Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Winfixer help

Started by sohungry , Nov 30 2005 05:34 PM

  • This topic is locked This topic is locked
16 replies to this topic

#1 sohungry

sohungry

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 30 November 2005 - 05:34 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:29:44 PM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\TWAIN_32\SiPix\Web2\CamTask.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tuck\Local Settings\Temporary Internet Files\Content.IE5\Y943IH65\hijackthis[1]\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SiPixWeb2CamTaskMan] C:\WINDOWS\TWAIN_32\SiPix\Web2\CamTask.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB47A9C1-54FE-4EE5-8933-A1BC0ABAF6BF}: NameServer = 206.47.244.43 207.164.234.41
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe



thanks in advance for any help you have to offer

    Advertisements

Register to Remove

#2 sohungry

sohungry

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 30 November 2005 - 06:40 PM

I tried a couple more scans that a friend suggested so I'll post an updated hijackthis log in a few minutes

#3 sohungry

sohungry

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 30 November 2005 - 08:26 PM

sorry for any inconvenience to anyone trying to help me. Long story short, after an hour of trying to fix this on my own i have changed nothing and the log posted earlier is still acurate. thanks in advance

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 December 2005 - 05:38 PM

Hello sohungry, welcome to the forum.

Important: Do this before any fix.

Please put your HijackThis in it's own folder, (I create a new folder in C:\ named HJT).
You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder HJT.

Go to where your HijackThis is and Right Click on HijackThis.exe, select Cut, then open the new folder you just created (HJT) Right Click in the folder and select paste.

The reason we do this is Hijackthis creates backup files just in case you'd need to restore one and we'll be cleaning out the temp files.



After the above:

Download CWShredder from my signature below. Unzip it on the desktop.
Open CWShredder and with ALL other windows closed, click fix.


Go here and run at least one of the online scans, allow them to delete whatever they find:

TrendMicro HouseCall
eTrust AntiVirus Web Scanner
Panda ActiveScan
Note any thing that can't be fixed
Reboot when done.



Next:

Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.



Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 sohungry

sohungry

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 03 December 2005 - 04:28 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:27:22 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\TWAIN_32\SiPix\Web2\CamTask.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tuck\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htttp://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htttp://www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SiPixWeb2CamTaskMan] C:\WINDOWS\TWAIN_32\SiPix\Web2\CamTask.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB47A9C1-54FE-4EE5-8933-A1BC0ABAF6BF}: NameServer = 206.47.244.43 207.164.234.41
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

system is running fairly good. definitly a little bit faster. But I'm still getting the annoying winfixer pop-ups

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 December 2005 - 04:36 PM

Download the following programs.

a.
Download Killbox HERE and put it on your desktop

b.
Download CCleaner HERE and install it.

c.
Download Ewido security suite HERE



1. After the download of Ewido is complete, double click on the file to launch the install process.
2. During installation under the Additonal Options menu, you will be asked if you want to "Install background guard (required for automatic updates)" and "Install scan via context menu". Please UNCHECK both of these options.
3. Once installation is complete, launch Ewido by double-clicking the big "E" icon on your desktop. The program will prompt you to update -- click the 'OK' button.
4. The program will now go to the main screen. On the left hand side of the main screen, click on Update and then click 'Start Update'. The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see 'Update Successful' in the lower left corner.
5. Close Ewido.

Next:

Reboot into Safemode:
Immediately begin tapping the F8 key (or F5 on some computers)
Use the arrow keys to highlight Safe Mode and press the Enter key.

This can take a few minutes to get into Safe Mode.



use Add/Remove Programs and remove:
SurfAccuracy


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"


Next:
Open CCleaner.

Before first use, check under Options, Settings, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.

Then open it and select the items you wish to clean up.

In the Windows Tab:

I recommend cleaning all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section
Clean all entries in the "System" section
Clean all entries in the "Advanced" section.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

Then click the "Run Cleaner" button


Next:
Open Ewido

1. Click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'
2. Please make sure 'Scan Every File' is selected. Finally, please click 'OK'
3. On the main screen, please select 'Complete System Scan' and the scan should begin.
4. While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose clean, then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
5. When the scan is complete, click "Save Report". You scan results will be saved in a textfile. Please submit that with your next post.

If during your scan Ewido "crashes" or "hangs", please try scanning again. Before running the scan, click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'. Uncheck 'Scan in NTFS Alternate Data Streams' as this can cause problems in overly infected systems. Click 'OK' and then follow the instructions from step #8 again.

Exclamation Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days (which is the reason we uncheck them during installation). You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan.

If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

Now close ewido security suite.

Next:
Then double-click on the killbox.exe program.


Start Killbox, Use standard file kill.(default settings).
Copy this whole list into the windows clipboard, all the Bolded below.


C:\Program Files\winupdates\winupdates.exe
C:\Program Files\SurfAccuracy\SAcc.exe


Back in Killbox go > file > paste from clipboard, now click the red X
that looks like a stop sign, wait until a success message appears.
Repeat those same step's until each file has been deleted.



If your computer does not restart automatically, please restart it manually.

After Reboot, "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.



Be sure to keep SunJava, updated

In Add/Remove programs click on these and press *remove* if listed:
J2SE Runtime Environment 5.0 - 97.99Mb
J2SE Runtime Environment 5.0 Update 2 - 143.00Mb
J2SE Runtime Environment 5.0 Update 4 - 144.00Mb
J2SE Runtime Environment 5.0 Update 5- 151.00Mb
Java 2 Runtime Environment, SE v1.4.2_04 - 130.00Mb
Or any other outdated J2SE


Sun Java has updated to remove 5 known critical issue.

