• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
MadDog88

Trojans/spyware/adware not deleted by SpybotSD

10 posts in this topic

Firstly, just to mention that I’ve read your Forum FAQ, followed the instructions, and the requested information is below. Any help would be much appreciated as my pc has taken to periodically crashing…

 

Problems:

I do a bit of P2P downloading and have SpybotSD installed. A few weeks ago I started getting more pop-ups than usual (despite the Google toolbar pop-up blocker). These included sites such as:

 

h ttp: //www.beautyscreens.com/jokes.php

h ttp: //uk.ask.com

h ttp: //ads.komli.com

h ttp: //winantivirus.com

h ttp: //www.winantiviruspro.com/pages/landi...097460b7e65289b

h ttp: //winantispyware.com/download/2007/in...097460B7E65289B

h ttp: //rond.starsdoor.com

h ttp: //www.amaena.com/vista/index.php?ax=2...097460b7e65289b

h ttp: //www.partypoker.com/marketing/cm.htm?wm=2819465

h ttp: //adserving.cpxinteractive.com

h ttp: //ad.adtegrity.net

h ttp: //www.yourdebts.co.uk

h ttp: //mydebtsolution.co.uk/ns/ns.asp?se=z...mp;uts9=1050|93

h ttp: //66.179.234.173/images/7030_559678_6364610.htm

h ttp: //www.hollywood.com/?CMP=OTC-gen0507adon

 

bad links disabled. It's not a good idea to post bad working links - this since we don't want anyone to click them and get infected because of them

 

 

to name just a few. I then noticed that SpybotSD had detected a few files, which despite deleting them (using SpybotSD) they were detected again even if I re-ran SpybotSD immediately. These Trojans/spyware/adware included:

 

Command Service: System Service (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService

Command Service: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService\Security

Command Service: Temporary file (File, nothing done)

C:\WINDOWS\system32\atmtd.dll.tmp

Command Service: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv

Command Service: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv

Command Service: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService\\SYSTEM\CurrentControlSet\Services\mchInjDrv

Command Service: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

 

Nat: Settings (Registry value, nothing done)

HKEY_USERS\S-1-5-21-604790127-2102503699-492939690-1006\Software\

Microsoft\Internet Explorer\Desktop\host

Nat: Settings (Registry value, nothing done)

HKEY_USERS\S-1-5-21-604790127-2102503699-492939690-1006\Software\

Microsoft\Internet Explorer\Desktop\id

 

Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)

HKEY_USERS\S-1-5-21-604790127-2102503699-492939690-1006\Software\

Microsoft\aldd

Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Araf15

Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

 

SearchClickAds: Library (File, nothing done)

C:\WINDOWS\cfg32o.dll

SearchClickAds: Library (File, nothing done)

C:\WINDOWS\cfg32s.dll

SearchClickAds: User settings (Registry value, nothing done)

HKEY_USERS\S-1-5-21-604790127-2102503699-492939690-1006\Software\

Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\cfg32.exe

SearchClickAds: Library (File, nothing done)

C:\WINDOWS\cfg32r.dll

SearchClickAds: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\zAbstract

 

Win32.Small.dp: Settings (Registry value, nothing done)

HKEY_USERS\S-1-5-21-604790127-2102503699-492939690-1006\Software\

Microsoft\Internet Explorer\Security\host

 

At this point I also noticed that my Firewall had been turned off (presumably due to one of the infected files named ‘Microsoft.WindowsSecurityCenter.FirewallBypass’). I have since disconnected my pc from the internet, only reconnecting to do the following…

 

What I’ve done so far:

 

Installed and ran Lavasoft Ad-Aware as instructed;

Ran SpybotSD v1.4 as instructed;

 

Installed and ran AVG 7.5 Anti-Spyware (in safe mode) as instructed:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 19:47:23 23/05/2007

 

+ Scan result:

 

C:\WINDOWS\system32\jbojbymt.dll -> Adware.BHO : Cleaned with backup (quarantined).

