Spyware Warrior

[hotborg7of9]

Below is a copy of my HijackThis log. I tried updating my Windows 98 first but couldn't find a download site for the latest 98 stuff. I was directed to the Microsoft "Windows update" page but it seems you have to have XP or 2000.

Maybe my windows is o.k. ? Do I need an update before going forward ?

Thanks in advance
_______________________________


Logfile of HijackThis v1.99.1
Scan saved at 11:07:19 AM, on 3/2/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HARDWARE PRODUCT\KEYBOARD\IKEYMAIN.EXE
C:\PROGRAM FILES\HARDWARE PRODUCT\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
C:\WINDOWS\TWAIN_32\CA561A\SNAPDETECT.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\LOTUS\WORDPRO\LTSSTART.EXE
C:\WINDOWS\SYSTEM\HPLAMPC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COPY OF HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: run=hpfsched
O2 - BHO: Yahoo! Companion BHO - {0****D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: (no name) - {F963BD81-877F-11D9-93E2-444544C7B4BE} - C:\WINDOWS\SYSTEM\CGKF.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HARDWA~1\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\HARDWA~1\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunOnce: [InstMsi0] C:\WINDOWS\SYSTEM\msiexec.exe /regserver
O4 - HKLM\..\RunOnce: [InstMsi1] rundll32.exe C:\WINDOWS\SYSTEM\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Installer\InstMsi0"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O4 - Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O18 - Filter: text/html - {B40F9D40-8A71-11D9-93E2-4445B0AF7263} - C:\WINDOWS\SYSTEM\CGKF.DLL
O18 - Filter: text/plain - {B40F9D40-8A71-11D9-93E2-4445B0AF7263} - C:\WINDOWS\SYSTEM\CGKF.DLL

[TeMerc]

Please read all instructions, and DL any tools required, before beginning fix.

You may want to print out these directions as the Internet will not be available. Please continue with the next step if you run into a problem with the current one. Just be sure to let us know what the problem was when you reply.

Step 1:
Enable the 'Show Hidden Folders' option, like this:
Open My Computer.
Select the View menu and click Folder Options.
Select the View Tab.
In the Hidden files section select Show all files.
Click OK.

Step 2:
DL StartDreck. Then create a new folder called:StartDreck.

Step 3
Once it is downloaded, extract the file into c:\startdreck.

Step 4
Navigate to c:\startdreck and double-click on Startdreck.exe.

Step 5
When the program opens click on the Config button.

Step 6Then click on the unmark all button.

Step 7
Then put checkmarks in the following checkboxes:
Under Registry put a checkmark in the Run Keys checkbox.

Under System/Drivers put a check in the Running Proccess checkbox.

Step 8
Press the OK button.

Step 9
You will now see a lot of text appear on your screen. Scroll through this text until you see the RunServicesOnce section. Under that we are looking for an entry that contains a DLL in the \system directory followed by a StreamingDeviceSetup. An example of a entry like that is below:

»RunServicesOnce
**t=rundll32 C:\WINDOWS\SYSTEM\MSC.DLL,StreamingDeviceSetup

If this file does not exist skip to step 14.


Step 10
Write down the file name from that entry. In the above example the filename is c:\windows\system\msc.dll<<<file

Step 11
Now download Win98Fix.zip. Then, create a folder called win98fix

Step 12
Navigate to the c:\win98fix folder and double-click on the RunFix.reg. If it prompts whether or not you want to merge the information, click the Yes button


When that is done reboot your computer.

Step 13
Now find the file found in step 9, which should now be visible, and delete it.

Step 14
DL CWShredder

This is the step we run Shredder. Make sure all browser windows are closed and double-click on the cwshredder.exe to start the program.
Next click on the FIX button, not the Scan Only button, and let it scan your computer. When it is done, let it remove all it finds, and exit the program.

Step 15
Please head over to either Trend Micro or Panda ActiveScan and do an online, free, full system scan. Be sure and have the 'Auto Clean' button checked.
Trend Micro
Panda ActiveScan

Step 16
This is the step we run AdAware. Be sure to have the latest definitions loaded. Then run a full system scan.

