Sorry for any delays here, we do get very busy on the forums and post sometimes get overlooked. the only thing that gives me some concern about your log is this address
bme-siw.co.uk Before we proceed any further here, can I just stop and ask do you know this address? Infromation on this address is very little but it does points towards a company called Skylark Technology.Com Limited which was registered in Middx. Can you indicate what signs are you getting that make you feel that a trojan is present.
The BME SIW address is from the company I used to work for so this is not anything suspicious. The problems i am having really revolve around Norton shuting down its realtime protection. Also when I shut the lid on my Laptop and then start up again it comes up with expolorer closing down. Then the whole thing half resets itself and the norton icon disappears from the bottom right hand side icon list. the only other thing is that when it was idle the cpu was at 0 now it seems to range from 8 to 30 % all the time.
Thanks for getting back to me, any help greatfully recieved.
Howdy there, May I suggest that you either print out these instructions or save them as a text file with Notepad or your default text editor to your desktop as we will be restarting into Safe Mode later on in the fix
Lets update your Java
Go to
start menu - select
run - type in
appwiz.cpl, now remove all entries entitled
JS2 or
JS2E (there's usually more than one entry)
Go
here and download and install
JRE 5.0 Update 7. Click the link that says
Download JRE 5.0 Update 7. You will then need to select
Accept License Agreement and click the
Continue button that is beside it. Then click the link that says
Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click
jre-1_5_0_07-windows-i586-p.exe to start the install.
1. Double click on the file to start the installation of the program.
2. Select your language and click
OK, then next.
3. Read the license agreement and click
I Agree.
4. Click
next to use the default install location. Click
Install then finish to complete installation.
5. Double click the
CCleaner shortcut on the desktop to start the program.
6. On the "
Windows" tab, under "
Internet Explorer", uncheck "
Cookies" if you do not want them deleted. (
If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
7. If you use either the
Firefox or
Mozilla browsers, the box to uncheck for "
Cookies" is on the
Applications tab, under
Firefox/Mozilla.
8. Click on "
Options" at the top of the window, then click on the "
advanced" button.
9. Deselect "
Only delete files in Windows Temp folders older than 48 hours". Click on "
OK".
10.Click
Run Cleaner to run the program.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click
Exit
Now lets run a scan with Ewido
Please download and install
Ewido anti-spyware tool Close all other Applications Select language click Ok
Click I Agree
Click next
Click Install
Click Finish
Wait Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
This in very important to get updates
When updating has finished. Close Ewido.
Please re-start your computer in safe mode - You may want to print the rest of these instructions from here onwards
To do so, reboot your computer and repeatedly tap the F8 whilst your computer is booting up (just before the MS Windows flag screen appears) until a menu appears. Once you see the menu select the option to start the computer in safe mode. (It might take more than go to access the menu if you have not done this before, just simply reboot the machine again and repeat the steps)
Open Ewido
Click on scanner top of
Ewido sceen
Click on
Settings Under
How to Act click on Recommended Action choose
Quarantine Under
How to scan all boxes should be selected
Under
Possibly unwanted software all boxes should be selected
On right side under
Reports: click on
Automatically generate report after every scan. Under
What to scan select scan
every file Click On
scan Tab
Click on
Complete system scan Let the program scan the machine It can take awhile give it time.
When scan has finished At bottom of screen click
Apply all Actions Click
Save report Click
Save Report as (Save as window's screen should pop up.)
Click
desktop Click
Save Exit ewido
Now post the log file on to me here as a reply - Let me know how things are running now, Thanks
Did as you asked except the java bit. Ewido found a trace of :
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
Although it says it has been quarintined it hasn't and each time I scan for this section it finds the same file again. I also ran Spyware Doctor which found:
Trojan.Downloader.Small.CQB C:\WINDOWS\system32\compstui.dll. It said it would need to restart the computer to remove it. But the file is still there, from the properties it looks like it was created when I got the machine so a bit puzzled?
While I was in safe mode I also ran Norton although it was going through the files it was not counting them which also sounds a bit dodgy. I have a lot of corporate (Free) software and lots of personnel stuff so I don't really want to reformat. It has also just updated itself and dropped the norton icon again !
compstui.dll is a legit part of windows, this could possibly be a fasle positive from Spyware Doctor, but it is better for us to check this out than for me to make self assumptions. can you navigate to the file, click on it once to highlight it, then just hold your mouse over the file so it shows the tool tips. from this can you tell me the company name, file version, and size.
