TechSpot

mid year pc clean-up

By zulanders
Jul 6, 2007
Topic Status:
Not open for further replies.
  1. hei guys!

    i am doing some in-depth scan of my pc...
    below are the the result from combofix,avgspyware and hijackthis

    i do have couple of question:

    1) i notice that one of the tool "look2me-destroyer" is no longer use.
    may i know why?

    2) in "ccleaner" there is a button name 'issues'. i press the scan for issues button it display many missing key and other mumbo-jumbo. can i use ccleaner to resolve the issues or just leave it alone?

    by the way, rootkit did not found anything....
  2. Daveskater

    Daveskater Banned Posts: 2,031

    when you scan for issues in CCleaner it scans your registry for things that have been left behind or aren't right, e.g. if you uninstall something it might leave bits behind in the registry and CCleaner will find them and you can remove them.

    basically if you scan for issues and fix all of them you can't really do any harm as long as you do a backup of the registry, i'd recommend putting a folder in My Documents or somewhere called Registry Backups, or in the CCleaner install directory, it's up to you really

    also if you scan with CCleaner in its other mode (can't remember what it's called - cleanup or something?) you can remove files that aren't necessarily useful like temporary files that didn't get deleted.

    i would look at your hijack this log but don't know what to look for ;)
  3. raybay

    raybay TS Evangelist Posts: 10,716   +6

    There is never a sure fix with any Regisitry edit or fix. CCleaner is as dangerous as any if you don't take a considerable amount of time to readup on CCleaner, and on the registry. As much damage is caused by registry editors as is caused by infestations sometimes.
    I will be interested in what forum gurus such as Momok, Harold_Hopkinson and respected commentators such as kitty500cat have to say
  4. zulanders

    zulanders TS Rookie Topic Starter Posts: 40

    yeah the issues found... well some of it i can identify it as some of the old program that i have remove but some how left some "data" in the registry or something....

    i just want to know if its safe to be used..... the program found a lot of issues but i dont know what the program found.... and is it safe to remove those issues?....
  5. raybay

    raybay TS Evangelist Posts: 10,716   +6

    The sad part is, there is no way to know for sure. I use CCleaner as a scanner... but I use RegClean to remove whatever I remove...

    But I think CCleaner does give you an opportunity to restore the removed items if you discover problems.
  6. zulanders

    zulanders TS Rookie Topic Starter Posts: 40

    is RegClean is good? i mean is it safe? or you know which to remove?
  7. momok

    momok TS Rookie Posts: 2,272

    Hi,

    The look2medestroyer tool was removed sometime back after I had a brief discussion with Howard regarding ComboFix. ComboFix has inbuilt code to target look2me infection and many others, therefore we felt that was an unnecessary tool.

    Regarding ccleaner, I run it weekly and do the following:
    Analyze + run cleaner.
    Scan and fix all the issues after saving registry file. (I usually just name it something simple and replace the old one each time. So far no problems have occurred for me and I have never found the need to restore a backup)

    Initially issues in ccleaner arose from old keys/values pointing to invalid or missing files. Nowadays, mine shows nothing much, except for MUI reference issues, and the occasional missing font. (I work often in photoshop and add and remove fonts sometimes)

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

    Boot into safe mode under your normal user name. See how HERE
    Next turn on "Show all files and folders, including hidden and system". See how HERE

    1. Go to start > run and type services.msc. Press the enter key.
      Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
      Boonty Games

    2. Go to start > Control Panel > Add and Remove Programs.
      Remove anything related to the following:
      Boonty Games

    3. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      O2 - BHO: (no name) - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - (no file)

      O3 - Toolbar: (no name) - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)

      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

      Close HJT.

    4. I'd like you to do a search on your system for all instances of RavMonE.exe and delete them.

    5. Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.
      [​IMG]
      This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.
    6. Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of zulanders only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  8. zulanders

    zulanders TS Rookie Topic Starter Posts: 40

    aaaa.... momok

    am i going blind..... coz i cant see your attachment in your post???

    can you teach me how to back-up registry? i think i want to use the ccleaners issues solver...
  9. momok

    momok TS Rookie Posts: 2,272

    Hi, I am very sorry. Here it is.

    Regards,
    Your friendly momok =)

    This thread is for the use of zulanders only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

    Attached Files:

  10. zulanders

    zulanders TS Rookie Topic Starter Posts: 40

    done cleaning

    sorry for the late reply...

    here is the fresh log...but there is is two thing i cant do...

    1] i cant find any boonty related games and hijackthis cant find its service

    2] i found nothing on RavMonE.exe

    can you teach me how to back-up registry plz :eek:
  11. momok

    momok TS Rookie Posts: 2,272

    Hi,

    When you select fix issues, ccleaner will prompt you to save your registry state. Just save it somewhere you can remember, perhaps in C:\.

    Please follow these instructions carefully.

    1. Download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached "avengerscript.txt" (from my attachment) and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the attachment avengerscript.txt you have just downloaded, click on it and press open.
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT, ComboFix and AVG Antispyware log.


    Regards,
    Your friendly momok =)

    This thread is for the use of zulanders only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. zulanders

    zulanders TS Rookie Topic Starter Posts: 40

    quick question:

    do i run antispyware in normal or safe mode?
  13. raybay

    raybay TS Evangelist Posts: 10,716   +6

    Run everything first in regular mode, then when in SafeMode, run all that will run once more. There are a number of infestions that run and hide, then lurk in ShutDown, only to reappear when you boot up again.
    Running in Safemode limits the evil software they can be found again by the removal tool
  14. zulanders

    zulanders TS Rookie Topic Starter Posts: 40

    freash logs

    here is the log from avenger and other scanner result...

    this is new, i never heard this "avenger" program...

    is there something wrong/bad in side my pc?

    anyway antispyware did not show anything both in safe and normal mode.
  15. zulanders

    zulanders TS Rookie Topic Starter Posts: 40

    sorry to disturb but may i know if my pc is already virus cleaned or not,
    because i want to install new program.... thank you...
  16. raybay

    raybay TS Evangelist Posts: 10,716   +6

    Your system, as represented in those logs makes it appear you have no serious infestations. With your level of concern, Before Install, I would run one last spyware scan in normal and again in Safe Mode, and the save for antivirus and rootkit software.
    I would also install the free Adaware 2007, SpyBot 14, and Windows Defender if they are not yet on your machine.
    Free versions are usually more trouble as designed in to motivate your purchase of the paid version. So Be certain you regularly run the manual scans of whatever freeware you are using.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.