Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Think im going to scream ! ABCSEARCH4U ! Grr [RESOLVED]

Started by dazlia , Jun 16 2005 05:39 AM

  • This topic is locked This topic is locked

#16
dazlia
Posted 21 June 2005 - 03:40 AM

dazlia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Tom, I;ve made a giant f@:tazz: up im afraid.

I had bookmarked a page in my internet expoler which ive just mistakenly clicked on and ITS BACK!!! I am so so sorry mate i really am, please dont think im trying to waste your time.

Can you look at this again for me, obvioulsy i can spot things that need to be removed but im not sure in which order to do things again now.

Again, em really sorry !

Logfile of HijackThis v1.99.1
Scan saved at 10:34:36, on 21/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Macromedia\Director MX\Director.exe
C:\Program Files\Flash Decompiler\FDec.exe
C:\Program Files\Flash Decompiler\FDec.exe
C:\Program Files\Eltima Software\Flash Decompiler\FDec.exe
C:\Program Files\Eltima Software\Flash Decompiler\FDec.exe
C:\WINDOWS\system32\web.exe
C:\WINDOWS\System32\vxh8jkdq7.exe
C:\WINDOWS\stchost.exe
C:\WINDOWS\System32\axblnbwi.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\System32\vxh8jkdq7.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xcgvtsk] c:\windows\oawmess.exe
O4 - HKCU\..\Run: [hlvepfl] c:\windows\oawmess.exe
O4 - HKCU\..\Run: [ubugbhp] c:\windows\oawmess.exe
O4 - HKCU\..\Run: [lvgayhx] c:\windows\meynkmj.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6F90DFC-1151-4C53-A366-9AEA3D12798A}: NameServer = 194.177.170.2,194.177.160.2
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: Timbuktu Pro - c:\program files\timbuktu pro\Hook32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Biistr - Unknown owner - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - c:\program files\timbuktu pro\tb2launch.exe
  • 0

Advertisements

#17
dazlia
Posted 21 June 2005 - 04:09 AM

dazlia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Tom,

Ok ive doen the last steps you mentioned and delete the ABCserach stuff etc but THIS time it hastn worked as it did last time. I'm at a loss now what to do next.

again sorry to mess you around and you time an dhelp is much appreciated :tazz:

Heres the new log :-
Logfile of HijackThis v1.99.1
Scan saved at 11:07:57, on 21/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\timbuktu pro\tb2launch.exe
c:\program files\timbuktu pro\tb2pro.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\timbuktu pro\minitb2.exe
c:\program files\timbuktu pro\TNOTIFY.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xcgvtsk] c:\windows\oawmess.exe
O4 - HKCU\..\Run: [hlvepfl] c:\windows\oawmess.exe
O4 - HKCU\..\Run: [ubugbhp] c:\windows\oawmess.exe
O4 - HKCU\..\Run: [xrpigej] c:\windows\pmmlvkh.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm (file missing)
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm (file missing)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6F90DFC-1151-4C53-A366-9AEA3D12798A}: NameServer = 194.177.170.2,194.177.160.2
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: Timbuktu Pro - c:\program files\timbuktu pro\Hook32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Biistr - Unknown owner - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - c:\program files\timbuktu pro\tb2launch.exe
  • 0

#18
dazlia
Posted 21 June 2005 - 08:20 AM

dazlia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Tom,

Right i'm now more or less back to where i was before i screwed up again. Ive run all the tests etc and deleted all the exe files that were there in windows that you mentioned and its looking good. Ive just run a barnd new HJT log and am about to post the other logs you requested. Im sure i may have missed the odd one but its looking a lot healthier than it was :tazz: :-

SPSeHjFix Log :-



(6/20/05 17:03:46) SPSeHjFix started v1.1.2
(6/20/05 17:03:46) OS: WinXP Service Pack 1 (5.1.2600)
(6/20/05 17:03:46) Language: english
(6/20/05 17:03:46) Win-Path: C:\WINDOWS
(6/20/05 17:03:46) System-Path: C:\WINDOWS\System32
(6/20/05 17:03:46) Temp-Path: C:\DOCUME~1\Darren\LOCALS~1\Temp\
(6/20/05 17:03:54) Disinfection started
(6/20/05 17:03:54) Bad-Dll(IEP): (not found)
(6/20/05 17:03:54) Bad-Dll(IEP) in BHO: (not found)
(6/20/05 17:03:54) UBF: 4 - UBB: 1 - UBR: 84
(6/20/05 17:03:54) UBF: 4 - UBB: 1 - UBR: 84
(6/20/05 17:03:54) Bad IE-pages: (none)
(6/20/05 17:03:54) Stealth-String not found
(6/20/05 17:03:54) Not infected->END


(6/21/05 13:32:18) SPSeHjFix started v1.1.2
(6/21/05 13:32:18) OS: WinXP Service Pack 1 (5.1.2600)
(6/21/05 13:32:18) Language: english
(6/21/05 13:32:18) Win-Path: C:\WINDOWS
(6/21/05 13:32:18) System-Path: C:\WINDOWS\System32
(6/21/05 13:32:18) Temp-Path: C:\DOCUME~1\Darren\LOCALS~1\Temp\
(6/21/05 13:32:21) Disinfection started
(6/21/05 13:32:21) Bad-Dll(IEP): (not found)
(6/21/05 13:32:21) Bad-Dll(IEP) in BHO: (not found)
(6/21/05 13:32:21) UBF: 4 - UBB: 2 - UBR: 22
(6/21/05 13:32:21) UBF: 4 - UBB: 2 - UBR: 22
(6/21/05 13:32:21) Bad IE-pages: (none)
(6/21/05 13:32:21) Stealth-String not found
(6/21/05 13:32:21) Not infected->END

HighJackThis Log :-

Logfile of HijackThis v1.99.1
Scan saved at 15:15:16, on 21/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hjt\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm (file missing)
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6F90DFC-1151-4C53-A366-9AEA3D12798A}: NameServer = 194.177.170.2,194.177.160.2
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: Timbuktu Pro - c:\program files\timbuktu pro\Hook32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Biistr - Unknown owner - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - c:\program files\timbuktu pro\tb2launch.exe

Kaspersky log :-

Ive deleted ALL the exe files it mentions at the bottom of this log Tom and ive also done a 'cleanup' which has got rid of all the java files it mentions. the only things i cant get rid of in here are the 'system restore' things. Any ideas please?

Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 51946
Number of viruses found: 14
Number of infected objects: 41
Number of suspicious objects: 0
Duration of the scan process: 2580 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Darren\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3852b20e-7d665f3a.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\Darren\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3852b20e-7d665f3a.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\Darren\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3852b20e-7d665f3a.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\Darren\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3852b20e-7d665f3a.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Darren\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3852b20e-7d665f3a.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Darren\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a84a25a-788bf5be.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.ai
C:\Documents and Settings\Darren\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a84a25a-788bf5be.zip Infected: Trojan.Java.ClassLoader.ai
C:\Program Files\Microsoft AntiSpyware\Quarantine\A5A471DD-F382-4A70-8F5F-1ECF8B\7EFC5200-5E68-4150-A71F-F8FEB1 Infected: Trojan-Downloader.Win32.Agent.pi
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP23\A0009371.exe Infected: Trojan.Win32.Crypt.c
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP23\A0009372.exe Infected: Trojan.Win32.Crypt.c
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP26\A0012472.exe Infected: Trojan.Win32.Crypt.c
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP26\A0012478.exe Infected: Trojan-Downloader.Win32.Agent.pn
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP26\A0014504.exe Infected: Trojan.Win32.Crypt.c
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP30\A0023872.exe Infected: Trojan.Win32.Crypt.c
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP33\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.a
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0024955.exe Infected: Trojan.Win32.Agent.eo
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0024958.dll Infected: Virus.Win32.Nsag.a
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0024960.exe Infected: Trojan.Win32.Agent.eo
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0024966.exe Infected: Trojan-Downloader.Win32.Small.awa
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0024967.exe Infected: Trojan-Downloader.Win32.Small.azt
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0024968.exe Infected: Trojan-Downloader.Win32.Small.azt
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0024969.exe Infected: Trojan-Downloader.Win32.Small.agq
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0024970.exe Infected: Trojan-Downloader.Win32.Small.agq
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0024981.exe Infected: Trojan-Downloader.Win32.Small.azt
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0032010.exe Infected: Trojan.Win32.Crypt.c
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0032011.exe Infected: Trojan.Win32.Crypt.c
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0032014.exe Infected: Trojan.Win32.StartPage.za
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0032015.exe Infected: Trojan.Win32.StartPage.za
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0032016.exe Infected: Trojan.Win32.StartPage.za
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0032017.exe Infected: Trojan.Win32.StartPage.za
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0032018.exe Infected: Trojan.Win32.StartPage.za
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0032019.exe Infected: Trojan.Win32.StartPage.za
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0032020.exe Infected: Trojan.Win32.StartPage.za
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\A0032021.exe Infected: Trojan.Win32.StartPage.za
C:\System Volume Information\_restore{DF30DA61-7C99-430C-B1A2-869CE6C95CEB}\RP34\snapshot\MFEX-1.DAT Infected: Virus.Win32.Nsag.a
C:\WINDOWS\oawmess.exe Infected: Trojan.Win32.StartPage.za
C:\WINDOWS\pgaccsw.exe Infected: Trojan.Win32.StartPage.za
C:\WINDOWS\pmmlvkh.exe Infected: Trojan.Win32.StartPage.za
C:\WINDOWS\system32\dbmrnaaa.exe Infected: Trojan.Win32.StartPage.za
C:\WINDOWS\uyujvcr.exe Infected: Trojan.Win32.StartPage.za
C:\WINDOWS\yucbxyb.exe Infected: Trojan.Win32.StartPage.za

Scan process completed.

So thats where i am at the moment. ill look forward to hearing from you soon hopefully ;)
  • 0

#19
TomNJ
Posted 21 June 2005 - 12:03 PM

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
Nice job your log is clean ! Please use the following suggestion to help prevent reinfection

Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep Ad-aware and Spybot handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program
Download and install Cleanup
Run "Cleanup" and when it has finished, Reboot

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here Name it clean or something like that,
  • 0

#20
dazlia
Posted 22 June 2005 - 01:57 AM

dazlia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks Tom, your a star mate.
One more quick question though. In my log theres something called ;-

O23 - Service: Biistr - Unknown owner - (no file)

IS it safe to delete this now? You did mention it in an erlier reply but i think i missed it this time. thought it best to check with the expert :tazz:
  • 0

#21
TomNJ
Posted 22 June 2005 - 06:53 AM

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
Yes That would be fine to delete

Tom :tazz:
  • 0

#22
TomNJ
Posted 05 July 2005 - 05:44 AM

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP