[solved]Laptop problems

Discussion in 'adware, spyware & hijack cleaning' started by owens, Jun 30, 2004.

Thread Status:
Not open for further replies.
  1. owens

    owens Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    11
    Location:
    Belfast
    I really would appreciate any help. There are several things happening to my laptop that i cant work out
    1. My home page keeps on being redirected to about: blank
    2. I have a trojan horse BackDoor.Agent.BA located in C:\WINDOWS\system32\logpe.dll which my antivirus (either sophos or AVG, both up to date) cannot remove.
    3. I keep on getting spyware pop up ads
    4. The operational speed of my computer has dramatically slowed down with all this occurring...this has all happened over the weekend when i switched to broadband (NTL, wireless, Actiontec)

    I have ran the usual, spyware S+ D, spyblaster, CWS shredder and ad-aware 6 which have detected the usual, but it still hasnt helped. My firewall is Zonelabs, also up to date and in keeping with advice posted on previous boards, I am up to date for windows update. Can anyone help?

    Here is my Hijack this log

    Logfile of HijackThis v1.97.7
    Scan saved at 17:38:05, on 30/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\DVDRAMSV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\System32\AEIWLSTA.EXE
    C:\WINDOWS\System32\SCVHOST.EXE
    C:\Program Files\DSB\DSB.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\System32\ethn.exe
    C:\WINDOWS\System32\_866c.exe
    C:\Program Files\Grisoft\AVG6\avgw.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Colum Owens\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\COLUMO~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\COLUMO~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\COLUMO~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\COLUMO~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\COLUMO~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\COLUMO~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {5293CA1B-D063-DD22-105D-A4A89E47B36F} - C:\WINDOWS\System32\ylhnzlyq.dll
    O2 - BHO: (no name) - {6299A290-2E77-427E-B0CA-223804591FB8} - C:\WINDOWS\System32\llobl.dll
    O2 - BHO: (no name) - {7AD7B6A8-1212-31B4-97BE-C33B1EC80A9F} - C:\WINDOWS\System32\fqagfezm.dll
    O2 - BHO: (no name) - {D83D5792-DF75-0A2F-ADDD-2EACED90E32A} - C:\WINDOWS\System32\dscegceq.dll
    O2 - BHO: (no name) - {DA687647-BCD0-F9D2-0828-44097EDDA764} - C:\WINDOWS\System32\yrumblel.dll (file missing)
    O2 - BHO: (no name) - {E03A5D5E-7B5F-59B9-387B-CFB01EF74F70} - C:\WINDOWS\System32\tpyiaqze.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
    O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\System32\SCVHOST.EXE
    O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\System32\REGCPM32.EXE
    O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ethn] C:\WINDOWS\System32\ethn.exe
    O4 - HKLM\..\Run: [_866c] C:\WINDOWS\System32\_866c.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk
    O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} (IEplugin Class) - http://www.mrketing.biz/IE_plugin.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1075847847738
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38023.6312962963
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab

    Cheers,

    Colum, v junior member o_O
     
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Laptop problems

    Hi owens

    First update or download CWShredder to version 1.59.1
    CWShredder (http://www.spywareinfoforum.com/~merijn/files/CWShredder.exe)
    Use the Fix button and follow the instructions you will receive.

    Download Ad-aware from here: http://www.computercops.biz/downloads-file-292.html
    Install by double-clicking on the downloaded file.
    After installing but before running, update Ad-aware by using its Globe icon.
    After updating, shutdown and restart Ad-aware.
    Ad-aware is ready to scan and clean your system following these steps:

    Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
    "Unload recognized processes during scanning."
    Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    "Let Windows remove files in use after reboot."
    Press "Scan Now"
    Check option "Use Custom scanning options"
    Check option "Activate In-Depth Scan"
    Press "Select drives\folders to scan"
    Select the active partition which is usually C:
    Press "Next" to let Ad-aware scan your drives...
    If it finds "bad" files and registry keys, press "Next" again
    Right-click in that pane and choose "select all"
    Press "next"
    When it asks to remove all checked items, Press "OK"
    Close Ad-aware, reboot your system and go on to Step 2 below.


    Spybot S&D
    The download for Spybot S&D is available here: http://www.computercops.biz/downloads-file-108.html

    Install by double-clicking on the downloaded file.
    Run Spybot S&D from desktop icon or Start menu.
    Press "Search for updates" button to get list of updates available.
    Press "Download updates" button.
    Close all IE windows and close & restart Spybot S&D.
    Press "Check for problems" button.
    Have SpyBot remove all it marks in red by pressing "Fix selected problems".

    Close Spybot S&D, reboot your system .

    Empty your Temporary Internet Files and history in Internet Options. And clean out your
    %Userprofile%\Local Settings\Temp
    folder. It's a good idea to do that regularly.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Pls. post another log.
     
  3. owens

    owens Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    11
    Location:
    Belfast
    Re: Laptop problems

    Have done that...did it before but didnt disable system restore...now i have this errormessage " nview.dll dynamic link library initialisation failed. And I am still being alerted about the virus...still cannot remove from infected files..on the plus side my home page is sorted...THANKS

    Logfile of HijackThis v1.97.7
    Scan saved at 19:55:42, on 30/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\DVDRAMSV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\System32\AEIWLSTA.EXE
    C:\WINDOWS\System32\SCVHOST.EXE
    C:\Program Files\DSB\DSB.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\System32\pg2spltm.exe
    C:\WINDOWS\System32\bdbasew.exe
    C:\Documents and Settings\Colum Owens\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
    O2 - BHO: (no name) - {5293CA1B-D063-DD22-105D-A4A89E47B36F} - C:\WINDOWS\System32\ylhnzlyq.dll
    O2 - BHO: (no name) - {7AD7B6A8-1212-31B4-97BE-C33B1EC80A9F} - C:\WINDOWS\System32\fqagfezm.dll
    O2 - BHO: (no name) - {D83D5792-DF75-0A2F-ADDD-2EACED90E32A} - C:\WINDOWS\System32\dscegceq.dll
    O2 - BHO: (no name) - {DA687647-BCD0-F9D2-0828-44097EDDA764} - C:\WINDOWS\System32\yrumblel.dll (file missing)
    O2 - BHO: (no name) - {E03A5D5E-7B5F-59B9-387B-CFB01EF74F70} - C:\WINDOWS\System32\tpyiaqze.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
    O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\System32\SCVHOST.EXE
    O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\System32\REGCPM32.EXE
    O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [bdbasew] C:\WINDOWS\System32\bdbasew.exe
    O4 - HKLM\..\Run: [pg2spltm] C:\WINDOWS\System32\pg2spltm.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk
    O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} (IEplugin Class) - http://www.mrketing.biz/IE_plugin.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1075847847738
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38023.6312962963
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab

    colum
     
  4. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Laptop problems

    Hi owens,

    Have done that...did it before but didnt disable system restore...now i have this errormessage " nview.dll dynamic link library initialisation failed. And I am still being alerted about the virus...still cannot remove from infected files.

    NO surprise to me :mad:

    Pls. Save HJT in a convenient permanent folder such as C:\HJT\ as it will make backups and you want them in the same folder.

    Check the following items in Hijackthis - close ALL browsers\windows except Hijackthis and click "Fix checked":

    C:\Program Files\BroadJump\Client Foundation\CFD.exe

    C:\Program Files\DSB\DSB.exe <--- Adware.EnergyPlugin
    http://sarc.com/avcenter/venc/data/adware.energyplugin.html

