« previous next »
Pages: [1]

Author Topic: HJT EWIDO logfiles  (Read 524 times)

Offline Law_Me_pl0x

  • Sr. Member
  • ****
  • Posts: 324
  • Karma: +0/-0
    • View Profile
HJT EWIDO logfiles
« on: July 14, 2006, 03:41:07 AM »
I have been having problems with my computer, its been freezing all of the sudden, here is a HiJackThis logfile.


Logfile of HijackThis v1.99.1
Scan saved at 1:07:15 PM, on 1/17/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\Program Files\Common Files\WBKO FAST Alert\TrueWeather.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jason T\Local Settings\Temporary Internet Files\Content.IE5\GT8XCJGF\hijackthis[1].exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\ztftxgs.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system32\mksc.exe -boot
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\RunServices: [Microsoft Update Time] wuam.exe
O4 - HKCU\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: WBKO FAST Alert.lnk = C:\Program Files\Common Files\WBKO FAST Alert\TrueWeather.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jason T\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095256920203
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8C410098-8BA7-4550-A0A4-6959C02FC935} (karCntrlIE Class) - http://karaoke.cokemusic.com//karClientIE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_225/w...OCX/FlashAX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3024.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Dmbpgbac.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Logged


[color=\"gray\"]-----[/color][color=\"red\"]Law_Me_Pl0x [/color][color=\"gray\"]-----[/color]

[color=\"green\"]Trans[/color][color=\"blue\"]actions[/color]

[color=\"red\"]-[/color][color=\"gray\"]-[/color]-----------------------------------------------------------------------------------------------------------------[color=\"gray\"]-[/color][color=\"red\"]-[/color]

[color=\"gray\"]Good transactions[/color][color=\"black\"]:[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 1m from elvis869065------ [color=\"orange\"]Canceled. he gave back money[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 5m from VirGoods----- [color=\"blue\"]Succesful[/color]

[color=\"green\"]WF[/i][/size][/color] Sold level 88 account to Phr34k for 3m----- [color=\"blue\"]Succesful GOOD BUYER

[/color][color=\"green\"]1/2 n 1/2[/i][/size][/color] Sold level 89 account to aaron-hill77 for a tq point card------ [color=\"blue\"]Successful, went great. =][/color]

Sold level 89 main to peacez for 1.5m---- [color=\"blue\"]Succesful great buyer[/color][color=\"darkblue\"] Thanks GTech-warriors for mming :)[/color]

Sold level 75 rune pure to Phr34k for 3.2m---- [color=\"blue\"]Succesful Awsome buyer[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

Bought PBP Pin from Yawningpl0x---- [color=\"blue\"]Succesful Awsome seller[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

[color=\"green\"]Gave free level 50 pure to death_angel07[/color]





Bad Transactions:

[color=\"green\"]WF[/i][/size][/color] Sold lvl 88 to They Call me oWnAgE for 3m------ [color=\"red\"]Scammed, didn't pay. Two weeks later I finally recovered it[/color]

Bought level 60 from c4p5 l0ck------ [color=\"red\"]Scammed 13.1m from me :(. c4p5 has been banned!!!!!!! YAY!!!!!!!!!!!!!!!!!!!!!!![/color]

-----------------------------------------------------------------------------------------------------------------------------

[color=\"green\"]WF[/i][/size][/color]= Went first

:::::::::::::ReSpEcT LiSt:::::::::::::

+i pk st00f- Gave me a s*** load of stuff

+Phr34k- I sold level 88 account to him for 3m, went flawless, Sold him level 75 for 3.2m, flawless as well. GREAT BUYER

+RS Pure[{Gtech Warriors}]- MM'd a trade for me and Phr34k, went flawless. ++RECOMMENDED

+Death_angel07- MM'd a trade, and a really cool guy

:::::::::::::TrusteD MM's:::::::::::::

+RS Pure[{Gtech Warriors}]- ++Recommended, MM'd my level 75 account for 3.2m.