C:\Program Files\Spybot - Search & Destroy\NNSKYA638.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012384.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012385.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012387.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).

C:\Program Files\Common Files\АрpPatch\lοgonui.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP136\A0018409.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\WINDOWS\system32\dsy.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\WINDOWS\system32\qnztfuip.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\WINDOWS\system32\Аdobe\аti2evxx.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\3Y1W1VJV\rk2[1].exe -> Adware.Relevant : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012383.exe -> Adware.Relevant : Cleaned with backup (quarantined).

C:\WINDOWS\itpb_3.exe -> Adware.Relevant : Cleaned with backup (quarantined).

C:\Documents and Settings\Ellie\Local Settings\Temp\~os56.tmp\rlvknlg.exe -> Adware.RK : Cleaned with backup (quarantined).

C:\WINDOWS\system32\rlvknlg.exe -> Adware.RK : Cleaned with backup (quarantined).

C:\WINDOWS\b116.exe -> Adware.Softomate : Cleaned with backup (quarantined).

C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\UFOJ2JIT\anti4[1].exe -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\mljhffg.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012391.exe -> Adware.WebBuying : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0012392.dll -> Adware.WebBuying : Cleaned with backup (quarantined).

C:\WINDOWS\system32\smpi1\lib67.exe -> Adware.ZQuest : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0010375.exe -> Backdoor.Small.os : Cleaned with backup (quarantined).

C:\WINDOWS\system32\perfc000.dat -> Backdoor.Small.os : Cleaned with backup (quarantined).

C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\xzc37[1].exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\win2F0.tmp.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\win5C.tmp.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\win96.tmp.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).

C:\WINDOWS\system32\smpi1\lib06.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).

C:\Program Files\Spybot - Search & Destroy\leeman.exe -> Downloader.Agent.bnn : Cleaned with backup (quarantined).

C:\Documents and Settings\Daniel\Application Data\Таsks\smss.exe -> Downloader.PurityScan.ej : Cleaned with backup (quarantined).

C:\Program Files\Μіcrosoft.NET\explorer.exe -> Downloader.PurityScan.ej : Cleaned with backup (quarantined).

C:\WINDOWS\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).

C:\Program Files\Spybot - Search & Destroy\CmarP1083.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).

C:\Temp\SB1083.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).

C:\Program Files\Spybot - Search & Destroy\dnsersnd.exe -> Hijacker.Small.cf : Cleaned with backup (quarantined).

C:\WINDOWS\system32\dnsersnd.dll -> Hijacker.Small.cf : Cleaned with backup (quarantined).

C:\Documents and Settings\Daniel\Local Settings\Temp\1B.tmp -> Logger.BZub.if : Cleaned with backup (quarantined).

C:\WINDOWS\system32\drivers\ndis.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned with backup (quarantined).

C:\Documents and Settings\Daniel\Local Settings\Temp\16.tmp -> Proxy.Wopla.ag : Cleaned with backup (quarantined).

C:\WINDOWS\system32\koos.exe -> Proxy.Wopla.ag : Cleaned with backup (quarantined).

C:\WINDOWS\system32\kprof -> Proxy.Wopla.ag : Cleaned with backup (quarantined).

C:\WINDOWS\system32\poof -> Proxy.Wopla.ag : Cleaned with backup (quarantined).

C:\Documents and Settings\Ellie\Cookies\ellie@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.

C:\Documents and Settings\Daniel\Cookies\daniel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Ellie\Cookies\ellie@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Daniel\Cookies\daniel@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.

C:\Documents and Settings\Daniel\Cookies\daniel@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.

C:\WINDOWS\system32\rvalh.dll -> Trojan.Agent.j : Cleaned with backup (quarantined).

C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\H142SZTV\xc60[1].exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\win2D1.tmp -> Trojan.Agent.qt : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\win4C.tmp.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).

