Hello,
I need some help, i did a system scan with Ad-Aware, also a scan with spybot search and destroy.
And my computer stays infected with the Bifrose.la
I made and HijackThis log, here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:43, on 23-6-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Maxtor\MANAGE~1\OneTouch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.startpagina.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - .DEFAULT User Startup: ogalegit.cmd (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?...H;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?...H;EN-US;KBHOWTO (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: OSM Manager Bar - {BFB5F154-9212-46F3-B547-AC6106030A54} - (no file)
O9 - Extra 'Tools' menuitem: OSM Manager Bar - {BFB5F154-9212-46F3-B547-AC6106030A54} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy2\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 10636 bytes
I also made a ComboFix log, here it is:
ComboFix 08-06-20.4 - Gebruiker 2008-06-23 0:30:51.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1043.18.207 [GMT 2:00]
Gestart vanuit: C:\Users\Gebruiker\Downloads\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Algemene voorwaarden.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Privacybeleid.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Verwijderen.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
C:\setup.exe
c:\Users\Gebruiker\AppData\Local\qcuuoqmuy.dat
c:\users\gebruiker\appdata\local\qcuuoqmuy.exe
C:\Users\Gebruiker\AppData\Local\qcuuoqmuy_nav.dat
C:\Users\Gebruiker\AppData\Local\qcuuoqmuy_navps.dat
C:\Users\Public\Desktop\webmediaplayer.lnk
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-05-22 to 2008-06-22 ))))))))))))))))))))))))))))))
.
2008-06-23 00:09 . 2008-06-23 00:19 <DIR> d-------- C:\Program Files\True Sword 4
2008-06-22 21:08 . 2008-06-22 21:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2
2008-06-22 16:12 . 2008-06-22 16:12 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-06-22 16:12 . 2008-06-22 16:12 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-06-22 15:51 . 2008-06-22 15:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 11:49 . 2008-06-21 11:52 <DIR> d-------- C:\Users\All Users\Lavasoft
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 12:57 --------- d-----w C:\Program Files\OSM Manager Bar
2008-06-21 09:51 --------- d-----w C:\Program Files\Lavasoft
2008-06-21 09:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 12:02 --------- d-----w C:\Program Files\Soulseek
2008-05-12 16:32 --------- d-----w C:\Program Files\IrfanView
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-03 17:23 --------- d-----w C:\Program Files\Retrospect
2008-05-03 17:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 17:19 --------- d-----w C:\Program Files\Maxtor
2008-05-03 17:19 --------- d-----w C:\Program Files\Common Files\Crystal Decisions
2008-05-03 17:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-28 10:32 --------- d-----w C:\Program Files\Winamp
2008-04-28 09:59 --------- d-----w C:\Program Files\Winamp Toolbar
2008-04-28 09:38 --------- d-----w C:\Program Files\Inkscape
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-10 02:12 174 --sha-w C:\Program Files\desktop.ini
2007-08-12 18:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
2007-08-12 18:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
2007-08-12 18:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 01:11 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:56 218032]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-12 22:50 949376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 09:06 40048]
"CTHelper"="CTHELPER.EXE" [2007-02-12 19:47 19456 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 19:47 19968 C:\Windows\System32\Ctxfihlp.exe]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 12:21 563080]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-01-19 10:19 1236992]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 11:52 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 11:53 780312]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-11 10:57 2684280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="C:\Windows\system32\READREG" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ogalegit.cmd]
path=C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ogalegit.cmd
backup=C:\Windows\pss\ogalegit.cmd.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
path=C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
backup=C:\Windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime Alternative\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
