll run and produce new log. (log1.txt) post it here.
|
panchostein1
new user
Reg'd: Wed
Posts: 12
|
|
i couldn't edit MOVEit ; when i try to open windows alert says that windows can't find the file. i downloaded FINDnFIX again and still cannot edit the MOVEit file(the same windows alert shows up)
|
KangarooPoo
regular
Reg'd: Thu
Posts: 1090
|
|
You're Notepad file has been compromised by CWS:
Go to this folder C:\Windows\System32\dllcache
Click Tools/Folder Options Turn on show hidden files and folders.
Then turn OFF "hide protected operating system files".
This is your backup of windows system files which notepad is one of.
Find notepad.exe, right click and click copy. Next go to the shortcut
for notepad in your start menu. Right click and choose properties.
Click "find target". This will open the containing folder.
Right click in this folder and click paste. Windows will tell you the
file already exists do you want to replace it. Click yes and you have
restored notepad.
Go back to Folder Options and hide the system files and hidden files again.
Then try the last step I posted.
Edited by KangarooPoo on 05/07/2004 13:48 (server time).
|
panchostein1
new user
Reg'd: Wed
Posts: 12
|
|
i went to windows\system32\dllcache , but i couldn't find the dllcache file. there is other way that i can restore the notepad or i can use word for those can of file?.
the other think that i noted when i got into the internet now i only get about.blank homepage but without the contents on the pages and no pop up. can i run hijacking program again and try to post the log thru word?
Edited by panchostein1 on 05/07/2004 17:42 (server time).
|
KangarooPoo
regular
Reg'd: Thu
Posts: 1090
|
|
Go to C:\Windows\System32\ and see if you can find junkxxx, open it and post back here the contents listed.
|
panchostein1
new user
Reg'd: Wed
Posts: 12
|
|
i don't find the file either.
|
panchostein1
new user
Reg'd: Wed
Posts: 12
|
|
this is my latest hijack log, i keep marking them out but keep coming back.Logfile of HijackThis v1.98.0
Scan saved at 7:15:03 PM, on 7/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\system32\ZONELABS\minilog.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\program files\support.com\client\bin\tgcmd.exe
C:\PROGRA~1\PANICW~1\dpps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\HTJ\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\FRANCI~1.VAI\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\FRANCI~1.VAI\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Family\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6CF1449B-5AEF-4160-99B8-12FFD574C8C6} - C:\WINDOWS\System32\lfine.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\dpps2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [System Tray] D:\My Documents\statedocff\doc_details.pif
O4 - Global Startup: ZoneAlarm Pro.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = D:\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: BellSouth Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - D:\Program Files\BellSouth Messenger\BSM.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {C74190B6-8589-11D1-B16A-00C0F0283628} (Microsoft TreeView Control 6.0 (SP4)) - http://sipnet.stateindustrial.com/CAB Files/mscomctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B406C527-E9A9-465D-8901-14D908C99411}: NameServer = 205.152.144.23 205.152.132.23
O18 - Filter: text/html - {A9DCF99A-2CA8-43A0-98B6-7B0DD9AFE713} - C:\WINDOWS\System32\lfine.dll
O18 - Filter: text/plain - {A9DCF99A-2CA8-43A0-98B6-7B0DD9AFE713} - C:\WINDOWS\System32\lfine.dll
|
panchostein1
new user
Reg'd: Wed
Posts: 12
|
|
this is the last findnfix log that i could get; please help me out how to get rid of this
problem.
*** freeatlast100.100free.com ***
Microsoft Windows XP [Version 5.1.2600]
IE build and last SP(s)
6.0.2800.1106 SP1-Q328970-Q324929-Q810847-Q813951-Q813489-Q330994-Q818529-Q822925-Q828750-Q824145-Q832894-Q837009-Q831167
The type of the file system is FAT32.
C: is dirty. You may use the /C option to schedule chkdsk for
this drive.
Wed 07/07/2004
4:40pm up 0 days, 0:09
***LOG!***
Scanning for file(s)...
*********
(*1*) .........
Locked or 'Suspect' file(s) found...
C:\WINDOWS\System32\LOGH.DLL +++ File read error
\\?\C:\WINDOWS\System32\LOGH.DLL +++ File read error
(*2*) ........
**File C:\FINDnFIX\LIST.TXT
LOGH.DLL Can't Open!
(*3*) ........
C:\WINDOWS\SYSTEM32\
logh.dll Mon Jun 21 2004 10:36:34p ....R 57,344 56.00 K
1 item found: 1 file, 0 directories.
Total of file sizes: 57,344 bytes 56.00 K
unknown/hidden files...
No matches found.
(*4*) .........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.
Sniffed -> C:\WINDOWS\SYSTEM32\LOGH.DLL
(*5*)
**File C:\WINDOWS\SYSTEM32\DLLXXX.TXT
Access denied ..................... LOGH.DLL .....57344 21.06.2004
*********
Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)
Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448
Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = (*** MISSING TRAILING NULL CHARACTER ***)
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710
Security settings for 'Windows' key:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
Member of...: (Admin logon required!)