+++death_angel07- +++Recommended, MM'd a trade of 7m for a pure, I gave a 430k tip + a free account.



NAMES:

Law_Me_Pl0x- Moparisthebest.org/forums





I vouch for:

i pk st00f

phr34k

RS Pure

Death_angel07



People who vouch for me:

death_angel07 (http://www.thetechguide.com/forum/index.php?showtopic=81248&hl=law_me_pl0x)

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
HJT EWIDO logfiles
« Reply #1 on: July 14, 2006, 09:12:34 AM »
Hi Law_Me_pl0x
You do have a few problems in your Hijackthis log

Can I have you do the following please
Redownload Hijackthis from my Signature below and save it too a permanent folder of it's own on your harddrive
ONLY run Hijackthis from this new location please

After that, download the following tools
==Download and install Windows CleanUp! 4.5.2
Don't run a scan yet

CleanUp! attempts to delete files from various temporary directories (including download directories/caches),
as well as emptying the Recycle Bins.
If you make a habit of saving files that you wish to keep in any of these places,  they will be deleted when CleanUp! is run.
Please move them too a different location before we run this tool if the above is true
Note: It is generally considered poor practice to use temporary folders or the Recycle Bin to store files you intend to keep.

Please download, install, and update  Ewido anti-spyware[list=1]
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close Ewido. Do not run it yet.
Print the remainder of these instructions and/or save them to a text file on desktop for reference

Access your add/remove programs and remove all the following if you can and if found
Relevant Knowledge
MyWebSearch <or similiar
I don't recommend using eAcceleration Stop-Sign
Remove it also if found in add/remove
It has been know to find false positives
See this link
http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note

Also, remove any older updates or versions of Java
This includes
J2SE Runtime Environment 5.0 Update 4
We'll update this in a bit

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Once in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer
NOTE: The first time you run CleanUp! it may prompt to run in Demonstration mode
Deny this, we want to run the actual cleanup!!

==Double click to run Stinger.exe
Let it run a scan and remove whatever it finds

Ewido Scan
  • Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan.  This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).
Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\ztftxgs.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OSS] c:\windows\system32\mksc.exe -boot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\RunServices: [Microsoft Update Time] wuam.exe
O4 - HKCU\..\Run: [Microsoft Update Time] wuam.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYUS
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jason T\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_225/w...OCX/FlashAX.cab
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Dmbpgbac.dll (file missing)


After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode
Back in Windows

Use the following link
http://www.java.com/en/download/manual.jsp
Download and save to desktop the Windows OFFLINE installer
for the latest version of Java
Double click and follow the prompts to install
After installation, go ahead and delete the installer from desktop

Post back the following please
1. Run Hijackthis again and post back a fresh log
2. Post the whole report from Ewido's
« Last Edit: July 14, 2006, 09:16:03 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Law_Me_pl0x

  • Sr. Member
  • ****
  • Posts: 324
  • Karma: +0/-0
    • View Profile
HJT EWIDO logfiles
« Reply #2 on: July 14, 2006, 09:17:24 PM »
Thanks, im going to do this now.... Whats Stinger.exe?
Logged


[color=\"gray\"]-----[/color][color=\"red\"]Law_Me_Pl0x [/color][color=\"gray\"]-----[/color]

[color=\"green\"]Trans[/color][color=\"blue\"]actions[/color]

[color=\"red\"]-[/color][color=\"gray\"]-[/color]-----------------------------------------------------------------------------------------------------------------[color=\"gray\"]-[/color][color=\"red\"]-[/color]

[color=\"gray\"]Good transactions[/color][color=\"black\"]:[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 1m from elvis869065------ [color=\"orange\"]Canceled. he gave back money[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 5m from VirGoods----- [color=\"blue\"]Succesful[/color]

[color=\"green\"]WF[/i][/size][/color] Sold level 88 account to Phr34k for 3m----- [color=\"blue\"]Succesful GOOD BUYER