    C:\WINDOWS\System32\pg2spltm.exe

    C:\WINDOWS\System32\bdbasew.exe

    O2 - BHO: (no name) - {5293CA1B-D063-DD22-105D-A4A89E47B36F} - C:\WINDOWS\System32\ylhnzlyq.dll
    O2 - BHO: (no name) - {7AD7B6A8-1212-31B4-97BE-C33B1EC80A9F} - C:\WINDOWS\System32\fqagfezm.dll
    O2 - BHO: (no name) - {D83D5792-DF75-0A2F-ADDD-2EACED90E32A} - C:\WINDOWS\System32\dscegceq.dll
    O2 - BHO: (no name) - {DA687647-BCD0-F9D2-0828-44097EDDA764} - C:\WINDOWS\System32\yrumblel.dll (file missing)
    O2 - BHO: (no name) - {E03A5D5E-7B5F-59B9-387B-CFB01EF74F70} - C:\WINDOWS\System32\tpyiaqze.dll (file missing)

    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

    O4 - HKLM\..\Run: [MSStartOptimizer] C:\WINDOWS\System32\SCVHOST.EXE

    O4 - HKLM\..\Run: [RegCompres] C:\WINDOWS\System32\REGCPM32.EXE < ---
    TROJ_DASMIN.B

    O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe

    O4 - HKLM\..\Run: [bdbasew] C:\WINDOWS\System32\bdbasew.exe
    O4 - HKLM\..\Run: [pg2spltm] C:\WINDOWS\System32\pg2spltm.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE <--optional

    O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} (IEplugin Class) - http://www.mrketing.biz/IE_plugin.cab


    NOTE....even in safe mode you may have to open taskmanager and end task on some of them before you can delete them.

    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following files\folders IF still present:

    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\DSB
    C:\WINDOWS\System32\pg2spltm.exe
    C:\WINDOWS\System32\bdbasew.exe
    C:\WINDOWS\System32\SCVHOST.EXE
    C:\WINDOWS\System32\REGCPM32.EXE

    Then reboot and use AdAware as described here:
    https://www.wilderssecurity.com/showthread.php?t=15913

    Go here and get one of the free trials of an Anti Trojan and scan for Trojans.
    http://www.wilders.org/anti_trojans.htm

    Go for free online Virus scans here:

    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.pandasoftware.com/activescan/

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

    Then use the Disk Cleanup Utility to empty all your Temp folders.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Pls. post another log.
     
  5. owens

    owens Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    11
    Location:
    Belfast
    Re: Laptop problems

    Hi. Thanks for all your help..I did everything instructed...IE home page working fine now and internet anti-virus scan picked up 7 extra viruses! Here is my latest hijackthis log file. SVC host.exe is still there. Should i just delete again? I have tried deleteing them in task manager in safe mode as instructed.

    Thanks

    Colum :-*

    Logfile of HijackThis v1.97.7
    Scan saved at 12:03:29, on 01/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\DVDRAMSV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\AEIWLSTA.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\System32\dvapi32a.exe
    C:\WINDOWS\System32\sxml2rm.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    C:\HJT\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [dvapi32a] C:\WINDOWS\System32\dvapi32a.exe
    O4 - HKLM\..\Run: [sxml2rm] C:\WINDOWS\System32\sxml2rm.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk
    O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1075847847738
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38023.6312962963
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
     
  6. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Laptop problems

    HI owens

    hmm..... 2 "strange things" in there:

    Could you pls. have a look if these are known to you?

    C:\WINDOWS\System32\dvapi32a.exe
    O4 - HKLM\..\Run: [dvapi32a] C:\WINDOWS\System32\dvapi32a.exe

    and

    C:\WINDOWS\System32\sxml2rm.exe
    O4 - HKLM\..\Run: [sxml2rm] C:\WINDOWS\System32\sxml2rm.exe

    Can't find anything :(

    Maybe you could also check these with :
    http://www.kaspersky.com/remoteviruschk.html
     
  7. owens

    owens Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    11
    Location:
    Belfast
    Re: Laptop problems

    Sorry about the delay in replying:working nites.