Ide like to run a deeper scan with a tool called winpfind.
locate and download
winpfind and extract it to a folder on your C:\ Drive
Navigate to the C:\WinPFind directory and click the file called WinPFind.exe .to open it
Once it is open, click on the Start Scan button and wait for it to finish.
This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.
When it is done, it will show the results of the scan.
Click on the Copy to Clipboard button
Paste the contents of the log in your clipboard to a Notepad file on your desktop. This may not fit into one post so you may need to split the reply up into 2 or maybe three parts and dont forget to let me know the results from the file check
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %System%\Drivers folder and sub-folders...
PTech 03/08/2004 23:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
30/06/2006 22:55:34 S 2048 C:\WINDOWS\BOOTSTAT.DAT
30/06/2006 22:55:36 S 64 C:\WINDOWS\CSC\00000001
11/05/2006 19:22:32 H 0 C:\WINDOWS\INF\oem35.inf
14/05/2006 11:21:52 S 13309 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
05/05/2006 15:22:46 S 12227 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914389.cat
29/05/2006 17:16:00 S 23751 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18/05/2006 08:15:12 S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
04/05/2006 18:37:36 S 7898 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917734.cat
01/06/2006 21:28:56 S 11043 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
23/05/2006 17:27:00 S 7160 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
23/05/2006 17:27:00 S 7160 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\_000000_.cat
01/07/2006 20:41:52 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
30/06/2006 22:55:34 H 8192 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
01/07/2006 20:41:22 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
01/07/2006 21:05:00 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
01/07/2006 21:01:28 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
14/06/2006 15:31:42 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
30/06/2006 22:55:36 H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 04/08/2004 01:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04/08/2004 01:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04/08/2004 01:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04/08/2004 01:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 01:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 01:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 20/09/2005 09:35:12 77824 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 04/08/2004 01:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 01:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 01:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 01:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 19/11/2003 17:48:12 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 19/03/2004 17:38:44 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 04/08/2004 01:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 19/03/2004 17:40:24 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 04/08/2004 01:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 01:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 19/03/2004 17:41:00 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 04/08/2004 01:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 01:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel(R) Corporation 06/08/2003 15:59:06 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Apple Computer, Inc. 23/09/2004 19:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
SigmaTel Inc. 09/04/2003 22:13:02 81920 C:\WINDOWS\SYSTEM32\STAC97.cpl
Microsoft Corporation 04/08/2004 01:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 19/03/2004 17:43:36 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 04/08/2004 01:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 01:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 20/08/2004 15:53:06 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0015\DriverFiles\igfxcpl.cpl
Intel Corporation 20/08/2004 15:53:06 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0018\DriverFiles\igfxcpl.cpl
Intel Corporation 20/09/2005 09:35:12 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0019\DriverFiles\igfxcpl.cpl
������������������������ Scan Complete ����������������������������������
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 01/07/2006 21:10:47
I am feeling a bit like Alice, If you could tell me what it all means, Mmmmm maybe not. A little knowledge . . . . . .
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
The main winpfind scan has shown that you are clear in that department, the file details that you sent over to me are correct, this indicates that this file is most likely to be clean, if it was infected then I would expect the file size would be bloated and show up incorrect. Just to double check this I want you to submit the file for analysis at virus total.
Click on the
browse button and navigate to the file below, once you have located this file press the
send button and wait for the file to be scanned for any viruses. Copy and paste the results off the web page from the scan, save them and let me know the results in the next post.
File to submit --> C:\WINDOWS\system32\
compstui.dll
Can I ask do you have the full scan results of ewido, if not can you reboot into safe mode and rescan saving the whole of the log and post it here, you may have to split the results up into 2 or even 3 seperate parts.
This was done in safe mode but this time it didn't find anything at all. I don't seem to be able to generate the pages of report I think you are expecting? Ihave had a look at the settings but there doesn't seem to be anything to change. Any suggestions?
I scanned the file compstui.dll and it came back all clear.
Thats great In The Dark Mark - a short log means nothing nasty :)
Ide like you to run a further scan at kaspersky online as a final check. This will take some time to run through - maybe an hour or more
Please use internet explorer for the scan
Visit
Kaspersky Anti-Virus Online scanner
Click on the
Kaspersky Online Scanner Button (The first button)
A new window will now open
Accept the agreement by clicking on the
accept button at the bottom of the agreement page
It will now install an active x compenent into your browser
Once done it iwll automatically start downloading the virus definitions, once it has done click on the
next button
Now click on
Scan Settings In the scan settings make that the following are selected:
--> Scan using the following Anti-Virus database: --> Extended (If available otherwise Standard) --> Scan Options: --> Scan Archives --> Scan Mail Bases
Click
OK Now under select a target to scan select
My Computer The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the
Save as Text button:
Save the file to your desktop.
