Explorer being assaulted by trojan

[mycompisbroke]

This keeps poping up and considering some of the *censored* i've had on my computer lately I'm pretty sure its a trojan or virus.

"Buffer overrun detected!
Program : C:\WINDOWS\Explorer.exe

A buffer overrun has been detected which has corrupted this files internal state . The program cannot safely continue exectution and must now be terminated"


[title edited due to complaints]

[mycompisbroke]

heres a screenshot if it helps .
http://s101.photobucket.com/albums/m80/imageking_01/?action=view&current=untitled-2.jpg

When I x it out my comp crashes.

[LtRyan5184]

Try Ad-Aware (Google It) By Lavasoft, it works for me. but if its totaled take it to a shop to get the important stuff off or if there is no important suff on it just use a low- level HD format to wipe everything

[mycompisbroke]

I've tried ad aware.  I'm not gona take it to a shop and I'm not clearing all my data. Is there anyway I can fix explorer?

[Deerpark]

There is no need to take it to a shop or do a format just yet. Wait for CBMatt or one of the other resident virus experts to come and help you out. I can get you started though.

We need to know what version of windows this is and what version of IE you're using. Do you have any anti-virus or anti-spyware programs installed?

Also get HiJackThis, run a scan and then post the log here.

[Fed]

Update your Windows.
http://www.update.microsoft.com

[dl65]

mycompisbroke ....... What operating system are you using? ............ and
is it up to date as Fed asked in the last reply?

If you have spybot installed, I would like you to run it and let us know what it finds. If you dont have it d/l it from ....... http://www.tucows.com/software_detail.html?id=310138    ..... once installed, be sure and get the latest updates and then run a full scan.

You mentioned you suspect you have trojans....... what evidence do you have to support that ?

xxx At this time do not consider using system restore if it is available with your operating system xxx

Which Anti - Virus program are you using and is it up to date?

Have you attempted to run your anti-virus from the safe mode ?

Please get back to us with some answers.

dl65 

[CBMatt]

I actually had a very similar problem on my own computer recently.  It could be a worm (there are about three or four I know of that cause this problem), but before we assume it's an infection, update your Windows like Fed suggests.

Also, you should download and install KB935448, as it's often related to this problem.

You may also need to update your codecs.  It may not apply to you, but it worked for me and another member claims it worked for him as well.  The codec pack we both downloaded was AVI Codec Pack Plus 2.2, so you might as well give it a shot.


Once you have tried these things, post back with an update on how things are running.

[mycompisbroke]

Because I've had a lot of viruses and trojans and spyware from a program that I instaled on a warez site and its the one that wont go away. I use mcafee but Its a pretty old version. I have  windows xp.


How do I get in safe mode? I've run it but nothing came up and as I sayed it pretty old so I'm not surprised. I'll d/l hijackthis tomorrow.
Also while I was typing this cb matt posted  . I guess I've got a lot of downloading to do tomorrow.

[dl65]

mycompisbroke .....

I use mcafee but Its a pretty old version

does this mean that the subscription has run out ?
If it has please download the following......
1. ccleaner.... from http://filehippo.com/download_ccleaner/   
Install it without the Yahoo toolbar....but don't run it at this time.

2. AVG free antivirus...... from http://free.grisoft.com/doc/2/ 
install it, update it ..... but don't run it at this time.

3. AVG Antispyware .... from http://free.grisoft.com/doc/20/lng/us/tpl/v5
install it, get the latest update..... but don't run it at this time.

Next , shutdown your existing outdated McAfee AV .......... ( remove it if you wish as you wont need it anymore.)

Then ..... open ccleaner and run the cleaner portion ( the brush icon) click on run cleaner and when it has reached 100% ........ click run cleaner again and all that was found will be removed.
Run cleaner again to be sure it got everything.

Now then reboot into SAFE mode ( as soon as the pc shuts down and just begins to boot up again ....repeatedly tap the F8 key untill you are offered differant start options....... choose Safe Mode.......   Let it load. ( it will look differant than the normal mode.........
Next find the shortcut to AVG free antivirus and do a full scan.
Once it's finished ....and it will take a while ...... either quarantine or delete anything it finds.
Next ...... close that up and open AVG Antispyware .... and do a full scan with it as well. Remove anything it finds.

