• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
C_P

AV sites timeout, PC Boots Slow, and general NOT FUN!

12 posts in this topic

Hello All,

I am using Windows XP, I have read this link How to remove spyware or a hijacker ( http://forums.spywareinfo.com/index.php?showtopic=227 ), I have followed suggestions and other links within that link, I run Spybot and Adaware SE Pro almost Daily using updates daily, I run Norton AV Corporate Edition, I have run Hijack this, and still having issues after cleaning daily and also checking and cleaning in safe mode. Norton says no more virus’s, SpyBot says Congrats, Adaware Pro say 11 new issues each time I run it and clean it. I also use Crap Cleaner as well for registry issues.

First, I run PCLinux at home just for this reason so I do not have to be as concerned with this SPAM, Adware, and viruses. I do however run Windows XP SP2 at work where I am encountering this issue!

To start, my PC takes forever now to load and it did not before.

FYI:

P4 Dual Core 3.00GHz 2.99 GHz and 1.00 GB RAM

Was using IE7 but deleted that thinking it was issue.

Touchpoint, Client Access, ONX, Print Key, BlueSoleil are valid company programs. I work for OpenText so those references should also be valid.

Once finally loaded, I tried browsing to avast.com and page times out, I tried Trend Micro page times out. MSN loads as does some others.

I then downloaded and ran Hijack this, and cleared (fixed) all urls that were showing including avast.com,etc. and then could go to those sites.

I then ran SpyBot says Congrats, Adaware Pro say 11 new issues and I clean them again!

Now, some other sites will not load and this is really getting annoying!

I am including a HJ log below and can run it again after reboot in safe mode if needed.

I run a Free PC assistance site but this one has got me going nuts and would love to lead any users have issues with this stuff and needing a HJ this log interpretation to your site.

 

Please help?:

Logfile of HijackThis v1.99.1

Scan saved at 12:58:02 PM, on 3/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\OnX Enterprise Solutions\AgentSrv.EXE

c:\program files\ascent\bin\acsvc.exe

C:\WINDOWS\system32\basfipm.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Open Text\Touchpoint Client\Touchpoint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\GaussInterprise\DocView\GaussServices.exe

C:\Program Files\OnX Enterprise Solutions\CBSysTray.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\PROGRAM FILES\IBM\CLIENT ACCESS\EMULATOR\pcsws.exe

C:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE

C:\PROGRA~1\MICROS~2\LIVEME~1\Addins\LMCAPI.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Trillian\trillian.exe

C:\PROGRA~1\Citrix\icaweb32\Wfcrun32.exe

C:\PROGRA~1\Citrix\icaweb32\WFICA32.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\rhager\Desktop\hijackthis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7ECE5FBD-5349-41DE-990F-858412DC6CBB} - (no file)

O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKCU\..\Run: [TOUCHPOINT.EXE] "C:\Program Files\Open Text\Touchpoint Client\Touchpoint.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: GaussServices.lnk = C:\Program Files\GaussInterprise\DocView\GaussServices.exe

O4 - Global Startup: OnX Enterprise Solutions TaskBar Icon.LNK = C:\Program Files\OnX Enterprise Solutions\CBSysTray.exe

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O15 - Trusted Zone: *.akamai.net

O15 - Trusted Zone: http://www.avast.com

O15 - Trusted Zone: http://www.symantec.com

O15 - Trusted Zone: *.yimg.com

O16 - DPF: CTCBridge 5250 - http://www.mpc-inc.com/_J5250/classi/j5250i.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://code/trackdoc/trkpm660ie.cab

O16 - DPF: {42D5A794-9AD1-4409-950B-C8B9EB1282B0} (TiffPrint Class) - http://javatest/contentexplorer/covi/VipTiffPrint.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://meeshome.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125318777174

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://works-per-spec/LL9501support/exppro/isetup.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kofax.webex.com/client/T22L/support/ieatgpc.cab

O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - http://works-per-spec/LL9501support/webexp/lledit.cab

O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://reports-web1.opentext.com/ReportSer...clientprint.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = opentext.net

O17 - HKLM\Software\..\Telephony: DomainName = opentext.net

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = opentext.net

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\OnX Enterprise Solutions\AgentSrv.EXE

O23 - Service: Ascent Capture Service - Kofax Image Products - c:\program files\ascent\bin\acsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Client IP-IPX - Unknown owner - -e,te-110-12-0000282, (file missing)

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Download SDFix and save it to your desktop.