--a------ 2007-01-22 13:11 9385504 C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-03-19 00:05 630784 C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-03-16 03:45 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{245ABE2C-4325-40F0-AA48-C851EF454CE6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C11A2955-5423-4F8B-ACC8-6DE3B8D624A6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9738D515-CB84-4631-9DA9-EE76F5742151}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9C6C47ED-B3DF-4B36-AFAB-90612ADCFAA9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{48F00605-5021-47F9-8EAC-6C9C76CE3EBA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{448F6D2E-F6F3-493E-8EB6-1BCC4306AB04}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{AD7DBFEE-2C63-4AE6-8A81-996242533FA8}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1CB15965-0AB1-4C31-A966-3175B7E4BB3A}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{0966A740-6BEC-481B-86F4-36020C994037}"= UDP:5721:LocalSubnet:LocalSubnet|IF={DFCCCBDB-6592-4637-8266-508733A63C2B}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{55363EB3-55A2-455C-BC00-600B8EEB65FB}"= UDP:1034:LocalSubnet:LocalSubnet|IF={DFCCCBDB-6592-4637-8266-508733A63C2B}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{7EE40921-0D93-48F2-BEB0-64087F0DF434}"= UDP:5678:LocalSubnet:LocalSubnet|IF={DFCCCBDB-6592-4637-8266-508733A63C2B}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{79A5F0B9-AD96-40C8-95D7-540DB5B39BD1}"= UDP:999:LocalSubnet:LocalSubnet|IF={DFCCCBDB-6592-4637-8266-508733A63C2B}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{58E28002-2DD9-4142-936F-FA287B98DF3E}"= UDP:26675:LocalSubnet:LocalSubnet|IF={DFCCCBDB-6592-4637-8266-508733A63C2B}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{69233212-28D2-4AF7-82E3-CF4B236481A6}"= UDP:990:LocalSubnet:LocalSubnet|IF={DFCCCBDB-6592-4637-8266-508733A63C2B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{CD915ADC-EF9E-4A07-AE34-758E0A6CB9DA}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{7FD16DD9-9C2B-4DBC-B68C-078D5E2B75DC}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{C1E1360F-76B1-46BF-AA17-96F057F7552E}"= UDP:5721:LocalSubnet:LocalSubnet|IF={F16ACCF6-94D6-4F6D-9F69-9CADB60B1CE1}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{4A58670C-87E9-4305-BA5F-D72B28BB0A3D}"= UDP:1034:LocalSubnet:LocalSubnet|IF={F16ACCF6-94D6-4F6D-9F69-9CADB60B1CE1}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{E077AC54-3E07-48A9-9721-C995C5F37EDD}"= UDP:5678:LocalSubnet:LocalSubnet|IF={F16ACCF6-94D6-4F6D-9F69-9CADB60B1CE1}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{4DBF69C4-319B-4F18-811A-1A8A3496DE18}"= UDP:999:LocalSubnet:LocalSubnet|IF={F16ACCF6-94D6-4F6D-9F69-9CADB60B1CE1}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{BF35AFF9-2D64-4DEF-8CDA-C95A5A2276C7}"= UDP:26675:LocalSubnet:LocalSubnet|IF={F16ACCF6-94D6-4F6D-9F69-9CADB60B1CE1}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{CBF69BD6-B3CC-4F51-A46C-A333D66E983F}"= UDP:990:LocalSubnet:LocalSubnet|IF={F16ACCF6-94D6-4F6D-9F69-9CADB60B1CE1}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{AB3AD489-F78F-4F07-8FB0-616A08A363CA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FB150F0A-3C5E-4FCC-8C52-96CAEC24D9EF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{212E8109-F149-4140-B7FB-962A9BF0690B}C:\\program files\\filezilla client\\filezilla.exe"= UDP:C:\program files\filezilla client\filezilla.exe:FileZilla FTP Client
"UDP Query User{E9BF2093-840A-4026-B3B1-BA11B25D892C}C:\\program files\\filezilla client\\filezilla.exe"= TCP:C:\program files\filezilla client\filezilla.exe:FileZilla FTP Client
"TCP Query User{AF60AB90-6AA2-4BEC-AD3E-B85964BD9936}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{1907F501-F174-4978-93A3-B5E468D70C7A}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{E31A9AF3-85FD-45CB-A2A5-373A60B683AF}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{66EC2B3B-332E-40D0-AF26-9AB8F1AC328D}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{F51460B3-9719-4E53-9DA0-69D551E54E34}C:\\users\\gebruiker\\desktop\\c4cclient.exe"= UDP:C:\users\gebruiker\desktop\c4cclient.exe:c4cclient.exe
"UDP Query User{02457BFC-B07E-4631-95BB-32B3DE211208}C:\\users\\gebruiker\\desktop\\c4cclient.exe"= TCP:C:\users\gebruiker\desktop\c4cclient.exe:c4cclient.exe
"TCP Query User{8D9BEAE4-85F0-4BAE-8D41-1573E41E5DAF}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{981E5A03-3DEC-4150-99E5-BC6E37D8EEE7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{2F95D61F-EA85-4AFA-BD06-FE7ED8C41C9D}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{83349CFE-A3F0-4C9A-BF57-F9C106B18C68}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek
"{8EA26957-20C7-445A-860D-C98D25382B68}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E0F73EA7-5A83-4364-82F9-2DC927928F77}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{FCB60185-F657-489D-ACF5-B62EE9FE3759}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisabledInterfaces"= {DCF90C98-0CB4-4760-B053-9551F4AFB1AB}
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 RapiMgr;Op Windows Mobile gebaseerde apparaatverbinding;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy2\SDWinSec.exe [2008-01-28 11:43]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 WcesComm;Op Windows Mobile 2003 gebaseerde apparaatverbinding;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 04:00]
S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 13:02]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2015d7fd-5696-11dc-8100-0007e948b3b4}]
\shell\Auto\command - UFO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6927ad-d0e0-11dc-8785-d9cb132bebdd}]
\shell\Auto\command - I:\UFO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83ee5ab8-a256-11dc-9aae-0007e948b3b4}]
\shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7d21b7f-7da8-11dc-833b-0007e948b3b4}]
\shell\AutoRun\command - I:\LaunchU3.exe
*Newly Created Service* - CATCHME
.