User is a member of group VAIO\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group \LOCAL.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.
Service search:(different variant) '"Network Security Service","__NS_Service_3"...
[SC] GetServiceKeyName FAILED 1060:
The specified service does not exist as an installed service.
[SC] GetServiceDisplayName FAILED 1060:
The specified service does not exist as an installed service.
Notepad check....
C:\WINDOWS\
notepad.exe Mon Jun 21 2004 10:36:30p A.... 66,048 64.50 K
1 item found: 1 file, 0 directories.
Total of file sizes: 66,048 bytes 64.50 K
No matches found.
C:\WINDOWS\SYSTEM32\DLLCACHE\
notepad.exe Mon Jun 21 2004 10:36:30p A.... 66,048 64.50 K
1 item found: 1 file, 0 directories.
Total of file sizes: 66,048 bytes 64.50 K
--a-- W32i APP ENU 5.1.2600.0 shp 66,048 06-21-2004 notepad.exe
Language 0x0409 (English (United States))
CharSet 0x04b0 Unicode
OleSelfRegister Disabled
CompanyName Microsoft Corporation
FileDescription Notepad
InternalName Notepad
OriginalFilenam NOTEPAD.EXE
ProductName Microsoft Windows Operating System
ProductVersion 5.1.2600.0
FileVersion 5.1.2600.0 (xpclient.010817-1148)
LegalCopyright Microsoft Corporation. All rights reserved.
VS_FIXEDFILEINFO:
Signature: feef04bd
Struc Ver: 00010000
FileVer: 00050001:0a280000 (5.1:2600.0)
ProdVer: 00050001:0a280000 (5.1:2600.0)
FlagMask: 0000003f
Flags: 00000000
OS: 00040004 NT Win32
FileType: 00000001 App
SubType: 00000000
FileDate: 00000000:00000000
Dir 'junkxxx' was created with the following permissions...
(FAT32=NA)
Directory "C:\junkxxx"
Permissions:
NA
Auditing:
NA
Owner: \Everyone
Primary Group: \Everyone
Backups created...
4:42pm up 0 days, 0:11
Wed 07/07/2004
A C:\FINDnFIX\winBack.hiv
--a-- - - - - - 8,192 07-07-2004 winback.hiv
A C:\FINDnFIX\keys1\winkey.reg
--a-- - - - - - 287 07-07-2004 winkey.reg
Performing 16bit string scan....
00001150: vk : f AppInit_DLLs G
00001190: C : \ W I N D O W S \ S y s t e m 3 2 \ l o g h . d l l
000011D0: h vk UDeviceNotSelectedTimeout 1 5
00001210: P 9 0 vk ' zGDIProcessHandle
00001250:Quota" vk x Spooler2 y e s _ h
00001290: ( X vk 5swapdisk vk
000012D0: . TransmissionRetryTimeout h ( X
00001310: vk ' o USERProcessHandleQuotan
00001350:
00001390:
000013D0:
00001410:
00001450:
00001490:
000014D0:
00001510:
00001550:
---------- WIN.TXT
fAppInit_DLLs֍GC
C:\WINDOWS\System32\logh.dll
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
**File C:\FINDnFIX\WIN.TXT
regf Pugf
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31982
Loc: belfast
|
|
Open the FINDnFIX\Keys1 Subfolder.
- Locate the "MOVEit.bat" file, Right-Click
on it, select->edit:
The file will open as text file.
-Copy and paste the following line into the 'MOVEit' file, replacing it's contents:
move%WinDir%\System32\ LOGH.DLL%SystemDrive%\junkxxx\LOGH.DLL
Be sure to Replace the text in the file with the command above!
-Save the file and close.
*Get ready to restart your computer:
-In the same folder, DoubleClick on the "FIX.bat" file.
You will be prompted by popup -Alert to restart in 15 seconds.
-Allow it to restart the computer!
-On restart, Navigate to:
C:\FINDnFIX\ main folder:
-DoubleClick on the "RESTORE.bat" file.
It'll run and produce new log. (log1.txt) post it here.
AVG ANTIVIRUS..AVG email scanner..SYGATE FIREWALL..ADAWARE..SPYWAREBLASTER..HIJACK THIS..WINDOWS UPDATE..COOLWEBSHREDDER.. SPYWARE GUARD..WINZIP.. DISKEEPERLITE
BARNEYS PLACE
Sic biscuitus disintegratum
|
panchostein1
new user
Reg'd: Wed
Posts: 12
|
|
i have problem to open that file, it promp me an error that doesn't find the file. when i try to press edit and gave me the error. there is other way to open or edit this file(i am missing notepad.exe) and i can't find the dllcache file to retrieve the notepad back-up.
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