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

Include a fresh HijackThis log for review.

 

Let me know what problem persist.

Share this post


Link to post
Share on other sites

Thank you! Here are the Report.txt with a new HijackThis log after only running the SDFix utility and Hijack this per your instructions:

 

HijackThis

Logfile of  v1.99.1
Scan saved at 9:47:39 AM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OnX Enterprise Solutions\AgentSrv.EXE
c:\program files\ascent\bin\acsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Open Text\Touchpoint Client\Touchpoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GaussInterprise\DocView\GaussServices.exe
C:\Program Files\OnX Enterprise Solutions\CBSysTray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\rhager\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7ECE5FBD-5349-41DE-990F-858412DC6CBB} - (no file)
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TOUCHPOINT.EXE] "C:\Program Files\Open Text\Touchpoint Client\Touchpoint.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GaussServices.lnk = C:\Program Files\GaussInterprise\DocView\GaussServices.exe
O4 - Global Startup: OnX Enterprise Solutions TaskBar Icon.LNK = C:\Program Files\OnX Enterprise Solutions\CBSysTray.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.akamai.net 
O15 - Trusted Zone: http://www.avast.com
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: *.yimg.com 
O16 - DPF: CTCBridge 5250 - http://www.mpc-inc.com/_J5250/classi/j5250i.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://code/trackdoc/trkpm660ie.cab
O16 - DPF: {42D5A794-9AD1-4409-950B-C8B9EB1282B0} (TiffPrint Class) - http://javatest/contentexplorer/covi/VipTiffPrint.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://meeshome.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125318777174
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://works-per-spec/LL9501support/exppro/isetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kofax.webex.com/client/T22L/support/ieatgpc.cab
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - http://works-per-spec/LL9501support/webexp/lledit.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://reports-web1.opentext.com/ReportServer?rs:Command=Get&rc:GetImage=8.00.1038.00rsclientprint.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = opentext.net
O17 - HKLM\Software\..\Telephony: DomainName = opentext.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = opentext.net
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\OnX Enterprise Solutions\AgentSrv.EXE
O23 - Service: Ascent Capture Service - Kofax Image Products - c:\program files\ascent\bin\acsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

 

 

SDFix

SDFix: Version 1.73

Run by rhager - Tue 03/20/2007 -  9:41:05.81

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 

Name:
Client IP-IPX

-e,te-110-12-0000282, 

Client IP-IPX Deleted



Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\unsvchosts.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


							 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\IBM\\Client Access\\cwbunnav.exe"="C:\\Program Files\\IBM\\Client Access\\cwbunnav.exe:*:Enabled:cwbunnav.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Documents and Settings\rhager\NetHood\ddviews on intranet.opentext.com\Desktop.ini
C:\Documents and Settings\rhager\NetHood\ftp.kofax.com\Desktop.ini
C:\Documents and Settings\rhager\NetHood\ftp.opentext.com\Desktop.ini
C:\Documents and Settings\rhager\NetHood\ftp.transflo.com\Desktop.ini
C:\Documents and Settings\rhager\NetHood\ifs.opentext.com\Desktop.ini
C:\Program Files\Trillian\users\default\downloads\MSN\rhagers@hotmail.com\AlbumArtSmall.jpg
C:\Program Files\Trillian\users\default\downloads\MSN\rhagers@hotmail.com\AlbumArt_{BCD63478-A37F-47CB-856A-DE5DA4411980}_Large.jpg
C:\Program Files\Trillian\users\default\downloads\MSN\rhagers@hotmail.com\AlbumArt_{BCD63478-A37F-47CB-856A-DE5DA4411980}_Small.jpg
C:\Program Files\Trillian\users\default\downloads\MSN\rhagers@hotmail.com\desktop.ini
C:\Program Files\Trillian\users\default\downloads\MSN\rhagers@hotmail.com\Folder.jpg
C:\Program Files\Trillian\users\default\downloads\MSN\rhagers@hotmail.com\Thumbs.db
C:\I386\MSIMN.EXE
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\Packs\SysFiles\26_MSIMN.EXE
C:\WINDOWS\SYSTEM32\dnbsuv\services.exe
C:\WINDOWS\uccspecb.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\rhager\Application Data\Microsoft\Word\~WRL1896.tmp
C:\Documents and Settings\rhager\Application Data\Microsoft\Word\~WRL1911.tmp
C:\Documents and Settings\rhager\Application Data\Microsoft\Word\~WRL3769.tmp

							 Finished

Share this post


Link to post
Share on other sites

Looking good.