Now reboot back into normal mode and report back how things are.
If things are still not right, open up hijackthis ( which I'm assuming you have D/L per CBMatt ) and do a scan and post the results here . Use several posts if necessary to get it all in .

dl65 

[CBMatt]

The fact that you have McAfee makes it seem even more likelier that your problem is related to my own.  This seems to be becoming somewhat common with McAfee users.  However, if my post doesn't help, then please follow dl65's instructions.  Heck, even if my post does help, you still might want to follow his instructions, just to be on the safe side.

[mycompisbroke]

Looks like my family has decided to go on a  spur of the moment vacation so I'll have to wait another day. Looks like this is starting to become a pretty common problem. *censored* you mcafee.

[copycat]

Hi,

Try downloading Prevx! @ http://free.prevx.com

It works everytime

Good Luck,

Copycat

[Deerpark]

copycat the site you linked to is just a domain parking site without any real content. I think the site you meant to link to is this one http://free.prevx.com/. Notice the dot between free and prevx.

[CBMatt]

Well, mycompisbroke, when you get a chance to try everything out, let us know how it goes.

copycat the site you linked to is just a domain parking site without any real content. I think the site you meant to link to is this one http://free.prevx.com/. Notice the dot between free and prevx.

The link has now been fixed.

[mycompisbroke]

Ok I'm about to start downloading now. Also theres a second one . With the first one when I click ok my comp acts weird but with the second one it goes away when I click ok but still it makes me think its spreading. Also in a post aelier in this thread one of yall sayed it was a worm . What exacly is the definition of that ? I've heard of viruses and trojans(and I've had them) but not worms.

[mycompisbroke]

*censored*! ? My mcafee firewall sayed hijack this was a virus and deleted it when I downloaded it.

[mycompisbroke]

Also I almost forgot it only seems to happen when I open up and innternet browser.

[mycompisbroke]

Wow , hijackthis was deleted even with my firewall off. Yall sure it isnt a virus?

[Deerpark]

Viruses and trojans you have to download and execute in order for them to work. Worms on the other hand spreads on a network (like the internet) on their own by exploiting various security flaws in operating systems or programs. Keeping your Windows up to date and a firewall is essential in protecting against worms.
http://en.wikipedia.org/wiki/Computer_worm

Hijackthis is not a virus, ask anyone on this forum. It's probably not the firewall but your anti-virus that is falsely labeling hijackthis as a virus. False positives happens all the time no matter what AV product you use.

[copycat]

Thanks Deerpark!

Copycat

[mycompisbroke]

My friend just came over and downloaded something that fixed whatever it was. He had the exact same thing 2 months ago. I still have a *censored* load of adware that I cant delete with ad  aware because everytime I do I delete something critical for my comp and have to restore it.

[CBMatt]

Trust me, HijackThis is not a virus.  There are online schools devoted solely to the use of this program.  It's a powerful tool that aids in the detection of infections.  Are you downloading it from the link Deerpark provided?  Make sure you're not downloading the 2.0 beta version, which might still create false positives with McAfee.  Version 1.99.1 is the version you want, and it shouldn't create any false positives, unless you have outdated software (looking back, you did say you have an old version of McAfee, which may be the problem).  If you have to, disconnect from the internet and disable McAfee.  Then download HijackThis with another computer, put it on a disk, and transfer it to your own computer.  Then scan with it and post the log here.

Did you download the programs dl65 suggested and follow his instructions?

Also, would you mind asking your friend what he downloaded to fix this problem for you?  It's becoming an increasingly popular problem, but there are still very few possible solutions.

[mycompisbroke]

This . http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp
At first I didnt think it worked and it sayed I need IE version 6.0 but when I opened up internet explorer the thing didnt pop up.  Also I thaught it was a problem with exploer but it was internet explorer. <_<

[mycompisbroke]

I did some research on a site dedicated to causing *censored* like this and found what I got . It happened when I downloaded download accelerater and it was all like buffer over load and what this describes is  what I got.

http://www.milw0rm.com/exploits/4056

[Deerpark]

That security update you linked to is all the way back from 2002. If your windows was fully updated this one should have already been installed.

[mycompisbroke]

<_< Well I'm not the only retard because a lot of people have a similar  problem.

[Deerpark]

Ohh it wasn't an attack on you, I was just surprised that's all. But I would suggest that you enable Automatic Update so you get updates like this. It will save you from a lot of future problems.

[mycompisbroke]

Naw I'm good. I dont like downloading stuff that much anymore because of the stuff on my comp right now. Not that I'm saying it has a virus , I'm just saying I feel uncomfortable downloading stuff right now. I'm not even  downloading warez  and everybody knows I love my warez.