Cooolers
18 Posts
0
June 27th, 2006 16:00
Hi,
Please tell me something .. Do you expect someone to go thro that ??? I tried but not able to figure out anything ...
Dorian05
220 Posts
0
June 28th, 2006 03:00
Sorry for any delays here, we do get very busy on the forums and post sometimes get overlooked. the only thing that gives me some concern about your log is this address bme-siw.co.uk Before we proceed any further here, can I just stop and ask do you know this address? Infromation on this address is very little but it does points towards a company called Skylark Technology.Com Limited which was registered in Middx. Can you indicate what signs are you getting that make you feel that a trojan is present.
Thanks - Dorian
In The Dark Mar
17 Posts
0
June 28th, 2006 06:00
Hi D
The BME SIW address is from the company I used to work for so this is not anything suspicious. The problems i am having really revolve around Norton shuting down its realtime protection. Also when I shut the lid on my Laptop and then start up again it comes up with expolorer closing down. Then the whole thing half resets itself and the norton icon disappears from the bottom right hand side icon list. the only other thing is that when it was idle the cpu was at 0 now it seems to range from 8 to 30 % all the time.
Thanks for getting back to me, any help greatfully recieved.
Mark
Dorian05
220 Posts
0
June 28th, 2006 19:00
Lets update your Java
Go to start menu - select run - type in appwiz.cpl, now remove all entries entitled JS2 or JS2E (there's usually more than one entry)
Go here and download and install JRE 5.0 Update 7. Click the link that says Download JRE 5.0 Update 7. You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-1_5_0_07-windows-i586-p.exe to start the install.
Download Ccleaner from HERE
1. Double click on the file to start the installation of the program.
2. Select your language and click OK, then next.
3. Read the license agreement and click I Agree.
4. Click next to use the default install location. Click Install then finish to complete installation.
5. Double click the CCleaner shortcut on the desktop to start the program.
6. On the " Windows" tab, under " Internet Explorer", uncheck " Cookies" if you do not want them deleted. ( If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
7. If you use either the Firefox or Mozilla browsers, the box to uncheck for " Cookies" is on the Applications tab, under Firefox/Mozilla.
8. Click on " Options" at the top of the window, then click on the " advanced" button.
9. Deselect " Only delete files in Windows Temp folders older than 48 hours". Click on " OK".
10.Click Run Cleaner to run the program.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit
Now lets run a scan with Ewido
Please download and install Ewido anti-spyware tool
Close all other Applications Select language click Ok
Click I Agree
Click next
Click Install
Click Finish
Wait Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
This in very important to get updates
When updating has finished. Close Ewido.
Please re-start your computer in safe mode - You may want to print the rest of these instructions from here onwards
To do so, reboot your computer and repeatedly tap the F8 whilst your computer is booting up (just before the MS Windows flag screen appears) until a menu appears. Once you see the menu select the option to start the computer in safe mode. (It might take more than go to access the menu if you have not done this before, just simply reboot the machine again and repeat the steps)
Open Ewido
Click on scanner top of Ewido sceen
Click on Settings
Under How to Act click on Recommended Action choose Quarantine
Under How to scan all boxes should be selected
Under Possibly unwanted software all boxes should be selected
On right side under Reports: click on Automatically generate report after every scan.
Under What to scan select scan every file
Click On scan Tab
Click on Complete system scan
Let the program scan the machine It can take awhile give it time.
When scan has finished At bottom of screen click Apply all Actions
Click Save report
Click Save Report as (Save as window's screen should pop up.)
Click desktop
Click Save
Exit ewido
Now post the log file on to me here as a reply - Let me know how things are running now, Thanks
In The Dark Mar
17 Posts
0
June 30th, 2006 21:00
Hi D
Did as you asked except the java bit. Ewido found a trace of :
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
Although it says it has been quarintined it hasn't and each time I scan for this section it finds the same file again. I also ran Spyware Doctor which found:
Trojan.Downloader.Small.CQB C:\WINDOWS\system32\compstui.dll. It said it would need to restart the computer to remove it. But the file is still there, from the properties it looks like it was created when I got the machine so a bit puzzled?