 

Run HijackThis and fix this empty item.

 

O2 - BHO: (no name) - {7ECE5FBD-5349-41DE-990F-858412DC6CBB} - (no file)

 

Restart the computer to reset the registry.

 

Submit a fresh HijackThis log and let me know what problem remains.

Share this post


Link to post
Share on other sites

Wow, Thank you!

 

After running Dr.Web CureIt it found some things, not sure they were valid as one of these is a know legitamate utility from a software company we work with IPSNOOPER and the other was the utility you asked I run SDFix . However, I have posted end .csv results below. I rebooted and ran Dr.Web CureIt again and it found 6 more in my restore so I deleted those as well and turned of System Restore and cleaned it (emptied system restore) through Disk Cleanup

 

Here are the results from first run I will post results after reboot and second run of Run HijackThis and fixing this empty item.

 

O2 - BHO: (no name) - {7ECE5FBD-5349-41DE-990F-858412DC6CBB} - (no file)

 

Dr.Web First run

IPSnooper.exe;C:\Program Files\IPSnooper;Modification of BackDoor.Generic.994;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Deleted.;
A0006734.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP31;Modification of BackDoor.Generic.994;Moved.;
Process.exe;C:\WINDOWS\SYSTEM32;Tool.Prockill;Deleted.;
services.exe;C:\WINDOWS\SYSTEM32\dnbsuv;Win32.HLLW.Pytica;Deleted.;
snew.exe;C:\WINDOWS\SYSTEM32\dnbsuv;Win32.HLLW.Pytica;Deleted.;

Edited by C_P

Share this post


Link to post
Share on other sites

New Hijack This log after reboot and fixing empty item as suggested. I am still running Dr.Web after clean up and will post results as well.

 

Logfile of HijackThis v1.99.1
Scan saved at 12:39:34 PM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OnX Enterprise Solutions\AgentSrv.EXE
c:\program files\ascent\bin\acsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Open Text\Touchpoint Client\Touchpoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GaussInterprise\DocView\GaussServices.exe
C:\Program Files\OnX Enterprise Solutions\CBSysTray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\userinit.exe
C:\Documents and Settings\rhager\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TOUCHPOINT.EXE] "C:\Program Files\Open Text\Touchpoint Client\Touchpoint.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GaussServices.lnk = C:\Program Files\GaussInterprise\DocView\GaussServices.exe
O4 - Global Startup: OnX Enterprise Solutions TaskBar Icon.LNK = C:\Program Files\OnX Enterprise Solutions\CBSysTray.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.akamai.net 
O15 - Trusted Zone: http://www.avast.com
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: *.yimg.com 
O16 - DPF: CTCBridge 5250 - http://www.mpc-inc.com/_J5250/classi/j5250i.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://code/trackdoc/trkpm660ie.cab
O16 - DPF: {42D5A794-9AD1-4409-950B-C8B9EB1282B0} (TiffPrint Class) - http://javatest/contentexplorer/covi/VipTiffPrint.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://meeshome.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125318777174
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://works-per-spec/LL9501support/exppro/isetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kofax.webex.com/client/T22L/support/ieatgpc.cab
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - http://works-per-spec/LL9501support/webexp/lledit.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://reports-web1.opentext.com/ReportServer?rs:Command=Get&rc:GetImage=8.00.1038.00rsclientprint.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = opentext.net
O17 - HKLM\Software\..\Telephony: DomainName = opentext.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = opentext.net
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\OnX Enterprise Solutions\AgentSrv.EXE
O23 - Service: Ascent Capture Service - Kofax Image Products - c:\program files\ascent\bin\acsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Share this post


Link to post
Share on other sites

Dr.Web shows no nasties now. The PC still boots slow but so far no virus warnings and can get to most sites now. I "think" I am good to go, what do you think?

Share this post


Link to post
Share on other sites

Nice Work your log is clean.

 

How did I get infected in the first place?

http://forums.spywareinfo.com/index.php?showtopic=60955

 

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

Share this post


Link to post
Share on other sites

Nice Work your log is clean.

 

How did I get infected in the first place?

http://forums.spywareinfo.com/index.php?showtopic=60955

 

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

Thank you much for the help. Will point others here to this site that need assistance.

Share this post


Link to post
Share on other sites

Glad we could help.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0