#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2005
    Posts
    52
    Rep Power
    10

    Problem with pop-ups and Internet Explorer (HijackThis LogFile included)


    Hi everybody,

    A friend of mine has some problems with pop- ups. She uses Firefox, but when connected to the internet, from time to time there are pop-ups of various fake sites opening in MS Internet Explorer windows.

    She uses Windows XP SP2. I tried to remove Internet Explorer from her system, but I am not sure if this is possible in Windows XP, and the Add/Remove Windows Components choice in Control Panel isn't really removal..... Deleting the iexplore.exe in /Program Files/ Internet Explorer didn't help either.

    Spybot and Nod32 didn't have results too... So I am posting a HijackThis log file that she sent me. Here it is:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:00:22 μμ, on 5/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [axis love poll lite] C:\Documents and Settings\All Users\Application Data\each new axis love\locks rule.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Bleh Great] C:\DOCUME~1\Sofia\APPLIC~1\DELETE~1\InternetSafeMfcd.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

    --
    End of file - 5520 bytes




    Thanks for your time. Any help you be appreciated
  2. #2
  3. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    She uses Windows XP SP2. I tried to remove Internet Explorer from her system, but I am not sure if this is possible in Windows XP, and the Add/Remove Windows Components choice in Control Panel isn't really removal..... Deleting the iexplore.exe in /Program Files/ Internet Explorer didn't help either.
    Trying to remove IE is not a good idea. it is a embedded component of windows and should be there and if not used should be left alone.


    So I am posting a HijackThis log file that she sent me
    Trying to clean this up through a third party is not a good Idea.

    This person should register and do the repairs themselves.


    For starters

    Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

    First step:

    * Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
    * If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
    * If you have Version 1.4, Click on Exit Spybot S&D Resident

    Second step, For Either Version :

    * Open Spybot S&D
    * Click Mode, choose Advanced Mode
    * Go To the bottom of the Vertical Panel on the Left, Click Tools
    * then, also in left panel, click Resident shows a red/white shield.
    * If your firewall raises a question, say OK
    * In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
    * OK any prompts.
    * Use File, Exit to terminate Spybot
    * Reboot your machine for the changes to take effect.

    Next follow all the steps in the sticky and post all the logs from the programs.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2005
    Posts
    52
    Rep Power
    10
    OK, you are right about following the sticky first. So here are the results: ( one problem is that tea-timer, from what i see in the report, was not disabled. I hope this doesn't cause any problems finding the solution....)

    Malwarebytes' Anti-Malware REPORT:

    Malwarebytes' Anti-Malware 1.19
    Database version: 926
    Windows 5.1.2600 Service Pack 2

    12:14:06 μμ 6/7/2008
    mbam-log-7-6-2008 (12-14-06).txt

    Scan type: Quick Scan
    Objects scanned: 39449
    Time elapsed: 3 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)





    SUPERAntiSpyware REPORT:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/06/2008 at 12:39 PM

    Application Version : 4.15.1000

    Core Rules Database Version : 3497
    Trace Rules Database Version: 1488

    Scan type : Complete Scan
    Total Scan Time : 00:11:48

    Memory items scanned : 410
    Memory threats detected : 0
    Registry items scanned : 4544
    Registry threats detected : 0
    File items scanned : 9456
    File threats detected : 4

    Adware.Tracking Cookie
    C:\Documents and Settings\*name*\Cookies\*name*@adopt.euroclick[1].txt
    C:\Documents and Settings\*name*\Cookies\*name*@server.iad.liveperson[2].txt
    C:\Documents and Settings\*name*\Cookies\*name*@ad.yieldmanager[2].txt
    C:\Documents and Settings\*name*\Cookies\*name*@tribalfusion[1].txt



    BitDefender REPORT: (I am not posting the whole file because it included the names of all files scanned, with a "clean" next to them, and it's about 21MB's html..... => millions of lines....)

    Statistics

    Time 00:45:26

    Files 82553

    Folders 2846

    Boot Sectors 3

    Archives 897

    Packed Files 6133


    Results

    Identified Viruses 0

    Infected Files 0

    Suspect Files 0

    Warnings 0

    Disinfected 0

    Deleted Files 0


    Engines Info

    Virus Definitions 1354618

    Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins 16

    Archive plugins 42

    Unpack plugins 7

    E-mail plugins 6

    System plugins 5


    Scan Settings

    First Action Disinfect

    Second Action Delete

    Heuristics Yes

    Enable Warnings Yes

    Scanned Extensions *;

    Exclude Extensions

    Scan Emails Yes

    Scan Archives Yes

    Scan Packed Yes

    Scan Files Yes

    Scan Boot Yes



    HijackThis REPORT:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:26:13 μμ, on 6/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [axis love poll lite] C:\Documents and Settings\All Users\Application Data\each new axis love\locks rule.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Bleh Great] C:\DOCUME~1\Sofia\APPLIC~1\DELETE~1\InternetSafeMfcd.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

    --
    End of file - 5778 bytes
  6. #4
  7. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Disable teatimer then UNINSTALL spybot. It can be reinstalled later if wanted.

    Then, Download ResetTeaTimer.bat. HERE Firefox users rightclick and save link as...
    Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.




    Open HJT and click scan only, place a check by these entries DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [axis love poll lite] C:\Documents and Settings\All Users\Application Data\each new axis love\locks rule.exe
    O4 - HKCU\..\Run: [Bleh Great] C:\DOCUME~1\Sofia\APPLIC~1\DELETE~1\InternetSafeMfcd.exe


    Close all windows and browsers except HJT and click fix checked.



    Lets take a deeper look at you system.

    Download Deckard's System Scanner. HERE

    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, a text file will open - Main.txt
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread here.
    5. A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt.
    6. Attach Extra.txt to your post.

    Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

    What Deckard's System Scanner will do:

    * create a new System Restore point in Windows XP and Vista.
    * clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    * check some important areas of your system and produce a report for your analyst to review. Deckard's System Scanner automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


    When you get the two notepad documents, click somewhere inside the notepad document and hold CTRL/Control and press A then C. This will "select all" and "copy" the text.

    Please post both of the logs.
    Last edited by Porthos; July 6th, 2008 at 06:32 PM.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2010
    Posts
    1
    Rep Power
    0
    My suggestion. Download AnVir Task Manager. When you run it, AnVir shows you all startup programs and Windows processes, so you’ll find harmful file in a minute. I always use it when I clean one’s PC. Sorry for the offtopic.

IMN logo majestic logo threadwatch logo seochat tools logo