While I was in safe mode I also ran Norton although it was going through the files it was not counting them which also sounds a bit dodgy. I have a lot of corporate (Free) software and lots of personnel stuff so I don't really want to reformat. It has also just updated itself and dropped the norton icon again !
Any suggestions greatfully recieved.
Cheers
M
Dorian05
220 Posts
0
July 1st, 2006 05:00
compstui.dll is a legit part of windows, this could possibly be a fasle positive from Spyware Doctor, but it is better for us to check this out than for me to make self assumptions. can you navigate to the file, click on it once to highlight it, then just hold your mouse over the file so it shows the tool tips. from this can you tell me the company name, file version, and size.
Ide like to run a deeper scan with a tool called winpfind.
locate and download winpfind and extract it to a folder on your C:\ Drive
Navigate to the C:\WinPFind directory and click the file called WinPFind.exe .to open it
Once it is open, click on the Start Scan button and wait for it to finish.
This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.
When it is done, it will show the results of the scan.
Click on the Copy to Clipboard button
Paste the contents of the log in your clipboard to a Notepad file on your desktop. This may not fit into one post so you may need to split the reply up into 2 or maybe three parts and dont forget to let me know the results from the file check
Thanks - Dorian
In The Dark Mar
17 Posts
0
July 1st, 2006 19:00
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
PEC2 19/03/2004 17:35:10 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 26/10/2004 23:38:24 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 26/10/2004 23:38:24 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 23/05/2006 17:26:00 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 09/06/2006 02:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 09/06/2006 02:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/08/2004 01:56:38 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04/08/2004 01:56:46 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 19/03/2004 17:44:18 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
PTech 23/05/2006 17:25:52 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe
PTech 03/08/2004 23:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
30/06/2006 22:55:34 S 2048 C:\WINDOWS\BOOTSTAT.DAT
30/06/2006 22:55:36 S 64 C:\WINDOWS\CSC\00000001
11/05/2006 19:22:32 H 0 C:\WINDOWS\INF\oem35.inf
14/05/2006 11:21:52 S 13309 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
05/05/2006 15:22:46 S 12227 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914389.cat
29/05/2006 17:16:00 S 23751 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18/05/2006 08:15:12 S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
04/05/2006 18:37:36 S 7898 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917734.cat
01/06/2006 21:28:56 S 11043 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
23/05/2006 17:27:00 S 7160 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
23/05/2006 17:27:00 S 7160 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\_000000_.cat
01/07/2006 20:41:52 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
30/06/2006 22:55:34 H 8192 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
01/07/2006 20:41:22 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
01/07/2006 21:05:00 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
01/07/2006 21:01:28 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
14/06/2006 15:31:42 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
30/06/2006 22:55:36 H 6 C:\WINDOWS\Tasks\SA.DAT
Microsoft Corporation 04/08/2004 01:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04/08/2004 01:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04/08/2004 01:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04/08/2004 01:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 01:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 01:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 20/09/2005 09:35:12 77824 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 04/08/2004 01:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 01:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 01:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 01:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 19/11/2003 17:48:12 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 19/03/2004 17:38:44 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 04/08/2004 01:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 19/03/2004 17:40:24 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 04/08/2004 01:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 01:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 19/03/2004 17:41:00 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 04/08/2004 01:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 01:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel(R) Corporation 06/08/2003 15:59:06 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Apple Computer, Inc. 23/09/2004 19:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
SigmaTel Inc. 09/04/2003 22:13:02 81920 C:\WINDOWS\SYSTEM32\STAC97.cpl
Microsoft Corporation 04/08/2004 01:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 19/03/2004 17:43:36 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 04/08/2004 01:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 01:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 20/08/2004 15:53:06 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0015\DriverFiles\igfxcpl.cpl
Intel Corporation 20/08/2004 15:53:06 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0018\DriverFiles\igfxcpl.cpl
Intel Corporation 20/09/2005 09:35:12 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0019\DriverFiles\igfxcpl.cpl
In The Dark Mar
17 Posts
0