C:\Program Files\Outlook Express\qudasufux.dll -> Trojan.BHO.ab : Cleaned with backup (quarantined).

C:\Program Files\Spybot - Search & Destroy\zippy2.exe -> Trojan.BHO.ab : Cleaned with backup (quarantined).

C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\H142SZTV\q3q99[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).

C:\WINDOWS\Temp\win63.tmp.exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).

C:\WINDOWS\RGFuaWVs\l3IRuqpP.vbs -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\wtsisvtr.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\sony[1].exe -> Worm.Zhelatin.cx : Cleaned with backup (quarantined).

C:\WINDOWS\system32\sony.exe -> Worm.Zhelatin.cx : Cleaned with backup (quarantined).

C:\WINDOWS\system32\sony.exe.exe -> Worm.Zhelatin.cx : Cleaned with backup (quarantined).

C:\WINDOWS\system32\windev-60ae-5826.sys -> Worm.Zhelatin.cx : Cleaned with backup (quarantined).

C:\Documents and Settings\Daniel\Local Settings\Temp\13.tmp -> Worm.Zhelatin.dp : Cleaned with backup (quarantined).

C:\WINDOWS\system32\pdp.exe.exe -> Worm.Zhelatin.dp : Cleaned with backup (quarantined).

 

::Report end

 

 

Downloaded and ran HijackThis v1.99.1 as instructed:

 

Logfile of HijackThis v1.99.1

Scan saved at 19:51:24, on 23/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PRISMSVR.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Azureus Installer\Azureus-Installer.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Dell Wireless\PRISMCFG.exe

C:\Documents and Settings\Daniel\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061004

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thehungersite.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=en&s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061004

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [spybot] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe\" /autoupdate /taskbarhide /autofix /autocheck /autoclose

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\utgboudx.dll",realset

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Daniel\LOCALS~1\Temp\winlogon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A9DEADD0-D4DD-4569-9280-8EDA19EBFFAB}: NameServer = 213.246.33.229

O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

 

 

The only processes persistently visible as using the CPU are ‘winlogon.exe’ (User Name: System; CPU: 50; Mem Usage: 4808k) and ‘System Idle Process’ (User Name: System; CPU: 50; Mem Usage: 28k).

 

Occasionally my pc has also 'crashed' by which I mean the screen initially blacks-out and is then replaced by a bright blue screen with white writing stating something along the lines of "Windows has shutdown in order to prevent any damage to your computer. If you have not seen this message before, restart your computer. Otherwise you should contact your system administrator. Dumping memory..." although this is only my loose memory of what it says.

 

Also, after running HijackThis my pc now seems unable to establish an internet connection (I didn't delete anything using HijackThis, just closed it after saving the log, as instructed), although the internet continues to work using a laptop with wireless connection to the same router. :wtf:

 

Hope all this is of some help, sorry if I’ve included any additional, unnecessary information. My level of computer-related knowledge is fairly basic (as you’ve no doubt already realised) so apologies in advance if I have to ask you to talk me through something that is actually quite simple.

 

I realise that you’re doing this as a completely voluntary and altruistic enterprise and as such any assistance would be greatly appreciated. I would really like to avoid having to re-format unless absolutely necessary.

 

Thanks.

Edited by miekiemoes

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.

Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.

So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

 

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

 

Actually, this doesn't suprise me at all... I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.

That's why I want you to install them first!!

 

Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.

Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!

Comodo OR Kerio are FREE firewalls.

 

Understanding and using firewalls

 

Reboot your computer afterwards.

After reboot, perform a full scan with your Antivirus and let it remove anything it is finding. Then reboot once again in order to delete files that were in use previously.

 

Post a new HijackThislog in your next reply - then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Share this post


Link to post
Share on other sites

Hi,

 

Thanks for your help, I really appreciate it. I followed your instructions as far as possible...

 

Anti-Virus

I downloaded and installed AVG Anti-Virus 7.5 with no problems.