Step 17
Reboot and post a new log please.
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[hotborg7of9]

Hello TeMerc,

I'm having trouble with the StartDreck.

I downloaded it and it appeared to domnload completely but I can't seem to open it.

How do I extract it?

I created a new folder in program files on C drive and named it StartDreck. I browsed and located the StartDreck- there were two ( one was a ZIP file and the other seems to be a link to their site ). I copied both and moved them but whenever I click on the ZIP one the gray prompt screen box keeps popping up asking if I want to open it or save it. When I click "open" nothing happens- it just flickers.

I'm not very knowledgable with computers. In fact, I'm not sure how to extract the file as you suggested in your instructions.

When you get a chance, could you walk me through the process or tell me what I'm doing wrong?

Thanks again!

[TeMerc]

When you open the zip file, your resident compressing agent should ask you where you want to unzip the files to, direct the extraction to:
C:\StartDreck.

It should then extract to that folder, and you can proceed.
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[hotborg7of9]

Hello again TeMerc,

I'm having all kinds of trouble.

I downloaded both StartDreck and CWShredder but I can't open them even though I've created folders for each in C and copied them from the temporary internet folders.

Both ZIP files seem to have downloaded properly, but when I try and open them by clicking on them I get a grey prompt screen asking if I want to "open" the file or "save" it. When I click "open" nothing happens.....the same screen keeps popping up. When I click "save" it says the file is already saved and "do you want to replace the existing file"

I'm wondering if my computer settings are preventing me from opening these ZIP files?

In addition, When I try to download the Win98fix I get the white unauthorized screen.

[TeMerc]

OK, try this, right click each zip, see if there is an option to open with, perhaps, WinZip, if you have it, if not, look for your resident compression agent.

Just in case, here is Winzip page to DL, its free

http://www.winzip.com/

Once you install that, when you click on any zip file, it will ask you if you want to use it, then just unzip the file into the specified folders.
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[hotborg7of9]

O.k. I was able to open the programs once I downloaded the winZip- thanks!

I ran CWShredder. I did a scan with Panda but the autofix option didn't seem to be available so I'm not sure if it did any good.

Anyway, below is the new log

_____________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 4:07:58 PM, on 3/7/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HARDWARE PRODUCT\KEYBOARD\IKEYMAIN.EXE
C:\PROGRAM FILES\HARDWARE PRODUCT\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\HPLAMPC.EXE
C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
C:\WINDOWS\TWAIN_32\CA561A\SNAPDETECT.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\LOTUS\WORDPRO\LTSSTART.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
F1 - win.ini: run=hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HARDWA~1\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\HARDWA~1\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O4 - Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

[hotborg7of9]

TeMerc,

The problem seems to have been corrected. Our homepage isn't being hijacked anymore so maybe the programs you had me run fixed it?

How does the latest log look ?

Thanks again for your help...I appreciate it very much!

[TeMerc]

No, I am afraid we still have some work to do, which would be another part of, or just another infection.

1. Click Start, click Run, type scanregw, and then click OK.
2. When you receive a prompt to back up the registry, click Yes.
3. When you receive the "Backup complete" message, click OK

Click 'Start', select 'Run', type in REGEDIT when dialog box appears, hit 'Enter'.

Once regedit pops up, navigate to, by unticking the + signs to:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

On the right hand side of the pane, look for:
sp

Right-click it, select 'Delete', accept the changes, close your registry.

Run HJT, and place a check next to the following lines, then, with all browsers and windows closed, hit 'Fix checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com


O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

Reboot, into 'Safe Mode':
Empty your Temp folders as follows:
Open Internet Explorer. You'll get a Page not Found error, but that's normal in safe mode.
At the top, click Tools>Internet Options> and then, in the center click Delete Cookies
Click Delete Files and then in the new applet check the box for all offline content
Click OK
Close that applet and open the C>Windows>Temp folder, and delete all files in there too, and all files in sub-folders of Temp.
Note: If you cannot delete them all at once because you have too many, then click and hold ctrl and highlight a batch of them at a time. Once highlighted, R-click over the highlight and select delete. Repeat until folder is empty
Double check to see if the folder C:\DOCUMENTSandSETTINGS\YOUR NAME\LOCALSETTINGS\Temp is empty.