Inhoud van de 'Gedeelde Taken' map
"2008-06-20 20:03:39 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 00:37:03
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-06-23 0:38:27
ComboFix-quarantined-files.txt 2008-06-22 22:38:20
Pre-Run: 50,603,053,056 bytes beschikbaar
Post-Run: 50,572,034,048 bytes beschikbaar
222 --- E O F --- 2008-06-20 13:14:18
--------------------------------------------------------------------------------------------------------------
Now i hope one of u guyz can help me what to do next.. Thanks in Advance
Greetz Dennis ( sorry for my crappy english ^^)
Full Version: Win32.Bifrose.LA
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hi Dennis
ComboFix should never run if not asked to do so. It's not general removal tool.
Uninstall Spybot for now to make sure TeaTimer won't interfere fixing. You may reinstall it after system is clean
Open notepad and copy/paste the text in the quotebox below into it:
Save this as
CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please download Malwarebytes' Anti-Malware to your desktop.
Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.
If having a problme doing the above
Make sure that your Internet security settings are set to default values.
To set default security settings for Internet Explorer:
* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.
Disable UAC-User Account Control (Please remember to re-enable it afterwards when disinfection is complete):
Make sure the UAC-User Account Control is turned off.
ComboFix should never run if not asked to do so. It's not general removal tool.
Uninstall Spybot for now to make sure TeaTimer won't interfere fixing. You may reinstall it after system is clean
Open notepad and copy/paste the text in the quotebox below into it:
CODE
File::
C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ogalegit.cmd
C:\Windows\pss\ogalegit.cmd.Startup
c:\ufo.exe
i:\ufo.exe
Registry::
[-HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ogalegit.cmd]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2015d7fd-5696-11dc-8100-0007e948b3b4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6927ad-d0e0-11dc-8785-d9cb132bebdd}]
C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ogalegit.cmd
C:\Windows\pss\ogalegit.cmd.Startup
c:\ufo.exe
i:\ufo.exe
Registry::
[-HKLM\~\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ogalegit.cmd]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2015d7fd-5696-11dc-8100-0007e948b3b4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6927ad-d0e0-11dc-8785-d9cb132bebdd}]
Save this as
CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
- Please post contents of that file in your next reply. Post a fresh hjt log (without forgetting above meantioned ComboFix resultant log) too.
Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.
If having a problme doing the above
Make sure that your Internet security settings are set to default values.
To set default security settings for Internet Explorer:
* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.
Disable UAC-User Account Control (Please remember to re-enable it afterwards when disinfection is complete):
- Go to Start > Control Panel
- Double click on the User Account icon
- Then click Disable and validate.
- Now download Navilog1 from one of the following links:
http://pagesperso-orange.fr/il.mafioso/Navifix/Navilog1.exe
or
http://il-mafioso.changelog.fr/Navifix/Navilog1.exe - Right click on the above link and choose Save target as and save it to your Desktop.
- Right-click on navilog1.exe and choose "Run as Administrator" to install it.
Make sure the UAC-User Account Control is turned off.
- Once installation is completed, right-click on Navilog1 shortcut on your Desktop and choose "Run as Administrator".
- On main menu, choose 1
- Follow the instructions and wait.
- Wait for the *** Search completed ….*** message (It may take a reasonable amount of time)
- Press any key as requested.
- A new notepad document will be produced: fixnavi.txt.
- Please copy/paste the contents of this report in your next reply.
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.