Post by: Gaute on August 12, 2005, 12:24:41 PM
War of the Trojans!
Could someone please help me to remove a trojan called trojan.mietglieder.bi ?
The irony of it all; this summer I was reading up on old greek mythology, and of course the Trojan horse was a central chapter...
My computer has been working slowly lately, so today I ran a Ad-Aware check and it found that my pc was infected with that trojan.
I've been infected before, and this forum and its members has been very helpful on those occasion.
Regard's
Gaute
Here's my HJT-log:
Logfile of HijackThis v1.99.1
Scan saved at 19:13:33, on 12.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\pctspk.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\MOONS\MPROTECT\PMMODE.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac (http://\"http://www.online.no/proxy.pac\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZPMMode] C:\MOONS\MPROTECT\PMMODE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CFF8CA-A6B0-425C-B019-871DEA59B464}: NameServer = 130.67.15.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CS2\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
Post by: guestolo on August 14, 2005, 10:38:08 PM
Could you please register to the forum and supply a fresh Hijackthis log to this thread
Registering is a simple and free process
If you are a registered user, could you please sign in and then post a new log
Post by: askburlefot on August 16, 2005, 04:30:49 PM
When I ran an Avast check it found five or six entries of Trojans.
Regard's
Gaute
Here is the fresh HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 23:24:14, on 16.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\MOONS\MPROTECT\PMMODE.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Soulseek\slsk.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac (http://\"http://www.online.no/proxy.pac\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZPMMode] C:\MOONS\MPROTECT\PMMODE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CFF8CA-A6B0-425C-B019-871DEA59B464}: NameServer = 130.67.15.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CS2\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
Post by: guestolo on August 16, 2005, 11:25:11 PM
Can you do the following please
Please ensure you are using the latest version of Ad-Aware
Which is Ad-Aware SE Personal 1.06
If not, download and install the latest version
from this link
Be sure it is updated but don't run a scan yet
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run it yet
==Download and then Install
Ewido Security Suite (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation
In safe mode
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files
DECLINE to Log off or Restart when scan is done.
==Open Ewido Security Suite
Give it time to load
Click on the Scanner button on the left menu
Click on the Settings button on the right
Select "Scan Every File"
OK it and then click on the "Complete System Scan"
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
Do another scan with Hijackthis and put a check next to these entries:
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer back to Normal mode
Run another scan with Hijackthis and post a fresh log
Also include the report from Ewidos
Post by: askburlefot on August 18, 2005, 06:23:42 PM
Thanks for taking the time to help out! Much appriciated!
I've done everything on your list, the ewido found 3 infections and
the Ad-aware scan was clean.
Here's the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 01:13:38, on 19.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\MOONS\MPROTECT\PMMODE.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac (http://\"http://www.online.no/proxy.pac\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZPMMode] C:\MOONS\MPROTECT\PMMODE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CFF8CA-A6B0-425C-B019-871DEA59B464}: NameServer = 130.67.15.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CS2\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
And here's the ewido scan report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 23:15:03, 18.08.2005
+ Report-Checksum: 289B7FA7
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{B825DEE4-D4B5-9286-E839-48249C3E89A6} -> Spyware.CoolWebSearch : Cleaned with backup
C:\WINDOWS\system32\msbkf32.dat -> TrojanDownloader.Small.acv : Cleaned with backup
C:\WINDOWS\system32\mswkcdx32.exe -> TrojanDownloader.Small.acv : Cleaned with backup
::Report End
Regard's
Gaute
Post by: askburlefot on August 20, 2005, 05:30:51 AM
Just a small question;
I started my pc in safemode by using F8. That was no problem. But
when I restarted my pc again to go back to normal mode, the
"look" of XP had changed, the interface looked more like NT or
an older version of Windows. Hard edges, no shadow etc...
I've attached an image of the symatec internet site which has the look
my computer had, the "Old" look and the new design..
Perhaps its just something I need to uncheck or..
Thanks for doing a great job on the forum
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> All the best,
Gaute
Post by: guestolo on August 21, 2005, 11:12:30 AM
From what you said, it seems you probably did do some cleaning
Can you right click your desktop and left click properties
Under the Themes tab
Are you in Windows Classic mode?
Are you able to select any other mode?
Updating to Service Pack 2 should help replace files if this is the case
Just for a double check can you do the following
Download Find.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=283\")
Unzip the contents to desktop
Double click on Find.bat and post back the contents
Also Double click on Find1.bat and post the contents
Also post a fresh hijackthis log
Post by: askburlefot on August 22, 2005, 12:38:21 PM
I'm in My Current Theme (translated from Norwegian...)
Under Themes tab I have these opportunities:
1. My current theme
2. Windows XP
3. Windows Standard
4. More themes on the internet
5. Search
What is servicepack 2? A Windows update?