Reboot into Normal mode and post a new HJT log please.
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[hotborg7of9]

Logfile of HijackThis v1.99.1
Scan saved at 9:29:50 AM, on 3/8/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HARDWARE PRODUCT\KEYBOARD\IKEYMAIN.EXE
C:\PROGRAM FILES\HARDWARE PRODUCT\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
C:\WINDOWS\TWAIN_32\CA561A\SNAPDETECT.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\LOTUS\WORDPRO\LTSSTART.EXE
C:\WINDOWS\SYSTEM\HPLAMPC.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS[1].EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
F1 - win.ini: run=hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HARDWA~1\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\HARDWA~1\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O4 - Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

[TeMerc]

OK, lets try a slightly different fix with Startdreck, some settings are better than others apparantly.

Double-click the startdreck.exe program and when it loads, click on the Config button.

Press the Unmark All button.

Then select the following checkboxes:

Run Keys under the Registry Section

Running Processes under the System/Drivers section.

Press the OK button.

When it is done scanning your computer, press the Save button and then open that log and post its contents as a reply to this message.
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[hotborg7of9]

I'm not sure how to get the info from StartDreck posted here.

I followed your instructions but I cannot seem to copy the text for some reason. Where can I access the new Startdreck log ? There is a SD log saved in the SD folder but I'm not sure if it automatically updates when I refresh or not.

[TeMerc]

Does it not come up in notepad?


Should be simple copy and paste from there.

Check in the Startdreck folder, if there is a log there, it should have a time stamp on it,
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[hotborg7of9]

There are no time stamps on the log files in the startdreck folder ( there are two ):

Startdreck.ini
Startdreck[1].ini

Here's what's in there:

[StartDreck]
ForceDauMode=0
Writeable=1
RefreshOnExitConfig=1
FontSize=8
Font=0
Registry0=1
Registry1=0
Registry2=0
Registry3=0
Registry4=0
Registry5=0
Files0=0
Files1=0
Files2=0
Files3=0
Files4=0
Files5=0
Files6=0
Files7=0
Files8=0
System0=0
System1=0
System2=0
System3=0
System4=0
System5=1
AppSpecific0=0
Registry6=0
Files9=0
AppSpecific1=0
System6=0
System7=0
AccInfo=0
___________________________________________________


Neither of those seem to be connected to the Startdreck program because the data in the notepads doesn't change when I save the new config and refresh. Plus, no date stamp is visible.

How can I create a new Startdreck log so the notepad has the current info?

[TeMerc]

UNinstall the program, delete folders.

Then re-install.
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[hotborg7of9]

I've uninstalled then reinstalled the Startdreck. Below is the log I get:
____________________________________

[StartDreck]
Writeable=1
RefreshOnExitConfig=1
AccInfo=1
FontSize=8
Font=0
Registry0=1
Registry1=0
Registry2=0
Registry3=0
Registry4=0
Registry5=0
Registry6=0
Files0=0
Files1=0
Files2=0
Files3=0
Files4=0
Files5=0
Files6=0
Files7=0
Files8=0
Files9=0
System0=0
System1=0
System2=0
System3=0
System4=0
System5=1
System6=0
System7=0
AppSpecific0=0
AppSpecific1=0

[hotborg7of9]

O.k. I've figured out how to save the text to Startdreck log but for some reason I cannot unzip it. I keep getting an error message saying:

"Cannot open file: it does not appear to be a valid archive

If you downloaded this file, try downloading it again"

[TeMerc]

DL a fresh copy, and make sure your compressing agent is properly updated.

Pretty much all the info I found points to a new copy to DL.

http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2003-52,GGLD:en&q=Cannot+open+file%3A+it+does+not+appear+to+be+a+valid+archive
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[hotborg7of9]

Hello again TeMerc.

