Help - Search - Members - Calendar
Full Version: CATLEvents Infected!
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
BuckeyeDave
Nov 10 2004, 04:48 PM
It looks like I'm infected by ATLEvents and I can't get rid of it! I have run HiJack This and fixed all the BHO entires to CATLEvents I can find, but they keep coming back. I disconnected from the network/internet, ran HiJack This, deleted the CATLEvents BHO entry, closed HiJack This. Reopened it, rescanned and the CATLEvents entry was back. Did the same in Safe Mode.

Thanks - Dave

I've run SpyBot S&D 1.3. It finds it but cannot permanently get rid of it. Here's my HiJackThis.log:

Logfile of HijackThis v1.98.2
Scan saved at 10:19:38 AM, on 11/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\WINDOWS\Config\pcutil.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\DocNotify\DocNotify.exe
C:\Program Files\RightFAX\FaxCtrl.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\pawlikb\LOCALS~1\Temp\litucp.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - (no file)
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [*pcutil] C:\WINDOWS\Config\pcutil.exe
O4 - HKLM\..\RunOnce: [*pcutil] C:\WINDOWS\Config\pcutil.exe rerun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: DocNotify.LNK = C:\Program Files\DocNotify\DocNotify.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RightFAX Print-to-Fax Driver.lnk = ?
Bobbi Flekman
Nov 10 2004, 06:45 PM
Hi BuckeyeDave,

Did you post the whole log? It seems rather small.
BuckeyeDave
Nov 10 2004, 07:18 PM
I took off 4 lines that point to our domain. Beyond that, thats the entire log.

I'll run it again and repost.

Thanks,
Dave
BuckeyeDave
Nov 10 2004, 09:27 PM
Here's the 2nd HiJackThis log file, with 4 lines of domain info removed:

I looked for the litucp.dat file specified, but could not find it.

Logfile of HijackThis v1.98.2
Scan saved at 2:38:00 PM, on 11/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\DocNotify\DocNotify.exe
C:\Program Files\RightFAX\FaxCtrl.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Notes\nlnotes.exe
C:\Notes\naldaemn.EXE
C:\Notes\nwrdaemn.EXE
C:\Notes\nupdate.EXE
C:\Notes\namgr.EXE
C:\Notes\nhldaemn.EXE
C:\WINDOWS\System32\W32MKDE.EXE
C:\WINDOWS\Config\pcutil.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\pawlikb\LOCALS~1\Temp\litucp.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - (no file)
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [*pcutil] C:\WINDOWS\Config\pcutil.exe
O4 - HKLM\..\RunOnce: [*pcutil] C:\WINDOWS\Config\pcutil.exe rerun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: DocNotify.LNK = C:\Program Files\DocNotify\DocNotify.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RightFAX Print-to-Fax Driver.lnk = ?
Bobbi Flekman
Nov 11 2004, 01:44 PM
Hi BuckeyeDave,

Run HijackThis, click on "Scan" and check the boxes next to all these items.

R3 - Default URLSearchHook is missing

O2 - BHO: CATLEvents Object - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\pawlikb\LOCALS~1\Temp\litucp.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - (no file)
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - (no file)

O4 - HKLM\..\Run: [*pcutil] C:\WINDOWS\Config\pcutil.exe
O4 - HKLM\..\RunOnce: [*pcutil] C:\WINDOWS\Config\pcutil.exe rerun

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".

Restart your computer in Safe Mode. How do I Safe Boot my computer?

Show hidden files. How do I show hidden files?

Folders and files with a tilde (~), means that there is a file/folder that starts with the six characters in front of the tilde, note that there may be spaces in the name. If there are more than one, please report them back and do not delete!

Delete the following files in red (it could be that they are deleted already):

All Files in C:\Documents And Settings\pawlikb\Local Settings\Temp
C:\WINDOWS\Config\pcutil.exe

Restart your computer and post a new log in this thread. An unedited one please. If I can't see it all, I might not be able to help.
BuckeyeDave
Nov 12 2004, 03:42 PM
Will do. Probably will not get to it until Mon/Tues next week.