[Fed]

Keeping your Windows uptodate is essential but I always leave it a couple of weeks after update Tuesday to see if the updates have caused others any problems.

[CBMatt]

I'm not even  downloading warez  and everybody knows I love my warez.

Which is bound to be the cause of 90% of your problems.

[mycompisbroke]

Well thats commen sense. I know its probably the cause of most of my problems.

[Fed]

Don't forget to keep a Firewall, AV and AS uptodate and running in realtime.

[mycompisbroke]

Someone post a link to a hijackthis that works please.

[Richenstony]

hijackthis 

[mycompisbroke]

hijackthislog

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:58:37 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\Explorer.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\lich.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AIM2.exe
C:\WINDOWS\wanmpsvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Travis\My Documents\My

[mycompisbroke]

Videos\hideme\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginia.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\msiexec.exe
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6064348C-FF1E-42B3-A90A-4B35AF0AB67E} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\cbxyaax.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "C:\Documents and Settings\Travis\My Documents\My Videos\WinAntiVirusPro2007FreeInstall.exe" -nag

[mycompisbroke]

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\ihhpwfge.dll",forkonce
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AIM2.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBE3764D-FAD0-4AC0-9E4D-0B10C70E8BE1}: NameServer = 207.69.188.187 207.69.188.186
O20 - Winlogon Notify: cbxyaax - C:\WINDOWS\SYSTEM32\cbxyaax.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10811 bytes

[Richenstony]

O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe  -fix that


More information on what it is i have just asked you to fix.... http://www.symantec.com/security_response/writeup.jsp?docid=2006-062015-2622-99&tabid=2


I also think i see a few Trojan down loaders , im still learning how to read the log correctly.... i think i should let unlovedwarrior and cbmatt help you out here ....... unloved is this a Trojan down loader.

C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

    * Backup any important data first!!
    * Re-configure Windows Explorer to Show Hidden Files & Folders.
    * Ensure you're familiar with restarting in Safe Mode.
    * Perform all actions in the order given.
    * If you're unsure of anything, stop and ask! Don't keep on going!
    * Please reply to this thread. Do not start a new topic.
    * Stick with it till you're given the all clear.
    * REMEMBER, ABSENCE OF SYMPTOMS DOES NOT ALWAYS MEAN A CLEAN  COMPUTER!!

[mycompisbroke]

Im gona wait for cbmatt to come on because hes the smartest of yall (no offense to richenstony ) . Also I already knew system doctor was ad ware when i saw it so i got rid of that  but thats all.

[Richenstony]

lol none taken i will remember that

[unlovedwarrior]

hi  mycomp. you might want to get superantispyware install reboot into safe mode and do a full scan then start run and enter chkdsk /f ( notice the space between the k and the /f ) press ok

a box will pop up and ask to run on next reboot enter y and press enter, then restart and let it run.

when you get back into normal mode try this online scanner

remove anything found and right down any vulnerabilities it finds.

report back on the vulnerabilities and any infection it finds.


these don't look friendly i can't find anything on them.
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\ihhpwfge.dll",forkonce

O4 - HKLM\..\Run: [lich] lich.exe

MemoryManager do you know what program this is?


thoses are just some things i picked out, lets wait for fed dl65 or cbmatt to reply on the hjt log, but try my other suggestions and see oh they work out.

[mycompisbroke]

The buffer overload thing is back. <_< And the patch i downloaded is still working so i guess it found a way around it. Also I think a trojan somehow deleted hijackthis because i saw it magicly disapear before my eyes. <_<

[mycompisbroke]

Great. It disabled my pop up blockers.

[unlovedwarrior]

hi  mycomp. you might want to get superantispyware install reboot into safe mode and do a full scan then start run and enter chkdsk /f ( notice the space between the k and the /f ) press ok

a box will pop up and ask to run on next reboot enter y and press enter, then restart and let it run.

when you get back into normal mode try this online scanner

remove anything found and right down any vulnerabilities it finds.

report back on the vulnerabilities and any infection it finds.


these don't look friendly i can't find anything on them.
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\ihhpwfge.dll",forkonce

O4 - HKLM\..\Run: [lich] lich.exe

MemoryManager do you know what program this is?


thoses are just some things i picked out, lets wait for fed dl65 or cbmatt to reply on the hjt log, but try my other suggestions and see oh they work out.