[/color][color=\"green\"]1/2 n 1/2[/i][/size][/color] Sold level 89 account to aaron-hill77 for a tq point card------ [color=\"blue\"]Successful, went great. =][/color]

Sold level 89 main to peacez for 1.5m---- [color=\"blue\"]Succesful great buyer[/color][color=\"darkblue\"] Thanks GTech-warriors for mming :)[/color]

Sold level 75 rune pure to Phr34k for 3.2m---- [color=\"blue\"]Succesful Awsome buyer[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

Bought PBP Pin from Yawningpl0x---- [color=\"blue\"]Succesful Awsome seller[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

[color=\"green\"]Gave free level 50 pure to death_angel07[/color]





Bad Transactions:

[color=\"green\"]WF[/i][/size][/color] Sold lvl 88 to They Call me oWnAgE for 3m------ [color=\"red\"]Scammed, didn't pay. Two weeks later I finally recovered it[/color]

Bought level 60 from c4p5 l0ck------ [color=\"red\"]Scammed 13.1m from me :(. c4p5 has been banned!!!!!!! YAY!!!!!!!!!!!!!!!!!!!!!!![/color]

-----------------------------------------------------------------------------------------------------------------------------

[color=\"green\"]WF[/i][/size][/color]= Went first

:::::::::::::ReSpEcT LiSt:::::::::::::

+i pk st00f- Gave me a s*** load of stuff

+Phr34k- I sold level 88 account to him for 3m, went flawless, Sold him level 75 for 3.2m, flawless as well. GREAT BUYER

+RS Pure[{Gtech Warriors}]- MM'd a trade for me and Phr34k, went flawless. ++RECOMMENDED

+Death_angel07- MM'd a trade, and a really cool guy

:::::::::::::TrusteD MM's:::::::::::::

+RS Pure[{Gtech Warriors}]- ++Recommended, MM'd my level 75 account for 3.2m.

+++death_angel07- +++Recommended, MM'd a trade of 7m for a pure, I gave a 430k tip + a free account.



NAMES:

Law_Me_Pl0x- Moparisthebest.org/forums





I vouch for:

i pk st00f

phr34k

RS Pure

Death_angel07



People who vouch for me:

death_angel07 (http://www.thetechguide.com/forum/index.php?showtopic=81248&hl=law_me_pl0x)

Offline Edward

  • Full Member
  • ***
  • Posts: 177
  • Karma: +0/-0
    • View Profile
HJT EWIDO logfiles
« Reply #3 on: July 14, 2006, 10:28:27 PM »
i believe there definitions for mcafee..
Logged
Don't try and scam me please.

Level 121 for Sale.





Success

Sold level 121 to Mr.Cooldude -- Highly Trusted and Recommended!!

Offline Law_Me_pl0x

  • Sr. Member
  • ****
  • Posts: 324
  • Karma: +0/-0
    • View Profile
HJT EWIDO logfiles
« Reply #4 on: July 14, 2006, 10:37:38 PM »
I dont have McAfee... I have Norton.
Logged


[color=\"gray\"]-----[/color][color=\"red\"]Law_Me_Pl0x [/color][color=\"gray\"]-----[/color]

[color=\"green\"]Trans[/color][color=\"blue\"]actions[/color]

[color=\"red\"]-[/color][color=\"gray\"]-[/color]-----------------------------------------------------------------------------------------------------------------[color=\"gray\"]-[/color][color=\"red\"]-[/color]

[color=\"gray\"]Good transactions[/color][color=\"black\"]:[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 1m from elvis869065------ [color=\"orange\"]Canceled. he gave back money[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 5m from VirGoods----- [color=\"blue\"]Succesful[/color]

[color=\"green\"]WF[/i][/size][/color] Sold level 88 account to Phr34k for 3m----- [color=\"blue\"]Succesful GOOD BUYER

[/color][color=\"green\"]1/2 n 1/2[/i][/size][/color] Sold level 89 account to aaron-hill77 for a tq point card------ [color=\"blue\"]Successful, went great. =][/color]