July 1st, 2006 19:00
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Spyware Doctor "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
system.ini 0
win.ini 0
bootini 0
services 0
startup 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
{17492023-C23A-453E-A040-C7C580BBF700} 1
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
dontdisplaylastusername 1
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
NoDriveTypeAutoRun 145
DisableRegistryTools 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
= cryptnet.dll
= cscdll.dll
= igfxdev.dll
= C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
= C:\WINDOWS\system32\NavLogon.dll
= wlnotify.dll
= wlnotify.dll
= sclgntfy.dll
= WlNotify.dll
= wlnotify.dll
= WgaLogon.dll
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
AppInit_DLLs
������������������������ Scan Complete ����������������������������������
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 01/07/2006 21:10:47
In The Dark Mar
17 Posts
0
July 1st, 2006 19:00
30/06/2006 22:56:14 2335 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
20/03/2004 12:58:38 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
18/10/2004 21:33:04 493 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
01/11/2004 14:41:58 1736 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
10/11/2004 15:25:40 1524 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
20/03/2004 12:50:30 HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
13/03/2006 11:53:18 9 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
28/02/2006 21:12:52 38341 C:\Documents and Settings\m_whitham\Application Data\Comma Separated Values (Windows).ADR
09/01/2006 19:21:50 20336 C:\Documents and Settings\m_whitham\Application Data\GDIPFONTCACHEV1.DAT
25/11/2002 12:13:08 37739 C:\Documents and Settings\m_whitham\Application Data\Microsoft Excel.ADR
01/11/2004 20:21:00 27214 C:\Documents and Settings\m_whitham\Application Data\Personal Address Book.ADR
SV1 =
VNIE5 RefIE5 = IEAK
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
Adobe PDF Conversion Toolbar Helper = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\system32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Links
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
Apoint C:\Program Files\Apoint\Apoint.exe
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Dell QuickSet C:\Program Files\Dell\QuickSet\quickset.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
DataLayer C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
PCSuiteTrayApplication C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
IntelZeroConfig C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
IntelWireless C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
Acrobat Assistant 7.0 "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
igfxtray C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd C:\WINDOWS\system32\hkcmd.exe
igfxpers C:\WINDOWS\system32\igfxpers.exe
!ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
In The Dark Mar
17 Posts
0
July 1st, 2006 19:00
Microsoft Corporation
Version: 5.1.2600.2180
Created:1/11/2004 16:22
Dorian05
220 Posts
0
July 2nd, 2006 06:00
Thanks - Dorian
Dorian05
220 Posts
0
July 2nd, 2006 17:00
The main winpfind scan has shown that you are clear in that department, the file details that you sent over to me are correct, this indicates that this file is most likely to be clean, if it was infected then I would expect the file size would be bloated and show up incorrect. Just to double check this I want you to submit the file for analysis at virus total.
I would advise that you use Internet Explorer Browser for this task
Navigate to virus total --> http://www.virustotal.com/en/indexf.html
Click on the browse button and navigate to the file below, once you have located this file press the send button and wait for the file to be scanned for any viruses. Copy and paste the results off the web page from the scan, save them and let me know the results in the next post.
File to submit --> C:\WINDOWS\system32\ compstui.dll
Can I ask do you have the full scan results of ewido, if not can you reboot into safe mode and rescan saving the whole of the log and post it here, you may have to split the results up into 2 or even 3 seperate parts.
Thanks - Dorian
In The Dark Mar
17 Posts
0
July 3rd, 2006 19:00
Hi D
BIt confused here, below is the Ewido report, but it is only a few lines:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 19:21:12 03/07/2006
+ Scan result:
Nothing found.
::Report end
This was done in safe mode but this time it didn't find anything at all. I don't seem to be able to generate the pages of report I think you are expecting? Ihave had a look at the settings but there doesn't seem to be anything to change. Any suggestions?
I scanned the file compstui.dll and it came back all clear.
Let me know what ya's thinkin.
Cheers
M
Dorian05
220 Posts
0
July 4th, 2006 06:00
Ide like you to run a further scan at kaspersky online as a final check. This will take some time to run through - maybe an hour or more
Please use internet explorer for the scan
Visit Kaspersky Anti-Virus Online scanner
Click on the Kaspersky Online Scanner Button (The first button)
A new window will now open
Accept the agreement by clicking on the accept button at the bottom of the agreement page
It will now install an active x compenent into your browser
Once done it iwll automatically start downloading the virus definitions, once it has done click on the next button
Now click on Scan Settings
In the scan settings make that the following are selected:
--> Scan using the following Anti-Virus database:
--> Extended (If available otherwise Standard)
--> Scan Options:
--> Scan Archives
--> Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Now post the results back to me.
Regards - Dorian
In The Dark Mar
17 Posts
0
July 4th, 2006 17:00
Hi D,
Seems to be a fault on the kaspersky scanner page so I will try again later.
Cheers
Mark