 

Firewall

Firstly I downloaded and installed ‘Comodo’. However, after rebooting and running it, all the functions were set to ‘off’ and it would not allow me to select ‘on’. After a few minutes three separate pop-ups appeared:

 

“The Comodo Network Monitor is not active. Reinstalling the application may fix the problem”

“The Comodo Application Monitor is not active. Reinstalling the application may fix the problem”

“The Comodo Application Agent has an incompatible version. Reinstalling the application may fix the problem”

 

Needless to say, reinstalling made no difference and these pop-ups reappeared. As a result I uninstalled Comodo via the ‘Add or Remove Programs’ function on the Control Panel and rebooted.

 

Next I followed your ‘Kerio’ link and downloaded and installed ‘Sunbelt Personal Firewall’ (formerly ‘Sunbelt Kerio Personal Firewall’). However, after rebooting I was greeted with the error message:

 

“Could not start DB server: socket() failed: (10050) A socket operation encountered a dead network..”

 

This message appeared each time I attempted to run the Sunbelt Firewall.

 

Having had no success with the Firewall I ran AVG Anti-Virus, which identified no threats. However, since I can no longer connect to the internet (as I mentioned in my previous post) I was unable to run an update prior to scanning. AVG Anti-Virus informs me that its internal virus database is currently 35 days old.

 

Although my pc was far from functioning normally, my internet connection was working up until I ran Hijack This for the first time (I didn’t delete any of the identified files). This may well be a coincidence but thought I’d better mention it as it had been working okay until that point. I’ve not been able to get it working since. I’ve therefore had to resort to downloading the above applications to a USB stick using another computer and then transferring them to my pc. I know it’s not a problem with the router since I can still access the internet using a laptop with a wireless connection, although on the pc I can no longer access my router management console (by inserting my IP address into IE address bar). Also, when I go to the ‘Network Connections’ icon on the control panel of my pc it is now empty and no longer displays the icon of my ISP.

 

I reran Hijack This although what with the other problems I’m not sure it will be much help to you:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:36:51, on 30/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PRISMSVR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Azureus Installer\Azureus-Installer.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Dell Wireless\PRISMCFG.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061004

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thehungersite.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=en&s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061004

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [spybot] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe\" /autoupdate /taskbarhide /autofix /autocheck /autoclose

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\utgboudx.dll",realset

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Daniel\LOCALS~1\Temp\winlogon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A9DEADD0-D4DD-4569-9280-8EDA19EBFFAB}: NameServer = 213.246.33.229

O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

 

 

Thanks again for your help and time.

Share this post


Link to post
Share on other sites

Hi,

 

I have the bad feeling that malware already damaged a lot here, because you sure are infected. Your first log from AVG Antispyware showed a lot of very nasty infections present and I have the feeling that some legit Windows files are patched by malware as well..

Hope we can restore the damage.. but I cannot guarantee this. Once malware is involved, some damage cannot always be restored and a format and reinstall will still be the best and safest solution.

 

Anyway, we can at least try :)

 

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts and because of an unstable Windows, it may go wrong sometimes.

 

Do next please..

 

* Download SDFix and save it to your Desktop.

 

* Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

* Reboot into Safe Mode`: ( without networking support !)

°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.

Choose Safe Mode from the menu that will appear and press Enter.

DON'T use any other methods than above method to boot into safe mode!

If you cannot boot into safe mode, just perform it in normal mode.

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\utgboudx.dll",realset

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized <== it's a bad idea to let p2p programs startup with Windows

O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Daniel\LOCALS~1\Temp\winlogon.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

Don't worry if you receive an error in HijackThis.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

I need that log later.

 

Now you're back in normal mode..

 

* Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with a new hijackthislog and the log from SDFix (report.txt, present in the SDFix folder).

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

 

You may need more than one reply to post the logs.