Sold level 89 main to peacez for 1.5m---- [color=\"blue\"]Succesful great buyer[/color][color=\"darkblue\"] Thanks GTech-warriors for mming :)[/color]

Sold level 75 rune pure to Phr34k for 3.2m---- [color=\"blue\"]Succesful Awsome buyer[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

Bought PBP Pin from Yawningpl0x---- [color=\"blue\"]Succesful Awsome seller[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

[color=\"green\"]Gave free level 50 pure to death_angel07[/color]





Bad Transactions:

[color=\"green\"]WF[/i][/size][/color] Sold lvl 88 to They Call me oWnAgE for 3m------ [color=\"red\"]Scammed, didn't pay. Two weeks later I finally recovered it[/color]

Bought level 60 from c4p5 l0ck------ [color=\"red\"]Scammed 13.1m from me :(. c4p5 has been banned!!!!!!! YAY!!!!!!!!!!!!!!!!!!!!!!![/color]

-----------------------------------------------------------------------------------------------------------------------------

[color=\"green\"]WF[/i][/size][/color]= Went first

:::::::::::::ReSpEcT LiSt:::::::::::::

+i pk st00f- Gave me a s*** load of stuff

+Phr34k- I sold level 88 account to him for 3m, went flawless, Sold him level 75 for 3.2m, flawless as well. GREAT BUYER

+RS Pure[{Gtech Warriors}]- MM'd a trade for me and Phr34k, went flawless. ++RECOMMENDED

+Death_angel07- MM'd a trade, and a really cool guy

:::::::::::::TrusteD MM's:::::::::::::

+RS Pure[{Gtech Warriors}]- ++Recommended, MM'd my level 75 account for 3.2m.

+++death_angel07- +++Recommended, MM'd a trade of 7m for a pure, I gave a 430k tip + a free account.



NAMES:

Law_Me_Pl0x- Moparisthebest.org/forums





I vouch for:

i pk st00f

phr34k

RS Pure

Death_angel07



People who vouch for me:

death_angel07 (http://www.thetechguide.com/forum/index.php?showtopic=81248&hl=law_me_pl0x)

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
HJT EWIDO logfiles
« Reply #5 on: July 14, 2006, 11:24:41 PM »
Sorry, I forgot to add the link
Download and save this too your desktop

Stinger.exe from here

Then follow all my above instructions I posted earlier
Don't miss a step please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Law_Me_pl0x

  • Sr. Member
  • ****
  • Posts: 324
  • Karma: +0/-0
    • View Profile
HJT EWIDO logfiles
« Reply #6 on: July 14, 2006, 11:50:25 PM »
I've already did it.... Im just now downloading Java, and Im getting ready to post my HJT and Ewido log.... is this going to hurt my pc because I didn't use stinger...?
Logged


[color=\"gray\"]-----[/color][color=\"red\"]Law_Me_Pl0x [/color][color=\"gray\"]-----[/color]

[color=\"green\"]Trans[/color][color=\"blue\"]actions[/color]

[color=\"red\"]-[/color][color=\"gray\"]-[/color]-----------------------------------------------------------------------------------------------------------------[color=\"gray\"]-[/color][color=\"red\"]-[/color]

[color=\"gray\"]Good transactions[/color][color=\"black\"]:[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 1m from elvis869065------ [color=\"orange\"]Canceled. he gave back money[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 5m from VirGoods----- [color=\"blue\"]Succesful[/color]

[color=\"green\"]WF[/i][/size][/color] Sold level 88 account to Phr34k for 3m----- [color=\"blue\"]Succesful GOOD BUYER

[/color][color=\"green\"]1/2 n 1/2[/i][/size][/color] Sold level 89 account to aaron-hill77 for a tq point card------ [color=\"blue\"]Successful, went great. =][/color]