It is important to remove older versions as these are the ones with the holes in them. You will be surprised when you go to add/remove to see all of the versions sitting there.

Download Newest >>>> http://www.java.com/...nload/index.jsp

Once installed you can test to see that it is in fact installed >>>>

Sun Java Test

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 sohungry

sohungry

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 03 December 2005 - 06:53 PM

alright, followed all of your instructions. I think it went well, everything appears to be running smoothly

here is a new hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 7:51:25 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\TWAIN_32\SiPix\Web2\CamTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tuck\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htttp://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htttp://www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SiPixWeb2CamTaskMan] C:\WINDOWS\TWAIN_32\SiPix\Web2\CamTask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB47A9C1-54FE-4EE5-8933-A1BC0ABAF6BF}: NameServer = 206.47.244.43 207.164.234.41
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe



and here is my Ewido report

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:38:21 PM, 12/3/2005
+ Report-Checksum: F6351CE3

+ Scan result:

HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historystring -> Spyware.ISTBar : Error during cleaning
HKU\S-1-5-21-2052111302-1844823847-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2052111302-1844823847-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2052111302-1844823847-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-2052111302-1844823847-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@chumtv.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@e-2dj6wjlokgdpgdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Alex\Cookies\alex@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Alex\Local Settings\Temp\optimize.exe -> Downloader.Dyfuca.EI : Cleaned with backup
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\6H4XY5QP\power_remove[1].exe -> Downloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\DA75X28E\optimize[1].exe -> Downloader.Dyfuca.EI : Cleaned with backup
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\K92B0PAB\ysb_prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\QCT0TOHP\SAcc.prod.v1122.24nov2005.exe[1].2e6793ca7e87b5105de91a2c23d3fc77 -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\Alex\Start Menu\Programs\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Barb\Cookies\barb@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@cbs.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@efashionsolutions.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@msnportal.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Tuck\Cookies\tuck@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\eied_s7.cab/eied_s7_c_28.exe -> Downloader.Mediket.au : Cleaned with backup
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup


::Report End

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 December 2005 - 07:15 PM

Boot in "safe mode". If you have more than one account, be sure to log on to an account that has "administrator" privileges.


Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL


Go to:

Start --> Run

In the box type in regedt then hit <enter> (or click OK)

Navigate to the key:

HKEY_LOCAL_MACHINE\Software\ISTbar

<right-click>

Choose: Permissions --> Advanced --> Owner

Change the owner to the account you are currently logged on as. Click Apply --> OK

Close the windows to get back to the main "Registry Editor" window.

<right-click> on:

HKEY_LOCAL_MACHINE\Software\ISTbar <-- This key

And choose Delete

Boot in normal mode, and let me know how things went.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#9 sohungry

sohungry

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 03 December 2005 - 07:44 PM

Im having some problems with this step when i type in "regedit" or "regedt" nothing happens. I managed to get it open by typing "regedit.exe" so i hope thats the same thing. i follow all you steps exactly but i cant seem to navigate to HKEY_LOCAL_MACHINE\Software\ISTbar i click on "HKEY_LOCAL_MACHINE" then i click on "Software" but thats where i get stuck, i cant seem to find ISTbar, it's just not there please advice

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 December 2005 - 07:49 PM

Try it this way.
It might be gone but the scan showed this:
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning


With Regedit open, Make sure My Computer is highlighted. At the top of the window click edit> Find> then copy and paste the following into the window.

YourSiteBar

Then click find now.
When you find the entry right click on it and select delete, answer ok at the prompt.
Next, press "F3" to continue searching, if another instance is found, repeat the above steps, until you see the "completed searching" message.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove

#11 sohungry

sohungry

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 03 December 2005 - 08:34 PM

i did what you said, but i came to an entry that wouldnt let me delete it. i right clicked, hit delete, clicked okay and then i got an error message saying it was unable to delete the file. please advise.

#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 December 2005 - 08:38 PM

Did you change the Permissions? If so and it wouldn't delete, reboot in Safe Mode and the try it.

Choose: Permissions --> Advanced --> Owner

Change the owner to the account you are currently logged on as. Click Apply --> OK

Edited by LDTate, 03 December 2005 - 08:40 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#13 sohungry

sohungry

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 03 December 2005 - 08:58 PM

I hate to sound dumb, but where exactly do i find this "permissions" menu?

#14 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 December 2005 - 09:02 PM

I hate to sound dumb, but where exactly do i find this "permissions" menu?

Don't worry about that :thumbup:

Just change the file name to what ever it is that your wanting to delete

Go to:

Start --> Run

In the box type in regedt.exe then hit <enter> (or click OK)

Navigate to the key:

HKEY_LOCAL_MACHINE\Software\ISTbar

<right-click>

Choose: Permissions --> Advanced --> Owner

Change the owner to the account you are currently logged on as. Click Apply --> OK

Close the windows to get back to the main "Registry Editor" window.

<right-click> on:

HKEY_LOCAL_MACHINE\Software\ISTbar <-- This key

And choose Delete

Boot in normal mode, and let me know how things went.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#15 sohungry

sohungry

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 03 December 2005 - 09:08 PM

alright....i think it worked . everything appears to be running smoothly. Thanks alot, I'll be sure to let you know if anything goes wrong, but so far so good.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·