| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64103 | 2005-12-03 05:38:00 | Spyaxe and | Tim_Northland (9353) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 409714 | 2005-12-03 21:41:00 | Hello all thanks for the prompt advice. Speedy, here's teh hackthis log I assume here in you post meant this forum? Logfile of HijackThis v1.99.1 Scan saved at 10:36:47 a.m., on 4/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\nvctrl.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\WinRoute Pro\WrCtrl.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mssearchnet.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\user\Desktop\Antispyware\hijackthis\Hijac kThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.utu.co.nz O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hpBA76.tmp O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [WrCtrl] C:\Program Files\WinRoute Pro\WrCtrl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - www.kodakgallery.com O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - download.zonelabs.com O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - www.systemrequirementslab.com O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WinRoute Pro 4.2 (WinRoute) - Unknown owner - C:\Program Files\WinRoute Pro\winroute.exe |
Tim_Northland (9353) | ||
| 409715 | 2005-12-03 21:54:00 | www.liutilities.com ..................... C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mssearchnet.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\user\Desktop\Antispyware\hijackthis\Hijac kThis.exe..................................... You need more than Hijackthis Run ewido after updating it |
bartsdadhomer (80) | ||
| 409716 | 2005-12-03 22:13:00 | I'll get onto this asap .. I have a couple of hours work to do before I can though |
Tim_Northland (9353) | ||
| 409717 | 2005-12-04 00:56:00 | Hi As you will be working in safe mode its best if you print these instruction . Work throught them . in the order set out . Download all required programs first . Download smitRem . exe ( . geekstogo . com/click%20counter/click . php?id=1" target="_blank">noahdfear . geekstogo . com) and save the file to your desktop . Double click on the file to extract it to it's own folder on the desktop . Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8 . Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode . Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED: Open the smitRem folder, then double click the RunThis . bat file to start the tool . Follow the prompts on screen . Wait for the tool to complete and disk cleanup to finish . ================================================== ========================= 1 . Download SpyAxeFix . exe ( . geekstogo . com/click%20counter/click . php?id=8" target="_blank">noahdfear . geekstogo . com) . 2 . Save it to your desktop . 3 . Close all other programs and windows . 4 . Double click SpyAxeFix . exe, then click Start to extract the tool to it's own folder . 5 . Open the SpyAxeFix folder and double click the SpyAxeFix . bat to start the tool . At one point when the tool runs, your taskbar will dissappear, and your computer will restart when the tool completes . ----------------------------------- Run "Hijack This" and have it fix the item in the list below by placing a check in the appropriate boxes . Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT . O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hpBA76 . tmp --------------------------------- Open Windows Explorer and delete the following highlighted file/s if they are present . C:\WINDOWS\system32\svchosts . dll C:\WINDOWS\system32\1024 C:\WINDOWS\system32\mssearchnet . exe ------------------------------------ Remove these two from the registry [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" When finished please post a new log . . . . . . |
Pancake (6359) | ||
| 409718 | 2005-12-04 03:38:00 | Pancake, I followed the instructions you gave in safe mode (network enabled) I ran SpyAxeFix.exe which rebooted the PC I missed running in safemode on reboot and rebooted into safe mode from the user account selection screen. I fixed O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hpBA76.tmp with Hijack this. Found and deleted C:\WINDOWS\system32\mssearchnet.exe in explorer ( it was teh only one of the listed items present. and deleted the registry keys [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" The new log: Logfile of HijackThis v1.99.1 Scan saved at 4:18:14 p.m., on 4/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvctrl.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\WinRoute Pro\WrCtrl.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\user\Desktop\Antispyware\hijackthis\Hijac kThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.utu.co.nz O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp666A.tmp O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [WrCtrl] C:\Program Files\WinRoute Pro\WrCtrl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - www.kodakgallery.com O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - download.zonelabs.com O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - www.systemrequirementslab.com O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WinRoute Pro 4.2 (WinRoute) - Unknown owner - C:\Program Files\WinRoute Pro\winroute.exe I noted the entry "O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hpBA76.tmp" has reappeared. NAV has detected and deleted C:\WINDOWS\system32\1024\ld21C6.tmp once since reloading windows it was doing it every minute or so prior to this attempt. So far there have been no malicious popups or false security alerts but the windows taskbar has taken on the Classic grey appearance. |
Tim_Northland (9353) | ||
| 409719 | 2005-12-04 03:57:00 | bartsdadhomer, I have also searched for C:\WINDOWS\system32\mssearchnet.exe and cant find anything. I'm running Ewido's online scan and clean widget. Since my last post I have seen NAV delete another instance of C:\WINDOWS\system32\1024\ldA616.tmp how do I get shot of this pest? |
Tim_Northland (9353) | ||
| 409720 | 2005-12-04 03:57:00 | Just delete this file C:\WINDOWS\system32\hpBA76.tmp and then remove the 02 entry with HJT. As for the Classic grey appearance you will need to change that back to whatever you had before by right clicking on the desktop and go Properties/Appearence and reset it in the box. Also run a full scan here with Ewido (www.cyberanswers.org) .This will clean out any rubbish tem files etc. |
Pancake (6359) | ||
| 409721 | 2005-12-04 04:15:00 | I was trying to amend my last post with this info but took to long . . . . . I have also searched for C:\WINDOWS\system32\mssearchnet . exe and found C:\WINDOWS\Prefetch\MSSEARCHNET . EXE-0AFC02C2 . pf I'm running Ewido's online scanner beta . It has detected quite a few suspect malicious items . Some of which are in backup files in HJT and Spybot search and destroy directories . Since my last post I have seen NAV delete another instance of Download . Trojan C:\WINDOWS\system32\1024\ldA616 . tmp how do I get shot of this pest? Is it asociated with Downloader . Zlob . Br in C:\WINDOWS\system32\hp666a . tmp detected by Ewido's online scanner? |
Tim_Northland (9353) | ||
| 409722 | 2005-12-04 04:19:00 | Make that two more downloader trojans deleted. | Tim_Northland (9353) | ||
| 409723 | 2005-12-04 04:41:00 | Just delete this file C:\WINDOWS\system32\hpBA76.tmp and then remove the 02 entry with HJT. As for the Classic grey appearance you will need to change that back to whatever you had before by right clicking on the desktop and go Properties/Appearence and reset it in the box. Also run a full scan here with Ewido (www.cyberanswers.org) .This will clean out any rubbish tem files etc. Hi Eddy, I couldnt find C:\WINDOWS\system32\hpBA76.tmp but used HJT in safe mode to remove it again. I will download Ewido and clean the rest of the garbage up. |
Tim_Northland (9353) | ||
| 1 2 3 4 | |||||