Sold level 89 main to peacez for 1.5m---- [color=\"blue\"]Succesful great buyer[/color][color=\"darkblue\"] Thanks GTech-warriors for mming :)[/color]

Sold level 75 rune pure to Phr34k for 3.2m---- [color=\"blue\"]Succesful Awsome buyer[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

Bought PBP Pin from Yawningpl0x---- [color=\"blue\"]Succesful Awsome seller[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

[color=\"green\"]Gave free level 50 pure to death_angel07[/color]





Bad Transactions:

[color=\"green\"]WF[/i][/size][/color] Sold lvl 88 to They Call me oWnAgE for 3m------ [color=\"red\"]Scammed, didn't pay. Two weeks later I finally recovered it[/color]

Bought level 60 from c4p5 l0ck------ [color=\"red\"]Scammed 13.1m from me :(. c4p5 has been banned!!!!!!! YAY!!!!!!!!!!!!!!!!!!!!!!![/color]

-----------------------------------------------------------------------------------------------------------------------------

[color=\"green\"]WF[/i][/size][/color]= Went first

:::::::::::::ReSpEcT LiSt:::::::::::::

+i pk st00f- Gave me a s*** load of stuff

+Phr34k- I sold level 88 account to him for 3m, went flawless, Sold him level 75 for 3.2m, flawless as well. GREAT BUYER

+RS Pure[{Gtech Warriors}]- MM'd a trade for me and Phr34k, went flawless. ++RECOMMENDED

+Death_angel07- MM'd a trade, and a really cool guy

:::::::::::::TrusteD MM's:::::::::::::

+RS Pure[{Gtech Warriors}]- ++Recommended, MM'd my level 75 account for 3.2m.

+++death_angel07- +++Recommended, MM'd a trade of 7m for a pure, I gave a 430k tip + a free account.



NAMES:

Law_Me_Pl0x- Moparisthebest.org/forums





I vouch for:

i pk st00f

phr34k

RS Pure

Death_angel07



People who vouch for me:

death_angel07 (http://www.thetechguide.com/forum/index.php?showtopic=81248&hl=law_me_pl0x)

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
HJT EWIDO logfiles
« Reply #7 on: July 14, 2006, 11:52:30 PM »
No, It won't hurt your PC
But please download Stinger.exe
Take the time to reboot back to safe mode and run the scanner

Post back all logs later I asked for, don't omit Anything
Also Include the log from stinger if supplied
« Last Edit: July 14, 2006, 11:53:08 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Law_Me_pl0x

  • Sr. Member
  • ****
  • Posts: 324
  • Karma: +0/-0
    • View Profile
HJT EWIDO logfiles
« Reply #8 on: July 14, 2006, 11:55:57 PM »
Ok, SO I need to reboot back into safe mode, run stinger, save logfile, post ewido hjt and stinger logfile here.


PS
Thanks, ewido took of 22 infections, mainly Adware infections.

Edit: it says this version of stinger is outdated.. But I'll still run a scan, just letting you know.
« Last Edit: July 14, 2006, 11:57:30 PM by Law_Me_pl0x »
Logged


[color=\"gray\"]-----[/color][color=\"red\"]Law_Me_Pl0x [/color][color=\"gray\"]-----[/color]

[color=\"green\"]Trans[/color][color=\"blue\"]actions[/color]

[color=\"red\"]-[/color][color=\"gray\"]-[/color]-----------------------------------------------------------------------------------------------------------------[color=\"gray\"]-[/color][color=\"red\"]-[/color]

[color=\"gray\"]Good transactions[/color][color=\"black\"]:[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 1m from elvis869065------ [color=\"orange\"]Canceled. he gave back money[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 5m from VirGoods----- [color=\"blue\"]Succesful[/color]

[color=\"green\"]WF[/i][/size][/color] Sold level 88 account to Phr34k for 3m----- [color=\"blue\"]Succesful GOOD BUYER

[/color][color=\"green\"]1/2 n 1/2[/i][/size][/color] Sold level 89 account to aaron-hill77 for a tq point card------ [color=\"blue\"]Successful, went great. =][/color]