try this stuff yet

[Richenstony]

hi  mycomp. you might want to get superantispyware install reboot into safe mode and do a full scan then start run and enter chkdsk /f ( notice the space between the k and the /f ) press ok

a box will pop up and ask to run on next reboot enter y and press enter, then restart and let it run.

when you get back into normal mode try this online scanner

remove anything found and right down any vulnerabilities it finds.

report back on the vulnerabilities and any infection it finds.


these don't look friendly i can't find anything on them.
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\ihhpwfge.dll",forkonce

O4 - HKLM\..\Run: [lich] lich.exe

MemoryManager do you know what program this is?


thoses are just some things i picked out, lets wait for fed dl65 or cbmatt to reply on the hjt log, but try my other suggestions and see oh they work out.

try this stuff yet

Was that a bump unloved hehe 

[mycompisbroke]

Did I miss something?

[Richenstony]

Did I miss something?

yh go back to the other page he was asking to to try sumin.......

[unlovedwarrior]

hi  mycomp. you might want to get superantispyware install reboot into safe mode and do a full scan then start run and enter chkdsk /f ( notice the space between the k and the /f ) press ok

a box will pop up and ask to run on next reboot enter y and press enter, then restart and let it run.

when you get back into normal mode try this online scanner

remove anything found and right down any vulnerabilities it finds.

report back on the vulnerabilities and any infection it finds.


these don't look friendly i can't find anything on them.
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\ihhpwfge.dll",forkonce

O4 - HKLM\..\Run: [lich] lich.exe

MemoryManager do you know what program this is?


thoses are just some things i picked out, lets wait for fed dl65 or cbmatt to reply on the hjt log, but try my other suggestions and see oh they work out.

try this stuff yet

Was that a bump unloved hehe 

nope just asking if he/she tried those things yet

[mycompisbroke]

All the adware and the worm randomly stoped all of the sudden . For the past week everytime I open a page i got a pop up but not for the past 25 pagesish. hmmmm

[CBMatt]

This thread is becoming a bit of a mess.  Hang tight and I'll get back to you with an anaylsis of your log in a few minutes.

[CBMatt]

Alrighty...you've got a few nasties, but we should be able to get this all sorted out.  First, let's take care of your Vundo infection...

1. Download VundoFix and save it to your desktop.
2. Run VundoFix and click on Scan For Vundo.
3. Once it's done scanning, click on Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files.  Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a Vundofix.txt file.  Please locate this file and paste the contents in your next post.

And then, just to be thorough...
1. Download VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and reboot back into normal mode.
5. The program normally produces a VBG.txt file.  Please locate this file and paste the contents in your next post.


Now, let's take a look at your log...  Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\msiexec.exe

O2 - BHO: (no name) - {6064348C-FF1E-42B3-A90A-4B35AF0AB67E} - C:\WINDOWS\system32\jkklj.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\cbxyaax.dll

O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006 Free\pasmon.exe
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "C:\Documents and Settings\Travis\My Documents\My Videos\WinAntiVirusPro2007FreeInstall.exe" -nag
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\ihhpwfge.dll",forkonce

O15 - Trusted Zone: *.stumbleupon.com
(This site is safe, but it's always best to not allow a site into your Trusted Zone.)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetu p1.0.0.15.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab

O20 - Winlogon Notify: cbxyaax - C:\WINDOWS\SYSTEM32\cbxyaax.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
(You have LimeWire.  The program itself isn't considered malicious, but it the programs/files downloaded through this client may be unsafe, and are likely contributors to your infection.  Many downloads are also considered illegal, as they infringe on copyright laws.  You don't have to delete this, but it is strongly advised.)

O17 - HKLM\System\CCS\Services\Tcpip\..\{EBE3764D-FAD0-4AC0-9E4D-0B10C70E8BE1}: NameServer = 207.69.188.187 207.69.188.186
(If this isn't your ISP, you should fix this.)

Now, close all windows (including this one) besides HijackThis, then click Fix Checked.  Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

SystemDoctor 2006 Free
LimeWire  (You don't have to remove this, but it is advised.)

Please note any other programs that you dont recognize in that list in your next response.

Navigate to and delete the following folder(s) if present...

C:\Program Files\SystemDoctor 2006 Free
C:\Program Files\LimeWire  (You don't have to remove this, but it is advised.)

Navigate to and delete the following file(s) if present...