Thanks,
Dave
BuckeyeDave
Nov 15 2004, 04:34 PM
Here's the lof:
Logfile of HijackThis v1.98.2
Scan saved at 10:24:53 AM, on 11/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\WINDOWS\Config\pcutil.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\DocNotify\DocNotify.exe
C:\Program Files\RightFAX\FaxCtrl.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: CATLEvents Object - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\ADMINI~1.PAW\LOCALS~1\Temp\litucp.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - (no file)
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [*pcutil] C:\WINDOWS\Config\pcutil.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: DocNotify.LNK = C:\Program Files\DocNotify\DocNotify.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RightFAX Print-to-Fax Driver.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pepperconstruction.com
O17 - HKLM\Software\..\Telephony: DomainName = pepperconstruction.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pepperconstruction.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pepperconstruction.com


In Safe Mode:
I looked in c:\windows\config\ and there was no pcutil.exe, just litucp.tmp. The odd thing about litucp.tmp is that it was constantly changing size. I also looked in Task Mgr and pcutil was defintely monopolizing the CPU. I did a search on pcutil.exe and found c:\windows\prefetch\pcutil.exe -1E177DC8.pf. I deleted that, restarted and ran HijackThis. The log file is displayed above.
Bobbi Flekman
Nov 15 2004, 07:49 PM
Hi BuckeyeDave,

Download Killbox by Option^Explicit. Extract it from the zip file.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

R3 - Default URLSearchHook is missing

O2 - BHO: CATLEvents Object - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\ADMINI~1.PAW\LOCALS~1\Temp\litucp.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - (no file)
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - (no file)

O4 - HKLM\..\Run: [*pcutil] C:\WINDOWS\Config\pcutil.exe

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".

Restart your computer in Safe Mode. How do I Safe Boot my computer?

Show hidden files. How do I show hidden files?

Folders and files with a tilde (~), means that there is a file/folder that starts with the six characters in front of the tilde, note that there may be spaces in the name. If there are more than one, please report them back and do not delete!

Delete the following files in red (it could be that they are deleted already):

All Files in C:\Documents And Settings\ADMINI~1.PAW\Local Settings\Temp

Double-click on Killbox.exe to run it. Click on "Delete on Reboot", in the "Full Path of File to Delete" box, enter C:\WINDOWS\Config\pcutil.exe and click on the button with the white cross in a red circle. You will get a question "File will be Deleted on Next Reboot, Process & Reboot now?", answer "Yes". Let Killbox do it's work.

Post a new log in this thread.
BuckeyeDave
Nov 17 2004, 03:45 PM
The steps you recommended seem to have worked.

Here's the HiJackThis log. The BHOs still load but the computer is running much faster.

Logfile of HijackThis v1.98.2
Scan saved at 9:43:23 AM, on 11/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\Funk Software\Proxy Host\ph32svc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\DocNotify\DocNotify.exe
C:\Program Files\RightFAX\FaxCtrl.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Notes\nlnotes.exe
C:\Notes\naldaemn.EXE
C:\Notes\nwrdaemn.EXE
C:\Notes\nupdate.EXE
C:\Notes\namgr.EXE
C:\Notes\nhldaemn.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: CATLEvents Object - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\ADMINI~1.PAW\LOCALS~1\Temp\litucp.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - (no file)
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: DocNotify.LNK = C:\Program Files\DocNotify\DocNotify.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RightFAX Print-to-Fax Driver.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pepperconstruction.com
O17 - HKLM\Software\..\Telephony: DomainName = pepperconstruction.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pepperconstruction.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pepperconstruction.com
Bobbi Flekman
Nov 18 2004, 08:33 AM
Hi BuckeyeDave,

Use Killbox on c:\Windows\System32\hostx.exe and C:\DOCUME~1\ADMINI~1.PAW\LOCALS~1\Temp\litucp.dat.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

O2 - BHO: CATLEvents Object - {6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} - C:\DOCUME~1\ADMINI~1.PAW\LOCALS~1\Temp\litucp.dat
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - (no file)
O2 - BHO: (no name) - {8109AF33-6949-4833-8881-43DCC232B7B2} - (no file)
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - (no file)

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.