Sold level 89 main to peacez for 1.5m---- [color=\"blue\"]Succesful great buyer[/color][color=\"darkblue\"] Thanks GTech-warriors for mming :)[/color]

Sold level 75 rune pure to Phr34k for 3.2m---- [color=\"blue\"]Succesful Awsome buyer[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

Bought PBP Pin from Yawningpl0x---- [color=\"blue\"]Succesful Awsome seller[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

[color=\"green\"]Gave free level 50 pure to death_angel07[/color]





Bad Transactions:

[color=\"green\"]WF[/i][/size][/color] Sold lvl 88 to They Call me oWnAgE for 3m------ [color=\"red\"]Scammed, didn't pay. Two weeks later I finally recovered it[/color]

Bought level 60 from c4p5 l0ck------ [color=\"red\"]Scammed 13.1m from me :(. c4p5 has been banned!!!!!!! YAY!!!!!!!!!!!!!!!!!!!!!!![/color]

-----------------------------------------------------------------------------------------------------------------------------

[color=\"green\"]WF[/i][/size][/color]= Went first

:::::::::::::ReSpEcT LiSt:::::::::::::

+i pk st00f- Gave me a s*** load of stuff

+Phr34k- I sold level 88 account to him for 3m, went flawless, Sold him level 75 for 3.2m, flawless as well. GREAT BUYER

+RS Pure[{Gtech Warriors}]- MM'd a trade for me and Phr34k, went flawless. ++RECOMMENDED

+Death_angel07- MM'd a trade, and a really cool guy

:::::::::::::TrusteD MM's:::::::::::::

+RS Pure[{Gtech Warriors}]- ++Recommended, MM'd my level 75 account for 3.2m.

+++death_angel07- +++Recommended, MM'd a trade of 7m for a pure, I gave a 430k tip + a free account.



NAMES:

Law_Me_Pl0x- Moparisthebest.org/forums





I vouch for:

i pk st00f

phr34k

RS Pure

Death_angel07



People who vouch for me:

death_angel07 (http://www.thetechguide.com/forum/index.php?showtopic=81248&hl=law_me_pl0x)

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
HJT EWIDO logfiles
« Reply #9 on: July 15, 2006, 12:01:59 AM »
Quote
Ok, SO I need to reboot back into safe mode, run stinger, save logfile, post ewido hjt and stinger logfile here.

You need to reboot to Safe mode and run Stinger and allow to fix whatever it finds

Since you already ran Ewido and CleanUp!

Reboot back to Normal mode after running Stinger

Post a new hijackthis log>>Stinger report if supplied
Ewido report

Make sure you are using the latest version of Stinger
http://download.nai.com/products/mcafee-avert/stng260.exe
« Last Edit: July 15, 2006, 12:00:12 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Law_Me_pl0x

  • Sr. Member
  • ****
  • Posts: 324
  • Karma: +0/-0
    • View Profile
HJT EWIDO logfiles
« Reply #10 on: July 15, 2006, 12:45:24 AM »
Ok, all stinger said was that I had 106k clean files..


HJT-

Logfile of HijackThis v1.99.1
Scan saved at 10:09:38 AM, on 1/18/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\WBKO FAST Alert\TrueWeather.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Jason T\Desktop\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ShowIcon_The Company_CRW Series Driver v1.17r023] "C:\Program Files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.17r023"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: WBKO FAST Alert.lnk = C:\Program Files\Common Files\WBKO FAST Alert\TrueWeather.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/Install...ive/HS_live.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095256920203
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8C410098-8BA7-4550-A0A4-6959C02FC935} (karCntrlIE Class) - http://karaoke.cokemusic.com//karClientIE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3024.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


EWIDO-

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:   8:58:33 AM 1/18/2002

 + Scan result:   



C:\WINDOWS\Titan Poker setup.exe -> Adware.Casino : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N0XFEXQQ\v2cab[1].cab/v2.dll -> Adware.EliteBar : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Application Data\Starware\MasterOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Application Data\Starware\ProductOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Application Data\Starware\ToolbarOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Application Data\Starware\shared_weather.xml -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\OriginalAutoSearch -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\OriginalAutoSearch -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).