C:\Documents and Settings\Travis\My Documents\My Videos\WinAntiVirusPro2007FreeInstall.exe
C:\WINDOWS\system32\cbxyaax.dll
C:\WINDOWS\system32\ihhpwfge.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\lich.exe

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log (along with the Vundo logs) so we can see if there's any other junk we need to clean up.  Let me know how everything's running now and if you had any problems following my steps.

[mycompisbroke]

A few nasties? Looks like a LOT of nasties. I had vundo last month. <_< Oh well. I'll fix the vundo now and get rid of the other stuff after summer school.

[mycompisbroke]

Vundoo = pwnzored . I'll do the other vundoo one and i'll delete the other stuff later.



VundoFix V4.2.57

Checking Java version...

Java version is 1.4.2.3

Scan started at 1:12:16 PM 4/8/2006

Listing files found while scanning....

C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abeeg.ini2
C:\WINDOWS\system32\abeeg.tmp

C:\WINDOWS\SYSTEM32\abeeg.bak1
C:\WINDOWS\SYSTEM32\abeeg.bak2
C:\WINDOWS\SYSTEM32\abeeg.tmp
C:\WINDOWS\SYSTEM32\abeeg.ini
C:\WINDOWS\SYSTEM32\abeeg.ini2
C:\WINDOWS\SYSTEM32\geeba.dll
C:\WINDOWS\SYSTEM32\abeeg.ini2
C:\WINDOWS\SYSTEM32\abeeg.bak2
C:\WINDOWS\SYSTEM32\abeeg.tmp
C:\WINDOWS\SYSTEM32\abeeg.ini
C:\WINDOWS\SYSTEM32\abeeg.ini2
C:\WINDOWS\SYSTEM32\geeba.dll
 Attempting to delete C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geeba.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abeeg.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\abeeg.ini2
C:\WINDOWS\system32\abeeg.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\abeeg.tmp
C:\WINDOWS\system32\abeeg.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 7:27:53 AM 7/26/2007

Listing files found while scanning....

C:\windows\system32\aplecerd.exe
C:\windows\system32\awtuuuu.dll
C:\WINDOWS\system32\cbxyaax.dll
C:\windows\system32\cqiqpnij.ini
C:\windows\system32\dbciksyk.dll
C:\windows\system32\evdyhlpx.dll
C:\windows\system32\fmqhqajf.exe
C:\windows\system32\hwoxnjpe.dll
C:\windows\system32\iktbeibl.exe
C:\windows\system32\jinpqiqc.dll
C:\WINDOWS\system32\jkklj.dll
C:\windows\system32\jkplfdeu.dll
C:\windows\system32\jlkkj.bak1
C:\windows\system32\jlkkj.bak2
C:\windows\system32\jlkkj.ini
C:\windows\system32\jlkkj.ini2
C:\windows\system32\jlkkj.tmp
C:\windows\system32\jonmokqa.exe
C:\windows\system32\kqgiiolw.dll
C:\windows\system32\krevceny.dll
C:\windows\system32\kyskicbd.ini
C:\windows\system32\lvgjgaep.dll
C:\windows\system32\lwiroqhi.exe
C:\windows\system32\mqiajual.dll
C:\windows\system32\nbgwvxgb.exe
C:\windows\system32\nlqglnnm.dll
C:\windows\system32\npjsdgtv.exe
C:\windows\system32\oxsogaqt.dll
C:\windows\system32\puattols.dll
C:\windows\system32\pwltnsla.dll
C:\windows\system32\qrpqefxy.exe
C:\windows\system32\ssqppop.dll
C:\windows\system32\stxtgylf.exe
C:\windows\system32\sveodjie.exe
C:\windows\system32\tbbapsby.dll
C:\windows\system32\twbdqxit.dll
C:\windows\system32\uedflpkj.ini
C:\windows\system32\ujvambyv.dll
C:\windows\system32\utewrlas.dll
C:\windows\system32\vashujcv.dll
C:\windows\system32\viygycub.exe
C:\windows\system32\vwvoptrd.exe
C:\windows\system32\wloiigqk.ini
C:\windows\system32\xalmklfp.exe
C:\windows\system32\xfitnljw.dll
C:\windows\system32\xkodkctx.exe
C:\windows\system32\yqmjqsgo.dll

Beginning removal...

 Attempting to delete C:\windows\system32\aplecerd.exe
C:\windows\system32\aplecerd.exe Has been deleted!