    Anyway checked the above and both ere virus and have removed. I have also taken AVG virus scanner off my computer as I suspect it is doing more harm than good part re Trojan Backdoor virus which i still cannot remove. Still being redirected to abour : blank page and suspect it is this Trojan. Here is my HJT log.

    gfile of HijackThis v1.97.7
    Scan saved at 13:40:51, on 05/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\DVDRAMSV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\AEIWLSTA.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\iedbv.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\System32\iadvc.exe
    C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    C:\WINDOWS\system32\RAMASST.exe
    C:\Documents and Settings\Colum Owens\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
    O2 - BHO: (no name) - {319A6F50-7275-4199-992B-C14CAEBCFE9F} - C:\WINDOWS\System32\hkfnapa.dll (file missing)
    O2 - BHO: (no name) - {3DA0345A-EE3F-2D9F-D153-6C550FA52E10} - C:\WINDOWS\System32\noqoej.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [iadvc] C:\WINDOWS\System32\iadvc.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Cald] C:\Documents and Settings\Colum Owens\Application Data\tiud.exe
    O4 - HKCU\..\Run: [Pfj] C:\WINDOWS\System32\iedbv.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk
    O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1075847847738
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - http://www.jasons-toolbox.com/BrowserSecurity/ActiveXTester/ActiveXTester.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38023.6312962963
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab

    Thanks

    Colum
     
  8. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Laptop problems

    Hi Colum

    still more in there :(

    First move hijackthis from the temporary directory. Right click on your desktop and select New>Folder. Name the folder hijackthis. Then move hijackthis.exe into the new folder.

    check the following items in HijackThis - close ALL windows\browsers except HIjackThis and click "Fix checked":

    O2 - BHO: (no name) - {319A6F50-7275-4199-992B-C14CAEBCFE9F} - C:\WINDOWS\System32\hkfnapa.dll (file missing)
    O2 - BHO: (no name) - {3DA0345A-EE3F-2D9F-D153-6C550FA52E10} - C:\WINDOWS\System32\noqoej.dll

    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [iadvc] C:\WINDOWS\System32\iadvc.exe

    O4 - HKCU\..\Run: [Cald] C:\Documents and Settings\Colum Owens\Application Data\tiud.exe

    O4 - HKCU\..\Run: [Pfj] C:\WINDOWS\System32\iedbv.exe

    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

    NOTE....even in safe mode you may have to open taskmanager and end task on some of them before you can delete them.


    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following files\folders IF still present:

    C:\WINDOWS\Downloaded Program Files\bridge.dll
    C:\WINDOWS\System32\iadvc.exe
    O4 - HKCU\..\Run: [Cald] C:\Documents and Settings\Colum Owens\Application Data\tiud.exe
    C:\WINDOWS\System32\iedbv.exe

    Then reboot and use AdAware as described :
    HERE

    Empty your Temporary Internet Files and history in Internet Options. And clean out your
    %Userprofile%\Local Settings\Temp
    folder.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Still problems?
     
  9. owens

    owens Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    11
    Location:
    Belfast
    Re: Laptop problems

    Hi,

    Once again thanks for your help. Have done everything you asked. Before this, updated sophos, ran IDE in safe command mode (found another Trojan) and have performed two online scans (panda etc). Have removed those files in HJT.

    Here is my log. Thanks again.

    gfile of HijackThis v1.97.7
    Scan saved at 19:14:55, on 06/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\DVDRAMSV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
    C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\AEIWLSTA.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    C:\WINDOWS\system32\RAMASST.exe
    C:\Documents and Settings\Colum Owens\Desktop\Hijackthis\HijackThis.exe

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk
    O16 - DPF: Ulster Bank AnyTime - https://anytime1.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38174.4504166667

    Cheers...think it looks better :)

    Colum
     
  10. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Re: Laptop problems

    HI Colum

    SUPER - Great Job :)

    Log looks clean to me - keep it it this way :D

    Please follow the steps to avoid re-infection that was posted HERE

    Happy Safe Computing !
     
Thread Status:
Not open for further replies.