Jump to content

Change Mode

Recommended Posts

Here is my HJT log posted from my notepad. I did already clean my computer with Grisoft, Ad-Aware and Spybot but every time I reboot this trojan comes back. Please help me. If I need to reboot and then post my hjt log, let me know. The trojan that is causing all this problem is:

Trojan Downloader.Qoologic.J file infected: aqwmah.exe

Trojan Downloader.Qoologic.K file infected: qpozqc.dll

 

 

 

 

 

 

Logfile of HijackThis v1.99.0

Scan saved at 4:53:02 PM, on 01/13/2005

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\ATICWD32.EXE

C:\WINDOWS\SYSTEM\ATITASK.EXE

C:\WINDOWS\STARTER.EXE

C:\WINDOWS\GWHOTKEY.EXE

C:\WINDOWS\SYSTEM\HPSJVXD.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\OPWARE32.EXE

C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\opware16.exe

C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE

C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDATE.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE

C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE

C:\PROGRAM FILES\COMMON FILES\KODAK\KODAK_DR\KODAKCCS.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\WINDOWS\RunDLL.exe

C:\MONEY\SYSTEM\REMINDER.EXE

C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IOWATCH.EXE

C:\GREETING\GWREMIND.EXE

C:\MSOFFICE\OFFICE\OSA.EXE

C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE

C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

C:\WINDOWS\FSSCRCTL.EXE

C:\SIERRA\PLANNER\PLNRNOTE.EXE

C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE

C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe

O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro80\opware32.exe

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE

O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask

O4 - HKLM\..\Run: [KodakCCS] C:\Program Files\Common Files\KODAK\KODAK_DR\KodakCCS.exe --pdr: "C:\Program Files\Common Files\KODAK\KODAK_DR\dcmnter.pdr"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service

O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU\..\Run: [Reminder] C:\Money\System\reminder.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"

O4 - Startup: Iomega Watch.lnk = C:\Program Files\Iomega\Tools\IOWATCH.EXE

O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.exe

O4 - Startup: Greetings Workshop Reminders.lnk = C:\Greeting\GWREMIND.EXE

O4 - Startup: Office Startup.lnk = C:\MSOffice\Office\OSA.EXE

O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.exe

O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe

O4 - Startup: intpih.exe

O4 - Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\Planner\PLNRnote.exe

O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://home.microsoft.com/search/lobby/searchsettings.cab

O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://vivo.real.com/dldv2/vvweb.cab

O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.microsoft.com/activex/contr...eb/ikcntrls.cab

O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab

O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.pleasantholidays.com/downloads/plugins/svideo.cab

O16 - DPF: Serome Web2Phone - http://dialpad.com/applet/vscp.cab

O16 - DPF: {86F622BC-EF88-458C-9E74-E2574B6875A5} (ChrtCtl Class) - http://fdl.msn.com/public/investor/v8/0326/investor.cab

O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} - http://download.mcafee.com/molbin/clinic/v...an/mgavinst.cab

O16 - DPF: {55DCF357-7B34-11D2-8119-20ABFD000000} (eCHARGE ActiveX Shell Control) - ftp://ftp.echarge.com/pub/ec32_english_us_200.cab

O16 - DPF: {99B42120-6EC7-11CF-A6C7-00AA00A47DD2} (Label Object) - http://activex.microsoft.com/controls/iexp...x86/ielabel.cab

O16 - DPF: {340A0150-9DC7-11D3-9A01-005004677EF4} (Mcafee PC Clinic Edisk Class) - http://download.mcafee.com/molbin/Clinic/Edisk/edisk.cab

O16 - DPF: {4AE3239D-18C5-11D3-9634-0060080A3AB6} (McAfee PC Clinic System Information Class) - http://download.mcafee.com/molbin/Clinic/sysinfo/sicomp.cab

O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab

O16 - DPF: {D30CAFF0-087B-11D3-82D8-006094695CEC} (McAfee PC Clinic FaManager Class) - http://download.mcafee.com/molbin/Clinic/F...eck/mgfactl.cab

O16 - DPF: {6C636F50-7EB2-11D2-883C-CA8C113EA37E} (McAfee Clinic QuickClean Class) - http://download.mcafee.com/molbin/Clinic/C...ean/MGqcctl.cab

O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://www.expressit.com/Plugin/3DGreetings/PlayerX.CAB

