Computing.Net > Forums > Security and Virus > SLOW PC & POP-UP ADS WON'T GO AWAY!

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

SLOW PC & POP-UP ADS WON'T GO AWAY!

Reply to Message Icon
Original Message
Name: MISSENVY45
Date: April 14, 2007 at 20:35:03 Pacific
Subject: SLOW PC & POP-UP ADS WON'T GO AWAY!
OS: XP PRO
CPU/Ram: DUNNO
Model/Manufacturer: DELL DIMENSION 3000
Comment:

I've tried to use everything to stop the pop-ups. i'm using ie7 and firefox both are give me pop-ups every time i visit a page. i've tried adware and avg virus scan. it keeps showing nothing. but the pop-ups are for different sites each time. some even display java in the pop-up telling me about spyware when i click no it opens my browser anyways. please help!!!!!
how do i get rid of this?


Report Offensive Message For Removal


Response Number 1
Name: jabuck
Date: April 14, 2007 at 20:41:02 Pacific
Subject: SLOW PC & POP-UP ADS WON'T GO AWAY!
Reply: (edit)

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.

Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!


Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


Report Offensive Follow Up For Removal

Response Number 2
Name: MISSENVY45
Date: April 15, 2007 at 20:10:45 Pacific
Subject: SLOW PC & POP-UP ADS WON'T GO AWAY!
Reply: (edit)

ok here is the hijack one
Logfile of HijackThis v1.99.1
Scan saved at 8:09:34 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\iruyvnnr.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofi...
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://memory-of.com/Uploads/ImageU...
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe



Report Offensive Follow Up For Removal

Response Number 3
Name: MISSENVY45
Date: April 15, 2007 at 20:30:23 Pacific
Subject: SLOW PC & POP-UP ADS WON'T GO AWAY!
Reply: (edit)

Here is smitfraudfix. i have no clue what to fix or take out could you please help thanks.

SmitFraudFix v2.168

Scan done at 20:12:02.76, Sun 04/15/2007
Run from C:\Documents and Settings\Mia\My Documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mia


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mia\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mia\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection
DNS Server Search Order: 172.16.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6C06E88-BD2F-4C2E-9497-FB5CFAF4DAD1}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6C06E88-BD2F-4C2E-9497-FB5CFAF4DAD1}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F6C06E88-BD2F-4C2E-9497-FB5CFAF4DAD1}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Report Offensive Follow Up For Removal

Response Number 4
Name: jabuck
Date: April 16, 2007 at 14:30:30 Pacific
Subject: SLOW PC & POP-UP ADS WON'T GO AWAY!
Reply: (edit)

Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Post the log located at C:Vundofix.txt.

Run Hijack This,close all browsers and windows except Hijack This, place a check to the left of the following items and press "fix checked":

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\iruyvnnr.dll",setvm

Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Navigate to and delete this file if found:

C:\WINDOWS\system32\iruyvnnr.dll

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces and a new Hijack This log.



Report Offensive Follow Up For Removal

Response Number 5
Name: MISSENVY45
Date: April 17, 2007 at 17:54:35 Pacific
Subject: SLOW PC & POP-UP ADS WON'T GO AWAY!
Reply: (edit)


VundoFix V6.3.19

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 5:20:20 PM 4/17/2007

Listing files found while scanning....

C:\WINDOWS\system32\eemrqbmc.dll
C:\WINDOWS\system32\fdsgblwu.dll
C:\WINDOWS\system32\iruyvnnr.dll
C:\WINDOWS\system32\itppfgdo.dll
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lxdmjods.ini
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\qgapydil.dll
C:\WINDOWS\system32\qylufcgj.dll
C:\WINDOWS\system32\rnnvyuri.ini
C:\WINDOWS\system32\sdojmdxl.dll
C:\WINDOWS\system32\ssttq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\eemrqbmc.dll
C:\WINDOWS\system32\eemrqbmc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fdsgblwu.dll
C:\WINDOWS\system32\fdsgblwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iruyvnnr.dll
C:\WINDOWS\system32\iruyvnnr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\itppfgdo.dll
C:\WINDOWS\system32\itppfgdo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lxdmjods.ini
C:\WINDOWS\system32\lxdmjods.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qgapydil.dll
C:\WINDOWS\system32\qgapydil.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qylufcgj.dll
C:\WINDOWS\system32\qylufcgj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rnnvyuri.ini
C:\WINDOWS\system32\rnnvyuri.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sdojmdxl.dll
C:\WINDOWS\system32\sdojmdxl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 5:43:55 PM 4/17/2007

Listing files found while scanning....