Here's the Find.bat:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000000
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"ThemeActive"="0"
And the Find1.bat:
Volumet i stasjon C er uten navn.
Volumserienummeret er 3839-B830
Innhold i C:\WINDOWS\Resources\Themes
06.08.2003 16:45 <DIR> .
06.08.2003 16:45 <DIR> ..
18.08.2005 22:34 <DIR> Luna
16.09.2002 14:00 1ÿ222 Luna.theme
16.09.2002 14:00 3ÿ025 Windows Classic.theme
2 fil(er) 4ÿ247 byte
Innhold i C:\WINDOWS\Resources\Themes\Luna
18.08.2005 22:34 <DIR> .
18.08.2005 22:34 <DIR> ..
06.08.2003 16:44 <DIR> Shell
0 fil(er) 0 byte
Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell
06.08.2003 16:44 <DIR> .
06.08.2003 16:44 <DIR> ..
06.08.2003 16:45 <DIR> Homestead
06.08.2003 16:46 <DIR> Metallic
06.08.2003 16:44 <DIR> NormalColor
0 fil(er) 0 byte
Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
06.08.2003 16:45 <DIR> .
06.08.2003 16:45 <DIR> ..
16.09.2002 14:00 362ÿ496 shellstyle.dll
1 fil(er) 362ÿ496 byte
Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
06.08.2003 16:46 <DIR> .
06.08.2003 16:46 <DIR> ..
16.09.2002 14:00 362ÿ496 shellstyle.dll
1 fil(er) 362ÿ496 byte
Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
06.08.2003 16:44 <DIR> .
06.08.2003 16:44 <DIR> ..
16.09.2002 14:00 361ÿ472 shellstyle.dll
1 fil(er) 361ÿ472 byte
Totalt antall filer:
5 fil(er) 1ÿ090ÿ711 byte
17 mappe® 1ÿ130ÿ815ÿ488 byte ledig
And the new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 19:33:30, on 22.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\pctspk.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\MOONS\MPROTECT\PMMODE.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac (http://\"http://www.online.no/proxy.pac\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZPMMode] C:\MOONS\MPROTECT\PMMODE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CFF8CA-A6B0-425C-B019-871DEA59B464}: NameServer = 130.67.15.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CS2\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
Thanks for all your help! You do a great thing for all us novise users.
Gaute
Post by: guestolo on August 22, 2005, 09:42:32 PM
luna.msstyles
Before searching under the Advanced options ensure the top 3 options are selected
Let me know where you find luna.msstyles if you find it and the size of the file
As mentioned, I believe that updating to SP2 will replace a file you need, from what i remember
You should update anyways
SP2 is the latest service pack for Windows
You should visit Windows updates and install the latest service pack
After installation, restart the computer when prompted
Revisit Windows updates and check for any other High Priority updates (Criticals)
Once that is done come back here and let me know how things are running
More info on SP2
Please see these links
http://www.microsoft.com/windowsxp/sp2/topten.mspx (http://\"http://www.microsoft.com/windowsxp/sp2/topten.mspx\")
http://www.microsoft.com/windowsxp/sp2/default.mspx (http://\"http://www.microsoft.com/windowsxp/sp2/default.mspx\")
Post by: askburlefot on August 23, 2005, 10:25:52 AM
Thanks for taking time to help!
My computer didn't find the luna.msstyles, before nor after installation
of SP2. Strange.
And my computer actually seems works slower after the installation.
It feels that it is hanging much more. Strange...
Did my latest HJT log look ok?
Best,
Gaute
Post by: guestolo on August 23, 2005, 07:48:03 PM
trojan.mietglieder.bi
Can you translate it for me please, if that's possible
Could I see a fresh hijackthis log
Could you also double click on find1.bat again and let me see the contents of the text file that opens
Additionally, from my signature below can you run an online virus scan at Panda's
Scan your whole computer
Save the report when it's done and post it back here
Can you let me know what this is related too
Video perhaps?
C:\MOONS\MPROTECT\PMMODE.EXE
Post by: askburlefot on August 26, 2005, 10:26:47 AM
- Can you let me know what this is related too
Video perhaps?
C:\MOONS\MPROTECT\PMMODE.EXE
It's not video. I think it's some kind of network and virus software, it's called Moonscape.
I'll post the Panda report.
Thanks for everything Guestolo!
Here's the find1.bat:
Volumet i stasjon C er uten navn.
Volumserienummeret er 3839-B830
Innhold i C:\WINDOWS\Resources\Themes
06.08.2003 16:45 <DIR> .
06.08.2003 16:45 <DIR> ..
18.08.2005 22:34 <DIR> Luna
16.09.2002 14:00 1ÿ222 Luna.theme
16.09.2002 14:00 3ÿ025 Windows Classic.theme
2 fil(er) 4ÿ247 byte
Innhold i C:\WINDOWS\Resources\Themes\Luna
18.08.2005 22:34 <DIR> .
18.08.2005 22:34 <DIR> ..
06.08.2003 16:44 <DIR> Shell
0 fil(er) 0 byte
Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell
06.08.2003 16:44 <DIR> .
06.08.2003 16:44 <DIR> ..
06.08.2003 16:45 <DIR> Homestead
06.08.2003 16:46 <DIR> Metallic
06.08.2003 16:44 <DIR> NormalColor
0 fil(er) 0 byte
Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
06.08.2003 16:45 <DIR> .
06.08.2003 16:45 <DIR> ..
16.09.2002 14:00 362ÿ496 shellstyle.dll
1 fil(er) 362ÿ496 byte
Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
06.08.2003 16:46 <DIR> .
06.08.2003 16:46 <DIR> ..
16.09.2002 14:00 362ÿ496 shellstyle.dll
1 fil(er) 362ÿ496 byte
Innhold i C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
06.08.2003 16:44 <DIR> .
06.08.2003 16:44 <DIR> ..
16.09.2002 14:00 361ÿ472 shellstyle.dll
1 fil(er) 361ÿ472 byte
Totalt antall filer:
5 fil(er) 1ÿ090ÿ711 byte
17 mappe® 669ÿ212ÿ672 byte ledig
Here's the fresh HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 17:18:22, on 26.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Programfiler\D-Tools\daemon.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\MOONS\MPROTECT\PMMODE.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Telenor\ecc\ecc.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programfiler\Opera\Opera.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac (http://\"http://www.online.no/proxy.pac\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZPMMode] C:\MOONS\MPROTECT\PMMODE.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124801763317 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124801763317\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124807107984 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124807107984\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CFF8CA-A6B0-425C-B019-871DEA59B464}: NameServer = 130.67.15.198
O17 - HKLM\System\CS1\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O17 - HKLM\System\CS2\Services\Tcpip\..\{27FF44F9-988C-475B-B1FD-23287C17E7C0}: NameServer = 130.67.15.198
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
Post by: askburlefot on August 26, 2005, 10:50:47 AM
Just after I finished my latest reply to you I went to Panda's site
to do the online scan. After about 20 seconds the Avast told me that
Panda tried to infect my pc with a worm.
A VIRUS WAS FOUND
http:www.pandasoftware.com/activescan/as5free/motor.cab\...
Malware name: Win32.CTX
Malware type: Virus/ Worm
"Don't worry you haven' t been infected yet, just abort your connection
with the site and the malware download will be cancelled."
The same thing happened when I ran AdAware for the first time in a long time, then the Avast told me the pc was infected by the trojan.mitglieder.bi.
Isn't that strange? Doesn't Avast want me to scan with Panda?
It would be strange if Panda tried to infect my pc....
Any thoughts on this subject?
Should I still try to do a Panda scan, and ignore Avast? What do
you think?
Gaute
Post by: guestolo on August 27, 2005, 06:57:55 PM
It's a false positive Avast is giving you
One of the files that Panda installs is legitimate, but a couple Anti-Virus software peg it as malicious
Believe me it's ok
Here's the file Panda loads on your computer and a multiple scan of that file
I scanned this from my computer
pskavs.dll
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:CTX
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found Sirius.Annihilator.272
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
I suggest that before loading up Panda scan again you temporarily disable Avast until the scan is done
Right click the Avast icon in the system tray beside the clock and then
Stop on access protection
Remember to post the report from Panda's after you have ran it
Post by: askburlefot on September 02, 2005, 02:49:01 PM
Sorry for my delay, been away with the school.
I disabled Avast and ran the Panda online scan.
It said my pc had two dialers and one other malware...(?)
Here's the result:
Incident Status Location
Adware:adware/wupd No disinfected Windows Registry
Dialer:Dialer.OK No disinfected C:\Programfiler\backup-20041015-155745-518.inf
Adware:Adware/WUpd No disinfected C:\Programfiler\backup-20041015-155745-670.inf
Are these dialers perhaps some of the reason that the pc is
a little slow?
Regard's
Gaute
Post by: guestolo on September 02, 2005, 09:16:44 PM
Your last log indicates your didn't install Service Pack 2
Also, you said this
Quote
My computer didn't find the luna.msstyles, before nor after installation
of SP2. Strange.
But your still running Service Pack 1
Can you make sure you have Windows set to show Hidden files and folders
Double check please
Let me know if you can find
Luna.msstyles
Make sure that before you do a search you also look under the Advanced options and check the top 3 entries which include "Search within hidden files and folders"