MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Hijacked! Please help me!
November 22, 2019, 11:05:55 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 11:05:55 AM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Hijacked! Please help me!  (Read 2628 times)
keplero
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« on: July 26, 2004, 06:31:10 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:Windows Me
Problem Application Name & Version: Hijack
Problem Hardware Make & Model:
Error Messages:



Hello everybody! It seems that my browser (IE) has been hijacked. Each time I try to connect to internet, after few seconds a p*rn popup appears. I tried to scan my system with Ad-aware and Spybot - Search and Destroy (both are updated), but they didn't find anything. My OS is Windows Me. I found that my windows\temp folder is full of files named iexxxx.tmp or iexxxx.tmp.exe (where xxxx is a hexadecimal number) created while i'm online. In the following lines you can find my HijackThis log. Any help appreciated...




Logfile of HijackThis v1.97.7
Scan saved at 19:57:30, on 26/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 6.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\TEMP\IE9033.TMP.EXE
C:\PROGRAMMI\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 44
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 44
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 44
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 44
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 44
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\SYSTEM\IEGUARD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Organizzatore ricerche (HKLM)


Thanks in advance for your help,

Andrea
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 26, 2004, 07:25:17 PM »

Delete your version of hijackthis and download the newest version
Do another scan and post the log, don't alter it in any way, thanks
download from
HERE or HERE
Logged

 
keplero
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #2 on: July 26, 2004, 07:58:35 PM »

Thank you for your quick answer! Here's the new HijackThis log, without any modifications:

Logfile of HijackThis v1.98.0
Scan saved at 21:42:29, on 26/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 6.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\IE7290.TMP.EXE
C:\PROGRAMMI\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 44
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 44
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 44
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 44
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 44
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: run=hpfsched
O2 - BHO: IEWebGuard Class - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\SYSTEM\IEGUARD.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\msero.dll
O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Filter hijack: text/xml - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\SYSTEM\MULTI40783A44.DLL
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

Thanks again for your precious help!

Bye,

Andrea
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: July 26, 2004, 08:18:05 PM »

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 44

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 44
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 44
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 44
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 44

RESTART your computer in Safe Mode

Navigate to your TEMP folder and delete the whole contents or what you can
C:\WINDOWS\TEMP <---delete the contents

RESTART back in Normal Mode
Don't open a browser yet
Instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Download and Install the free version of Ad-Aware
Set these additional options for a custom scan

click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

RESTART your computer
Post back with a fresh hijackthis log

Logged

 
keplero
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #4 on: July 26, 2004, 09:33:47 PM »

I've done everything you wrote me... I performed a scan with Ad-aware Build 6.181 but nothing was found. I'm sorry but the problem is still there... Undecided Here is my new HijackThis log:

Logfile of HijackThis v1.98.0
Scan saved at 23:20:12, on 26/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 6.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\IE2095.TMP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: run=hpfsched
O2 - BHO: IEWebGuard Class - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\SYSTEM\IEGUARD.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\msero.dll
O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Filter hijack: text/xml - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\SYSTEM\MULTI40783A44.DLL
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

Thanks again,

Andrea
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: July 26, 2004, 10:39:36 PM »

Download and Extract to desktop CWShredder
http://www.majorgeeks.com/download4086.html

Disconnect from the NET

With only hijackthis open fix checked this entry
O18 - Filter hijack: text/xml - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\SYSTEM\MULTI40783A44.DLL

Next with just CWShredder open let it FIX all problems
RESTART your computer in SAFE MODE

Empty the Temp folder again
RESTART in Normal mode
Post back with a fresh hijackthis log
Logged

 
keplero
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #6 on: July 27, 2004, 05:14:39 PM »

Sorry for my delay, I was at work! I've done everything you told me but:
- O18 - Filter hijack: text/xml - {53B95211-7D77-11D2-9F80-00104B107C96}   - C:\WINDOWS\SYSTEM\MULTI40783A44.DLL seems to be still there, even if checked and fixed it

- CWShredder found nothing wrong

Here is my fresh log:

Logfile of HijackThis v1.98.0
Scan saved at 18:55:37, on 27/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 6.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: run=hpfsched
O2 - BHO: IEWebGuard Class - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\SYSTEM\IEGUARD.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\msero.dll
O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Filter hijack: text/xml - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\SYSTEM\MULTI40783A44.DLL
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

At the moment, it seems that I don't have any popup windows, but tmp files continue to be generated. I've opened one of them, it contains the url of my previous popups (always the same website, please tell me if you need to know it...).