Share this post


Link to post
Share on other sites

Hi miekiemoes,

 

Thanks for your rapid response. Having read your post I've not yet done the things you've suggested as I wanted to ask you about it. I realise that my computer is in a bad state and appreciate what you're saying about there being no guarantees even after doing all these repairs that all the problems wil be resolved.

 

Therefore, I know this might be a difficult question to answer but if you were in my position and your computer was this infected (unlikely I know) would you try to clean it or would you just re-format it and re-install everything? The reason I ask is that if cleaning my computer is going to be a long and arduous process that takes up a lot of your time as well as mine, with the possibility of an unsuccessful outcome, maybe I should just accept defeat and re-format?

 

I am willing to take the time to follow all your instructions but as I am not particularly computer-minded I will be guided by your advice.

 

Thanks again.

Share this post


Link to post
Share on other sites

Hi,

 

Therefore, I know this might be a difficult question to answer but if you were in my position and your computer was this infected (unlikely I know) would you try to clean it or would you just re-format it and re-install everything?
If that was my computer - I actually wouldn't think twice and re-format and re-install immediately. This mainly because it's the SAFEST solution. Then I can be sure I can trust the computer again afterwards and no damage will be present.

But I always give the user the choice. Some prefer to clean this up manually, but then they have to accept the fact that they will never be able to trust their system again and the damage that is already present cannot always be repaired since this will be searching for a needle in a haystack to find the right cause (since many malware related leftovers will still be present that scanners won't find and logs won't show).

 

Actually it would be irresponsible from me not telling you how badly infected your system and just post instructions how to clean this. Because at the end, even though malware may be gone, the system may stay compromised. That's why I always make the user aware of this.

 

For example, it happens quite a lot that users post their log from a terrible infected system where keyloggers and other malware (backdoors) are present, gathering passwords and other important data. (which is also the case with your computer). And then we figure out that this computer is actually being used at work or for work, putting the entire company at risk.

If we give instructions to clean this up manually, while we know that in such cases, there's no guarantee that it will be totally clean afterwards and damage may still be present - then this would be irresponsible from us not making the user aware of this. Because this computer may always be a risk in the future because it was/is badly compromised.

You can read an example here.

If we don't tell this, the user may think afterwards everything is ok again, his/her system is secure again while it's not.

 

Most people who don't want to re-format and re-install such terribly infected systems are most of the times people who are only using their computer for games, and surfing where privacy is no priority.

 

If privacy is a priority and you have important data on your system, use this computer for work or at work, you do online banking or any other financial stuff with your computer, then I recommend a format and reinstall.

 

Anyway, whatever you decide, I'll help you.

If you decide to format and re-install, I can give you some useful links how to do this properly :)

Share this post


Link to post
Share on other sites

Hi,

 

Another speedy response, thanks. Based on what you've told me I think re-formatting and re-installing is the best option. I do sometimes use my computer for work stuff/banking so in future I need to know that it's secure.

 

If you could advise me the best way to go about this I would be extremely grateful. I've already backed up my important files.

 

Thanks.

Share this post


Link to post
Share on other sites

That's a good decision. :)

 

Some important notes before you format and reinstall..

Before you format and reinstall, make sure you download the installer for an Antivirus and Firewall first and place them on cd or flashdrive.

This because, during format and reinstall, I recommend you plug out your Internet cable or whatever method you use to connect this computer with the internet. This because, once Windows is reinstalled again and there's internet connection present, you can get reinfected immediately again, this because no protection is present yet.

That's why I also asked to download the installer for an Antivirus and Firewall first and put them on cd/flashdrive.

Once your Windows is installed, then first install your Antivirus and Firewall.

Once they are installed, then connect with the internet and immediately go to Windows updates to download and install all updates.

Then your sytem is ready to use and protected.

 

Read here for instructions how to format and reinstall with screenshots:

 

http://www.michaelstevenstech.com/cleanxpinstall.html

 

Success. :)

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0