I've tried downloading the StartDreck again and cannot get the log to come up. I uninstalled WinZip then downloaded it again and I still get the same error message when attempting to open the StartDreck log.

The good news is that we haven't had trouble with our homepage ever since we downloaded and ran CWShredder a few days ago. The about:blank problem seems to be taken care of but I realize that you see other problems with our Hijackthis log.

Whenever I reboot the computer an error message comes up on the windows desktop that says unable to run "RUNDLL" Like you said, something is still wrong but I don't know what to do since I can't get the StartDreck log to come up.

Thanks again

[TeMerc]

OK, try running this tool, see what it finds. It has had some sucesses.

http://www.derbilk.de/SpSeHjfix_Beta6.zip

Don't worry about StartDerck right now, if we get lucky, and the tool works, we won't need it. Keep your fingers crosed!!
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[hotborg7of9]

Hello again TeMerc,

I downloaded the special tool and it disinfected something ( apparently ).

Here's the latest Hijackthis log:

________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 6:35:15 AM, on 3/21/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HARDWARE PRODUCT\KEYBOARD\IKEYMAIN.EXE
C:\PROGRAM FILES\HARDWARE PRODUCT\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
C:\WINDOWS\TWAIN_32\CA561A\SNAPDETECT.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\LOTUS\WORDPRO\LTSSTART.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\HPLAMPC.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\HIJACKTHIS[1].EXE
C:\PROGRAM FILES\HIJACKTHIS[1].EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F1 - win.ini: run=hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HARDWA~1\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\HARDWA~1\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O4 - Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

[TeMerc]

Well, it would seem as tho the tool did indeed remove the infection, are you experiencing any more problems? Let me know.

BTW, all indications are you are up to date with IE. Unsure about any other updates tho, I would check back with windows update page to verify, it automatically scans your pc to tell you what is needed for DLing.

We have 3 more things to do, to help ensure you have removed all the little 'leftovers' which may be hiding:

Empty the TIF (Temporary Internet Files)
Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
The app below will help with temp files.
Index.dat Suite

Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

AdAware SE is a great companion to Spybot, and virtually all security forums recommend they run in tandem.
Ad-aware SE
DL, check for updates and quarantine all that's found.

To further prevent the installation of ad/mal/spyware, DL these two apps, which are becoming the next one-two punch in the fight against ad/mal/spyware with AdAware & Spybot S&D:

Spyware Guard & Spyware Blaster
With Spyware Blaster and Spyware Guard, just DL, check for updates, enable protection, and your done!

To prevent known malware infested sites from loading in IE install IESPY ADS.
And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

And to prevent unknown applications from being installed on your machine inistall WinPatrol.

Tutorials for all the apps I mentioned can be found on my site as well.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Subscribe to update alerts for all the above security apps here.

Happy surfing!!
Tom

If you found our help here worthwhile, and want to further the cause for others, and keep this site running Donate Here.
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog

[hotborg7of9]

Hi TeMerc,

Thanks again for all your help. The about:blank hasn't come back so the fix worked!

I still need to download some of the programs you listed in your last response...there's a lot of stuff there!

The only glitch we have been having is that some windows don't want to open up...certain photo galleries, etc. Even when I disable our PopupStopper I cannot open them ( blank screen comes up ). I think maybe a security setting was altered during the fix process but I'm not sure which to check.

[TeMerc]

Glad we could be of assistance.

I would check under Tools>>Internet Options>>Advanced, see if some of the options there are ticked or unticked.

These IE Tweaks will explain alot of the stuff there and if they should\shouldn't be ticked\unticked.


****THIS TOPIC HAS BEEN RESOLVED AND LOCKED. FOR CONTINUED SUPPORT IN THIS MATTER, PLEASE PM ME, AND I WILL UNLOCK THE TOPIC****THANKS *TEMERC
_________________

Ultimate Countermeasures Page
Calendar Of Updates
Malware Advisor Blog