Thank you!

Andrea
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #7 on: July 27, 2004, 06:46:48 PM »

Set Windows to Set Windows to Show Hidden Files and Folders

Disable system restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

Have hijackthis fix this entry
O18 - Filter hijack: text/xml - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\SYSTEM\MULTI40783A44.DLL

Restart your computer in Safe Mode
Find and delete this file if it exists
C:\WINDOWS\SYSTEM\MULTI40783A44.DLL <---this file

Navigate to your temp folder and delete the contents
START--RUN---type in "cleanmgr" without quotes and do a Disk Cleanup

RESTART back in Normal Mode
Do another Scan with Ad-Aware and RESTART your computer if bad files
are found
Post back with a fresh hijackthis log
Logged

 
keplero
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #8 on: July 27, 2004, 08:09:23 PM »

C:\windows\system\MULTI40783A44.dll is still on HijackThis log file, but I can't find it in my system. Ad-aware scan reported everything was ok. This is my new log:

Logfile of HijackThis v1.98.0
Scan saved at 21:51:10, on 27/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 6.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: run=hpfsched
O2 - BHO: IEWebGuard Class - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\SYSTEM\IEGUARD.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\msero.dll
O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Filter hijack: text/xml - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\SYSTEM\MULTI40783A44.DLL
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

By the way, it seems I get a new .tmp file each time I click on a link in my browser...

Any other idea?

Thanks again.

Andrea
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #9 on: July 27, 2004, 08:13:04 PM »

Did you set Windows to Show hidden files and folders?
Logged

 
keplero
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #10 on: July 27, 2004, 08:38:31 PM »

Yes, it was already set. I remember that yesterday I could see that file under C:\WINDOWS\SYSTEM, it was hidden and read only.

Just another thing... After I disabled system restore, I deleted  all files under _RESTORE folder and c:\WINDOWS\TEMP folder. I've noted that, if I run Internet Explorer and then reboot the system, a new folder called TEMP is created under C:\_RESTORE; it contains a file, whose name and extension seem to be random each time it is generated.

Hope this can help you to help me Smiley

Andrea
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #11 on: July 27, 2004, 08:48:19 PM »

Are you comfortable editing the registry?

We'll try this Symantec's way from this link
http://sarc.com/avcenter/venc/data/pf/adware.findemnow.html

Update your virus definitions with AVG

If your not comfortable editing the registry,
Download and Install Registrar Lite
I'll help you out with it when we got time
If you go with Registrar Lite, Post back and let me know when you have
Avg updated and Reg Lite installed

http://www.resplendence.com/download/reglite.exe
Logged

 
keplero
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #12 on: July 27, 2004, 09:31:25 PM »

I've tried both with regedit and reglite, but i couldn't find the subkeys indicated. I tried to perform a registry cleanup with RegCleaner, something is changed but the problem is still here Undecided

This is new log:

Logfile of HijackThis v1.98.0
Scan saved at 22:49:49, on 27/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 6.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: run=hpfsched
O2 - BHO: IEWebGuard Class - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\SYSTEM\IEGUARD.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\msero.dll
O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Filter hijack: text/xml - {53B95211-7D77-11D2-9F80-00104B107C96} - (no file)
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL


Now it's quite late here, I will be back tomorrow. I hope you will have good news for me!

Thanks a lot for all the time you're spending for me...

Andrea
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #13 on: July 27, 2004, 09:46:15 PM »

Not sure exactly what steps you took
I hope you restarted in safe mode and emptied that temp folder
I also hope you checked out your hosts file

You can have hijackthis fix this entry
O18 - Filter hijack: text/xml - {53B95211-7D77-11D2-9F80-00104B107C96} - (no file)

While in safe mode
access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page
Logged

 
keplero
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #14 on: July 28, 2004, 09:14:17 AM »

My hosts file is completely empty and I always clean my c:\window\temp folder after every reboot. I don't need to restart in safe mode, I can clear all files even in normal mode (I have tried also in safe mode but the result is the same!)

I've tried to fix this entry:

O18 - Filter hijack: text/xml - {53B95211-7D77-11D2-9F80-00104B107C96} - (no file)

If I perform another scan it is disappeared, but when I reboot my system that voice is there again.
Using RegLite, I can find the entry:

text/xml - {53B95211-7D77-11D2-9F80-00104B107C96} or something similar, but the number is the same.

Do I have to clean it with RegLite? Is it safe?

I've already done the operations under Internet Options, both in safe and normal mode.
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 07, 2018, 09:37:51 PM