 Attempting to delete C:\windows\system32\awtuuuu.dll
C:\windows\system32\awtuuuu.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cbxyaax.dll
C:\WINDOWS\system32\cbxyaax.dll Could not be deleted.

 Attempting to delete C:\windows\system32\cqiqpnij.ini
C:\windows\system32\cqiqpnij.ini Has been deleted!

 Attempting to delete C:\windows\system32\dbciksyk.dll
C:\windows\system32\dbciksyk.dll Has been deleted!

 Attempting to delete C:\windows\system32\evdyhlpx.dll
C:\windows\system32\evdyhlpx.dll Has been deleted!

 Attempting to delete C:\windows\system32\fmqhqajf.exe
C:\windows\system32\fmqhqajf.exe Has been deleted!

 Attempting to delete C:\windows\system32\hwoxnjpe.dll
C:\windows\system32\hwoxnjpe.dll Has been deleted!

 Attempting to delete C:\windows\system32\iktbeibl.exe
C:\windows\system32\iktbeibl.exe Has been deleted!

 Attempting to delete C:\windows\system32\jinpqiqc.dll
C:\windows\system32\jinpqiqc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jkklj.dll Has been deleted!

 Attempting to delete C:\windows\system32\jkplfdeu.dll
C:\windows\system32\jkplfdeu.dll Has been deleted!

 Attempting to delete C:\windows\system32\jlkkj.bak1
C:\windows\system32\jlkkj.bak1 Has been deleted!

 Attempting to delete C:\windows\system32\jlkkj.bak2
C:\windows\system32\jlkkj.bak2 Has been deleted!

 Attempting to delete C:\windows\system32\jlkkj.ini
C:\windows\system32\jlkkj.ini Has been deleted!

 Attempting to delete C:\windows\system32\jlkkj.ini2
C:\windows\system32\jlkkj.ini2 Has been deleted!

 Attempting to delete C:\windows\system32\jlkkj.tmp
C:\windows\system32\jlkkj.tmp Has been deleted!

 Attempting to delete C:\windows\system32\jonmokqa.exe
C:\windows\system32\jonmokqa.exe Has been deleted!

 Attempting to delete C:\windows\system32\kqgiiolw.dll
C:\windows\system32\kqgiiolw.dll Has been deleted!

 Attempting to delete C:\windows\system32\krevceny.dll
C:\windows\system32\krevceny.dll Has been deleted!

 Attempting to delete C:\windows\system32\kyskicbd.ini
C:\windows\system32\kyskicbd.ini Has been deleted!

 Attempting to delete C:\windows\system32\lvgjgaep.dll
C:\windows\system32\lvgjgaep.dll Has been deleted!

 Attempting to delete C:\windows\system32\lwiroqhi.exe
C:\windows\system32\lwiroqhi.exe Has been deleted!

 Attempting to delete C:\windows\system32\mqiajual.dll
C:\windows\system32\mqiajual.dll Has been deleted!

 Attempting to delete C:\windows\system32\nbgwvxgb.exe
C:\windows\system32\nbgwvxgb.exe Has been deleted!

 Attempting to delete C:\windows\system32\nlqglnnm.dll
C:\windows\system32\nlqglnnm.dll Has been deleted!

 Attempting to delete C:\windows\system32\npjsdgtv.exe
C:\windows\system32\npjsdgtv.exe Could not be deleted.

 Attempting to delete C:\windows\system32\oxsogaqt.dll
C:\windows\system32\oxsogaqt.dll Has been deleted!

 Attempting to delete C:\windows\system32\puattols.dll
C:\windows\system32\puattols.dll Has been deleted!

 Attempting to delete C:\windows\system32\pwltnsla.dll
C:\windows\system32\pwltnsla.dll Has been deleted!

 Attempting to delete C:\windows\system32\qrpqefxy.exe
C:\windows\system32\qrpqefxy.exe Has been deleted!

 Attempting to delete C:\windows\system32\ssqppop.dll
C:\windows\system32\ssqppop.dll Has been deleted!

 Attempting to delete C:\windows\system32\stxtgylf.exe
C:\windows\system32\stxtgylf.exe Has been deleted!

 Attempting to delete C:\windows\system32\sveodjie.exe
C:\windows\system32\sveodjie.exe Has been deleted!

 Attempting to delete C:\windows\system32\tbbapsby.dll
C:\windows\system32\tbbapsby.dll Has been deleted!