::Report end
Logged


[color=\"gray\"]-----[/color][color=\"red\"]Law_Me_Pl0x [/color][color=\"gray\"]-----[/color]

[color=\"green\"]Trans[/color][color=\"blue\"]actions[/color]

[color=\"red\"]-[/color][color=\"gray\"]-[/color]-----------------------------------------------------------------------------------------------------------------[color=\"gray\"]-[/color][color=\"red\"]-[/color]

[color=\"gray\"]Good transactions[/color][color=\"black\"]:[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 1m from elvis869065------ [color=\"orange\"]Canceled. he gave back money[/color]

[color=\"green\"]WF[/i][/size][/color] Bought 5m from VirGoods----- [color=\"blue\"]Succesful[/color]

[color=\"green\"]WF[/i][/size][/color] Sold level 88 account to Phr34k for 3m----- [color=\"blue\"]Succesful GOOD BUYER

[/color][color=\"green\"]1/2 n 1/2[/i][/size][/color] Sold level 89 account to aaron-hill77 for a tq point card------ [color=\"blue\"]Successful, went great. =][/color]

Sold level 89 main to peacez for 1.5m---- [color=\"blue\"]Succesful great buyer[/color][color=\"darkblue\"] Thanks GTech-warriors for mming :)[/color]

Sold level 75 rune pure to Phr34k for 3.2m---- [color=\"blue\"]Succesful Awsome buyer[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

Bought PBP Pin from Yawningpl0x---- [color=\"blue\"]Succesful Awsome seller[/color][color=\"darkblue\"] THANKS RS PURE FOR MM'ING!!![/color]

[color=\"green\"]Gave free level 50 pure to death_angel07[/color]





Bad Transactions:

[color=\"green\"]WF[/i][/size][/color] Sold lvl 88 to They Call me oWnAgE for 3m------ [color=\"red\"]Scammed, didn't pay. Two weeks later I finally recovered it[/color]

Bought level 60 from c4p5 l0ck------ [color=\"red\"]Scammed 13.1m from me :(. c4p5 has been banned!!!!!!! YAY!!!!!!!!!!!!!!!!!!!!!!![/color]

-----------------------------------------------------------------------------------------------------------------------------

[color=\"green\"]WF[/i][/size][/color]= Went first

:::::::::::::ReSpEcT LiSt:::::::::::::

+i pk st00f- Gave me a s*** load of stuff

+Phr34k- I sold level 88 account to him for 3m, went flawless, Sold him level 75 for 3.2m, flawless as well. GREAT BUYER

+RS Pure[{Gtech Warriors}]- MM'd a trade for me and Phr34k, went flawless. ++RECOMMENDED

+Death_angel07- MM'd a trade, and a really cool guy

:::::::::::::TrusteD MM's:::::::::::::

+RS Pure[{Gtech Warriors}]- ++Recommended, MM'd my level 75 account for 3.2m.

+++death_angel07- +++Recommended, MM'd a trade of 7m for a pure, I gave a 430k tip + a free account.



NAMES:

Law_Me_Pl0x- Moparisthebest.org/forums





I vouch for:

i pk st00f

phr34k

RS Pure

Death_angel07



People who vouch for me:

death_angel07 (http://www.thetechguide.com/forum/index.php?showtopic=81248&hl=law_me_pl0x)

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
HJT EWIDO logfiles
« Reply #11 on: July 15, 2006, 08:59:46 PM »
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents please

Can you keep ALL responses posted back to this thread please until we are done, thanks
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
HJT EWIDO logfiles
« Reply #12 on: July 30, 2006, 09:56:02 AM »
Since the topic starter has not returned, this topic is now locked
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »