Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log


  • Please log in to reply
7 replies to this topic

#1 Alex342

Alex342

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 05 July 2005 - 08:24 PM

I'm getting some abot:blank website, after researching i definatly thing its a browser hijacker. used spybot and ad-ware and i cant shake it. this is my hijack this log, if u can help I'd be so very grateful. thanks guys :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 10:26:52 PM, on 7/5/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\PROGRA~1\Aliant\HIGH-S~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\devldr32.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\PROGRA~1\Aliant\HIGH-S~1\app\EnterNet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Bill MacNeil\My Documents\my pictures\HijackThis.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O19 - User stylesheet: C:\WINNT\windows.dat
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: FireDaemon Service: netmeeting (netmeeting) - Unknown owner - c:\WINNT\system32\FireDaemon.EXE (file missing)
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Aliant\HIGH-S~1\app\pppoeservice.exe

BC AdBot (Login to Remove)

 


m

#2 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:09 PM

Posted 07 July 2005 - 05:05 AM

Welcome Alex342 to Bleeping Computer.

I see Dameware NT Utilities on your computer.
It's a program that allows remote access and control of a computer. This is a common program for hackers to install on a computer, so if it is installed, and you did not install it, it should be removed.

***

Did you remove entries using HijackThis yourself?

***

Open Hijackthis, click "Open the Misc Tools section"
Next to "Generate StartupList log", place a check next to "List also minor sections" (full) and "List empty sections (complete).
Then click "Generate StartupList log"
Click "Yes" to the box that pops-up. It will open a notepad file.
Copy and past the content of that file here in your answer.


Posted Image
Life is what happens while you're making other plans

#3 Alex342

Alex342
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 07 July 2005 - 07:34 PM

here man, its all greek to me, thanks for the help, but when i scan, i cant see daemon on the screen to get rid of it....



StartupList report, 7/7/2005, 9:35:48 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Bill MacNeil\Desktop\HijackThis.EXE
Detected: Windows 2000 SP3 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\PROGRA~1\Aliant\HIGH-S~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\devldr32.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\PROGRA~1\Aliant\HIGH-S~1\app\EnterNet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bill MacNeil\Desktop\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[{1D0D9077-3798-49BB-9058-393499174D5D}]
CODEBASE = file://c:\counter.cab

[FilePlanet Download Control Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\FilePlanetDownloadCtrl.dll
CODEBASE = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINNT\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc2.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINNT\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
CODEBASE = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[WheelofFortune Object]
InProcServer32 = C:\WINNT\Downloaded Program Files\WoF.ocx
CODEBASE = http://messenger.zone.msn.com/binary/WoF.cab31267.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
SysTray: stobject.dll
WebCheck: C:\WINNT\System32\webcheck.dll

--------------------------------------------------
End of report, 4,927 bytes
Report generated in 0.621 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#4 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:09 PM

Posted 08 July 2005 - 01:46 PM

* Please rightclick this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
For some time it will look like nothing is happening. Just keep waiting.
Once it's done it will create a log. A window will come up telling you when it's saved.


If Norton or AVG prompts you to a script trying to run, grant permission to run the entire script.


Please post me the result.


Posted Image
Life is what happens while you're making other plans

#5 Alex342

Alex342
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 10 July 2005 - 07:32 AM

hope this is what u were looking for! please reply and tell me whats up, thankyou so much!

Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec Directcd Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adaptec\DirectCD\shellex.dll" ["Adaptec"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.1\contmenu.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
NavNT\(Default) = "{067DF822-EAB6-11cf-B56E-00A0244D5087}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Navnt\navshell.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.1\contmenu.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.1\contmenu.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
NavNT\(Default) = "{067DF822-EAB6-11cf-B56E-00A0244D5087}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Navnt\navshell.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.1\contmenu.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"

Active Desktop web content:

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "file:///C:/DOCUME~1/BILLMA~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg"
"SubscribedURL" = "file:///C:/DOCUME~1/BILLMA~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINNT\System32\CTSvcCDA.exe" ["Creative Technology Ltd"]
DameWare NT Utilities 2.6, DNTUS26, "C:\WINNT\SYSTEM32\DNTUS26.EXE" ["DameWare Development"]
NAV Alert, NAV Alert, "C:\PROGRA~1\Navnt\alertsvc.exe" ["Symantec Corporation"]
NAV Auto-Protect, NAV Auto-Protect, "C:\PROGRA~1\Navnt\navapsvc.exe" ["Symantec Corporation"]
Norton Program Scheduler, Norton Program Scheduler, "C:\PROGRA~1\Navnt\npssvc.exe" ["Symantec Corporation"]
PPPoE Service, PPPoEService, "C:\PROGRA~1\Aliant\HIGH-S~1\app\pppoeservice.exe" [null data]

#6 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:09 PM

Posted 10 July 2005 - 08:06 AM

Ok, I don't see anything strang.

Please run Panda ActiveScan.
Let's see what it finds.
Save the log and post it here please.


Posted Image
Life is what happens while you're making other plans

#7 Alex342

Alex342
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 12 July 2005 - 12:53 PM

man its driving me crazy..........if i even think about opening internet explorer my cd tray opens...........and it changes my home page...........i use fire fox mostly, but its stilla a pain.

#8 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:09 PM

Posted 12 July 2005 - 05:21 PM

Ok use firefox to do this:

Download CleanUp!.
If that doesn’t work, use this link.
Here is a tutorial which describes its usage:
http://www.bleepingcomputer.com/tutorials/how-to-use-cleanup/

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close. Reboot the system. This will remove files that were in use during the scan.

***

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


Posted Image
Life is what happens while you're making other plans




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users