No infected files were found.



Report Offensive Follow Up For Removal


Response Number 6
Name: MISSENVY45
Date: April 17, 2007 at 18:20:50 Pacific
Subject: SLOW PC & POP-UP ADS WON'T GO AWAY!
Reply: (edit)

"Mia" - 07-04-17 18:06:37 Service Pack 2 [SAFE MODE]
ComboFix 07-04-18.V - Running from: C:\Documents and Settings\Mia\Desktop\


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\qpsxaijw.dll
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\hggefed.dll
C:\WINDOWS\system32\iiffdef.dll
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\efccyay.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Mia\Desktop\internet.lnk


((((((((((((((((((((((((((((((( Files Created from 2007-03-17 to 2007-04-17 ))))))))))))))))))))))))))))))))))


2007-04-17 17:52 125,460 --a------ C:\WINDOWS\system32\ocirsurf.dll
2007-04-17 17:20 <DIR> d-------- C:\VundoFix Backups
2007-04-17 16:18 125,460 --a------ C:\WINDOWS\system32\udlrrjir.dll
2007-04-17 16:18 1,365,385 ---hs---- C:\WINDOWS\system32\qttss.bak1
2007-04-16 22:28 <DIR> d-------- C:\Program Files\DATCHICK-8254D9
2007-04-16 22:06 <DIR> d-------- C:\DOCUME~1\Will\APPLIC~1\Google
2007-04-15 20:12 2,210 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-15 20:11 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-15 20:11 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-15 20:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-15 20:11 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-15 20:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-15 20:11 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-13 19:42 125,460 --a------ C:\WINDOWS\system32\yefecsyc.dll
2007-04-13 07:38 <DIR> d-------- C:\Program Files\Windows Defender
2007-04-12 20:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-04-12 20:17 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-12 20:17 <DIR> d-------- C:\DOCUME~1\Mia\APPLIC~1\Lavasoft
2007-04-12 20:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-12 20:01 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-04-12 13:52 <DIR> d-------- C:\Program Files\Electric Rain
2007-04-12 13:51 <DIR> d-------- C:\Data1
2007-04-12 00:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-04-12 00:51 <DIR> d-------- C:\Program Files\Autodesk
2007-04-12 00:45 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-12 00:33 <DIR> d-------- C:\3dsmax9Trial
2007-04-09 21:47 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-24 20:17 360 --ah----- C:\DOCUME~1\Mia\APPLIC~1\hpothb07.dat
2007-03-24 19:15 <DIR> d-------- C:\DOCUME~1\Mia\APPLIC~1\Opera
2007-03-24 00:50 <DIR> d-------- C:\DOCUME~1\Mia\APPLIC~1\Ahead
2007-03-22 15:16 <DIR> d-------- C:\Program Files\Globe7
2007-03-19 08:58 0 --ah----- C:\DOCUME~1\Mia\hpothb07.dat
2007-03-17 02:25 <DIR> d-------- C:\DOCUME~1\Mia\.jIRC


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-17 16:23 -------- d-------- C:\Program Files\java
2007-04-14 16:09 -------- d-------- C:\Program Files\google
2007-04-12 19:54 -------- d--h----- C:\Program Files\installshield installation information
2007-04-09 22:17 -------- d-------- C:\DOCUME~1\Mia\APPLIC~1\limewire
2007-03-24 20:17 511 --ah----- C:\DOCUME~1\Mia\APPLIC~1\hpothb07.tif
2007-03-24 12:04 -------- d-------- C:\Program Files\microsoft works
2007-03-21 20:42 5278 --a------ C:\DOCUME~1\Mia\APPLIC~1\wklnhst.dat
2007-03-17 06:45 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 16:56 -------- d-------- C:\DOCUME~1\Mia\APPLIC~1\sony
2007-03-08 16:25 -------- d-------- C:\Program Files\vstplugins
2007-03-08 16:25 -------- d-------- C:\DOCUME~1\Mia\APPLIC~1\publish providers
2007-03-08 12:48 -------- d-------- C:\Program Files\sony setup
2007-03-08 12:48 -------- d-------- C:\Program Files\sony
2007-03-08 08:48 578048 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:48 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:48 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:49 1843968 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-02 19:00 -------- d-------- C:\DOCUME~1\Mia\APPLIC~1\apple computer
2007-02-28 21:21 335 --a------ C:\WINDOWS\nsreg.dat
2007-02-28 21:21 -------- d-------- C:\Program Files\viewpoint
2007-02-25 11:49 -------- d-------- C:\Program Files\yahoo!
2007-02-08 20:02 30496 --a------ C:\DOCUME~1\Mia\APPLIC~1\gdipfontcachev1.dat
2007-02-05 13:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-30 01:53 12249807 --------- C:\AVG7QT.DAT
2007-01-28 15:23 49152 --a------ C:\WINDOWS\system32\cfperfmon_mx.dll
2007-01-28 05:00 22 --ah----- C:\qpmd8378.bin
2007-01-28 02:38 22 --a------ C:\qpmd8376.bin
2007-01-08 20:28 62 --ahs---- C:\DOCUME~1\Mia\APPLIC~1\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{3903E7D4-9948-4BA5-B954-AE82988C2B0c} C:\WINDOWS\system32\ocirsurf.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{BB697F63-A637-4555-9764-CFD52ED8EA6A} C:\WINDOWS\system32\ssttq.dll [x]
{F9A95281-1C05-44D8-B07A-AA953FD0880E} C:\WINDOWS\system32\mllml.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Video Driver"="C:\\Program Files\\DATCHICK-8254D9\\svchost.exe"
"Windows LSSS Service"="C:\\Program Files\\DATCHICK-8254D9\\svchost.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1168411203.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-17 18:16:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-17 18:16

Logfile of HijackThis v1.99.1
Scan saved at 6:19:38 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DATCHICK-8254D9\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3903E7D4-9948-4BA5-B954-AE82988C2B0c} - C:\WINDOWS\system32\ocirsurf.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BB697F63-A637-4555-9764-CFD52ED8EA6A} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: (no name) - {F9A95281-1C05-44D8-B07A-AA953FD0880E} - C:\WINDOWS\system32\mllml.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Video Driver] C:\Program Files\DATCHICK-8254D9\svchost.exe
O4 - HKLM\..\Run: [Windows LSSS Service] C:\Program Files\DATCHICK-8254D9\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofi...
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://memory-of.com/Uploads/ImageU...
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe



Report Offensive Follow Up For Removal

Response Number 7
Name: jabuck
Date: April 17, 2007 at 19:07:59 Pacific
Subject: SLOW PC & POP-UP ADS WON'T GO AWAY!
Reply: (edit)

If this folder (C:\Program Files\DATCHICK-8254D9) is something you have created just remove this:

Folders to delete:
C:\Program Files\DATCHICK-8254D9

from between the x's in Avenger below.

Please download “Avenger” by swandog46 to your desktop from this link http://swandog46.geekstogo.com/avenger.zip

1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the area between the X"s below to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Files to delete:
C:\WINDOWS\system32\ocirsurf.dll
C:\WINDOWS\system32\udlrrjir.dll C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\yefecsyc.dll
C:\Program Files\DATCHICK-8254D9\svchost.exe

Folders to delete:
C:\Program Files\DATCHICK-8254D9

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply and post a new Hijack This log.

Go to this link, http://www.virustotal.com/en/indexf.html and use the "browse" button to locate these files:

C:\qpmd8378.bin

C:\qpmd8376.bin

Then double click the first file to enter it into the "upload and scan box", click send, then post the results. Continue untill you have checked all the files.You may have to scroll to the right to see the "send" button.


Report Offensive Follow Up For Removal






Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: SLOW PC & POP-UP ADS WON'T GO AWAY!

Comments:
            
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



How often do you use Computing.Net?

Every Day
Once a Week
Once a Month
This Is My First Time!


View Results

Poll Finishes In 4 Days.
Discuss in The Lounge


Extracting multipe lines from file

Cannot reboot W2K

blank hard drive/no bios

Xbox 360 Serial Number

webbased user management

All Posts Awaiting Replies