 Attempting to delete C:\windows\system32\twbdqxit.dll
C:\windows\system32\twbdqxit.dll Has been deleted!

 Attempting to delete C:\windows\system32\uedflpkj.ini
C:\windows\system32\uedflpkj.ini Has been deleted!

 Attempting to delete C:\windows\system32\ujvambyv.dll
C:\windows\system32\ujvambyv.dll Has been deleted!

 Attempting to delete C:\windows\system32\utewrlas.dll
C:\windows\system32\utewrlas.dll Has been deleted!

 Attempting to delete C:\windows\system32\vashujcv.dll
C:\windows\system32\vashujcv.dll Has been deleted!

 Attempting to delete C:\windows\system32\viygycub.exe
C:\windows\system32\viygycub.exe Has been deleted!

 Attempting to delete C:\windows\system32\vwvoptrd.exe
C:\windows\system32\vwvoptrd.exe Has been deleted!

 Attempting to delete C:\windows\system32\wloiigqk.ini
C:\windows\system32\wloiigqk.ini Has been deleted!

 Attempting to delete C:\windows\system32\xalmklfp.exe
C:\windows\system32\xalmklfp.exe Has been deleted!

 Attempting to delete C:\windows\system32\xfitnljw.dll
C:\windows\system32\xfitnljw.dll Has been deleted!

 Attempting to delete C:\windows\system32\xkodkctx.exe
C:\windows\system32\xkodkctx.exe Has been deleted!

 Attempting to delete C:\windows\system32\yqmjqsgo.dll
C:\windows\system32\yqmjqsgo.dll Has been deleted!

Performing Repairs to the registry.
Done!

[CBMatt]

Sheesh, that's quite the Vundo infection.  Heh.  One of the files couldn't be deleted, so hopefully, the other program will get it.  If not, give VundoFix another try.

I'll be waiting for your next reply and an update on how things are running after following the rest of my instructions.

[unlovedwarrior]

are you tring in safe mode?

[mycompisbroke]

I still cant believe I was dumb enough to instal winantivirus AND systymdocter. <_< Im about to give the 2nd anti vundo program a go.

[unlovedwarrior]

its ok your not the first to fall for it

[mycompisbroke]

Nothing found. <_< I'll do hijackthis later.


[07/26/2007, 12:59:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Travis\My Documents\My Videos\hideme\VirtumundoBeGone.exe" )
[07/26/2007, 12:59:10] - Detected System Information:
[07/26/2007, 12:59:10] -  Windows Version: 5.1.2600, Service Pack 2
[07/26/2007, 12:59:10] -  Current Username: Tommy (Admin)
[07/26/2007, 12:59:10] -  Windows is in NORMAL mode.
[07/26/2007, 12:59:10] - Searching for Browser Helper Objects:
[07/26/2007, 12:59:10] -  BHO 1: {00000000-6C30-11D8-9363-000AE6309654} (SuperAdBlockerBHO Class)
[07/26/2007, 12:59:10] -  BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/26/2007, 12:59:10] -  BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/26/2007, 12:59:10] -  BHO 4: {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} (McBrwHelper Class)
[07/26/2007, 12:59:10] -  BHO 5: {474FEF48-70C8-4511-9D96-698999AD6404} ()
[07/26/2007, 12:59:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2007, 12:59:10] -  Checking for HKLM\...\Winlogon\Notify\jkklj
[07/26/2007, 12:59:10] -  Key not found: HKLM\...\Winlogon\Notify\jkklj, continuing.
[07/26/2007, 12:59:10] -  BHO 6: {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} (PnIEBrowserHelperObj Class)
[07/26/2007, 12:59:10] -  BHO 7: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[07/26/2007, 12:59:10] -  BHO 8: {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} (Toolbar Helper)
[07/26/2007, 12:59:10] -  BHO 9: {D80C4E21-C346-4E21-8E64-20746AA20AEB} ()
[07/26/2007, 12:59:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2007, 12:59:10] -  No filename found. Continuing.
[07/26/2007, 12:59:10] - Finished Searching Browser Helper Objects
[07/26/2007, 12:59:10] - Finishing up...
[07/26/2007, 12:59:10] - Nothing found! Exiting...

[unlovedwarrior]

you alive??

[Richenstony]

His virus's consumed him ...... and soon the world.....

Tony

Ive seen him on today....

[CBMatt]

Due to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.