O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nm1228.cab

O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {09C1A291-8E2A-11D0-BB0B-00AA001F4283} (Pinger Class) - http://www.pcpitstop.com/Ping.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {C97AF44D-92C4-11D3-A53B-005004678019} (McAfee Clinic Cleaner Control Class) - http://download.mcafee.com/molbin/Clinic/c...ore/clnctrl.cab

O16 - DPF: {41453CC4-288E-11D3-A53B-005004678019} (McAfee AppClean Appclean Class) - http://download.mcafee.com/molbin/Clinic/c...an/appclean.cab

O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Ctp Class) - http://www.americangreetings.com/create/Install/AxCtp.cab

O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...83/mcinsctl.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,20/mcgdmgr.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp...23/cpbrkpie.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

Link to post
Share on other sites

Please go here and download Find_qoologic.zip by baskar1234. Unzip the folder and go to the new qoologic folder and doubleclick on qoologic.bat to run it. It will take a few minutes to scan your drive so be patient. When it has finished, open My Computer, doubleclick on C: and copy and paste the contents of the below logs in this thread.

 

C:\log.txt

C:\win.txt

C:\start.txt

Link to post
Share on other sites

Thank you crunchie for responding to my problem. I did as you said and the only file that had any information on it was the log.txt file. The other two, win.txt and start.txt didn't have anything posted in them. Anyways, here is the log.txt file. I am so stumped. Now it seems like I am infested with a coolwebsearch trojan but I run the cwshredder and it doesn't find anything. There is a popup coming up all the time called clkoptimizer. I'm so frustrated. I will wait for your reply.

 

 

 

ECHO is off

 

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Files Found in system Folder............

------------------------

 

Files Found in all users startup Folder............

------------------------

Link to post
Share on other sites

Hmmmm. No files there at all??

 

Try this.

 

Go here and download FindIt.zip to your Desktop, unzip it and open the FindIt folder and doubleclick on find.bat. Let it run (please be patient, it will take a few minutes) and when it has finished gathering info, it will generate a file called Output.txt. Please copy it and paste it back in this thread.

 

Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.

Link to post
Share on other sites

That output looks like the changelog from the old version :). You may have to go back and make certain you downloaded the right one.

 

http://www.silentrunners.org/Silent%20Runners.vbs right click and save as.

 

With Findit, you definitely hit the bat file? The one with the gear icon. Never heard of the registry editor opening when running it before.

Edited by crunchie
Link to post
Share on other sites

I do not know what happened, but somehow you have managed to post Silent Runners' actual contents :). If you right click on silent runners and choose open with notepad, that is what you will see.

Wierd.

Find_it is NT, W2K and Xp only. My bad.

 

Try a different tack.

 

Please download the following programs:

 

Kill2Me from here

VX2Finder http://www.greyknight17.com/spy/VX2Finder.exe

Hoster http://members.aol.com/toadbee/hoster.zip

KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip

DllCompare http://www.downloads.subratam.org/DllCompare.exe

 

Please follow the steps below:

 

1. Run Kill2Me.

 

2. Run VX2Finder and click on the Find VX2.BetterInternet button. Click Make Log and post the log here.

 

3. Now download/run the following uninstaller:

 

Look2Me Uninstaller http://www.look2me.com/cgi-bin/UnInstaller

 

4. Run DllCompare now and click on the Locate.com button. Wait a few seconds and then click on the Compare button. Let it run, then click on 'Make a log of what was found'. Post that log here.

Link to post
Share on other sites

Here is the DLL log file:

 

* DLLCompare Log version()

Files Found that Windows does not See or cannot Access

*Not everything listed here means you are infected!

________________________________________________

 

O^E says: "There were no files found :)"

________________________________________________

 

913 items found: 913 files, 0 directories.

Total of file sizes: 159,956,200 bytes 152.54 M

 

--------------------End log---------------------

Link to post
Share on other sites

http://downloads.subratam.org/VX2Finder9x(126).exe

 

L2M files are slightly different in 9x,

1.) Scan with the finder, select files it finds and delete them.

2.) During the deletion the utility will end both Rundll32 & explorer.exe processes, so when all files are gone.

3.) Click the restore desktop button to get the desktop back.

4.) Click UserAgent$ to delete last registry item.

5.) Clear the contents of your C:\Windows\Temp folder

 

please post an hijackthis log after.

Link to post
Share on other sites

I am trying to do as you have posted but I am having really bad problems with my computer and I am fearful that the more I do and add to my computer the worse it acts. I ran adware again and it found

 

C:WINDOWS\NABUNE.DLL and C:WINDOWS\GROGW.EXE

 

are both infected with the CoolWebSearch and VX2 but I ran both the CWShredder and the add on for VX2 in Adware and it trys to delete them but my computer freezes up and so I scan again and it freezes again.

 

I am still infected with the Downloader.Qoologic J and K too, AVG heals it and it reappears.

 

I don't know what is wrong with my computer but I thought I was in safe mode, I was not. So I rebooted into safe mode and tried to clean it with AVG and ADware and Spybot. It shuts down or locks up says there is an internal error, like I said I will keep trying to do what you said. So far nothing is working and I am frustrated.... so if I don't post for a while, just know that I am doing what you say but my computer isn't cooperating. Thank you for helping me and sorry this is so long.

Link to post
Share on other sites

You should not have any programs runing from a Temp folder. Temp folder means just that, temporary. What programs are in there? A lot of programs write to the Temp folder when they are being installed, then fail to clean up after themselves :D.

 

I have found a link to the W98 version of Find_it :). Please run it as per the instructions given before and post the log.

 

http://lineofire.geekstogo.com/

Link to post
Share on other sites

I clicked on your link and there were two versions to download. The Findit NT-2k-XP version or the Findit-9x-ME which one do you want me to download.. I am pretty sure it's not the NT-2k-XP one because I already tried that version. Let me know. :)

Link to post
Share on other sites

here is the output.txt

 

Warning! This utility will find legitimate files in addition to malware.

Do not remove anything unless you are sure you know what you're doing.

 

------- System Files in System Directory -------

 

 

Volume in drive C has no label

Volume Serial Number is 2C75-17D2

Directory of C:\WINDOWS\SYSTEM

 

841.88 MB free

 

------- Hidden Files in System Directory -------

 

 

Volume in drive C has no label

Volume Serial Number is 2C75-17D2

Directory of C:\WINDOWS\SYSTEM

 

RATINGS POL 8,192 01-21-05 9:52p RATINGS.POL

EPSTHL4 GID 16,826 11-05-04 7:38p epsthl4.GID

EPSPMHLP GID 8,628 05-10-01 3:23p epspmhlp.GID

ATI98DEF GID 10,844 03-22-99 5:40p ati98def.GID

FOLDER HTT 12,746 11-23-98 4:10p folder.htt

DESKTOP INI 266 11-23-98 4:10p desktop.ini

ATI64DEF GID 12,906 07-31-98 2:12p ati64def.GID

7 file(s) 70,408 bytes

0 dir(s) 841.88 MB free

 

---------------- User Agent ------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

 

------------------ Locate.com Results ------------------

 

------------ Strings.exe Qoologic Results ------------

 

 

-------------- Strings.exe Aspack Results -------------

 

 

----------------- HKLM Run Key ------------------

 

-------------- Strings.exe Umonitor Results -------------

 

 

 

Link to post
Share on other sites

As for my temp folder, there are some programs in there, I'm not sure why they are in there but when I went to delete some of them, a box comes up and says that they are a program and if I delete them then they will not run properly. Some won't even let me delete them.

Link to post
Share on other sites

Hi again. I cannot get any info on the following files;

epsthl4.GID

epspmhlp.GID

 

Go to C:\WINDOWS\SYSTEM and locate them and right click on them. Choose Properties. Click the version tab and get the manufacturer and original filename please. Maybe that will give a clue.

 

As a general rule, all contents of a Temporary folder are safe to delete. You will need to be in safe mode to delete them.

 

Can you please post another hijackthis log in your next post.

 

EDIT. I think I know the reason for the silent runners log showing as it did. Did you download it using firefox or other browser? If you did all you get is the script :). Either use IE to download it, or right click on the file and 'Save As'

 

Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.

 

It may not show anything out of the ordinary, but it is worth a shot.

Edited by crunchie
Link to post
Share on other sites

The epsthl4.GID file & the Epspmhlp.hlp file I believe are related to my epson manager files. I couldn't click on a version in the properties but they are right next to my epson manager in system. I will try to delete the temp folders in my safe mode now.

Link to post
Share on other sites
×
×
  • Create New...