2nd HJ/Log,Panda Log,Ewido (st3.dll) - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware > HijackThis Logs (finished)
Click Here to Login
 
 
Thread Tools Display Modes
 
Old 12-10-2005, 07:13 PM   #1 (permalink)
Newb Techie
 
Join Date: Dec 2005
Posts: 10
Default 2nd HJ/Log,Panda Log,Ewido (st3.dll)

Here's the log after following MicroBell's instructions. Thanks for taking a look and helping me out!!!!!!!!

Ralpher

Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:30:09 PM, 12/9/2005
+ Report-Checksum: 45C7EF09

+ Scan result:

C:\Program Files\LimeShop\LimeShop.exe -> Spyware.TopMoxie : Cleaned with backup
C:\RECYCLER\NPROTECT\00016095.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00016100.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00016110.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00016115.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00016121.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00016134.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00016145.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00016176.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00016179.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00016180.TXT -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc12.exe -> Spyware.MyWebSearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc3.exe/CSSecure.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc3.exe/dmproxy.dll -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc3.exe/dmserver.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc3.exe/DMUpdate.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc3.exe/CSSecure.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc3.exe/dmproxy.dll -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc3.exe/dmserver.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc3.exe/DMUpdate.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc4.exe/CSSecure.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc4.exe/dmproxy.dll -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc4.exe/dmserver.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc4.exe/DMUpdate.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc4.exe/CSSecure.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc4.exe/dmproxy.dll -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc4.exe/dmserver.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc4.exe/DMUpdate.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc6.exe/CSSecure.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc6.exe/dmproxy.dll -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc6.exe/dmserver.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc6.exe/DMUpdate.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc6.exe/CSSecure.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc6.exe/dmproxy.dll -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc6.exe/dmserver.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc6.exe/DMUpdate.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc7.exe/CSSecure.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc7.exe/dmproxy.dll -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc7.exe/dmserver.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc7.exe/DMUpdate.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc7.exe/CSSecure.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc7.exe/dmproxy.dll -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc7.exe/dmserver.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc7.exe/DMUpdate.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc8.exe/CSSecure.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc8.exe/dmproxy.dll -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc8.exe/dmserver.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc8.exe/DMUpdate.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc8.exe/CSSecure.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc8.exe/dmproxy.dll -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc8.exe/dmserver.exe -> Spyware.CometCursor : Cleaned with backup
C:\RECYCLER\S-1-5-21-2641184444-973697773-229216036-1007\Dc8.exe/DMUpdate.exe -> Spyware.CometCursor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000006.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000007.exe -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000008.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000009.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000010.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000011.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000031.dll -> Downloader.Delf.h : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000181.DLL -> Spyware.FunWeb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000182.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000183.SCR -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000185.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000186.EXE -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000188.DLL -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000189.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000190.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000372.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.dll -> Downloader.Delf.lh : Cleaned with backup
C:\unzipped\hijackthis[1]\backups\backup-20041227-164249-331.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS250.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS250.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS250.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gdnUS250.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\gdnUS250.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\gdnUS250.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\gdnUS250.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS250.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__st3.dll -> Downloader.Delf.h : Cleaned with backup


::Report End


Panda:


Incident Status Location

Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\a.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\LimeShop\System\Code\bf.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\bq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\LimeShop\System\Code\bs.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\dc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\dm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\du.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\dx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\i.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\j.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\p.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\q.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\s.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\t.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\LimeShop\System\Code\u.class
Spyware:Spyware/RedhotnetworksNot disinfected C:\unzipped\hijackthis[1]\backups\backup-20041227-164248-311.inf


HJ/Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:48:58 PM, on 12/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Lakeland Communications
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\SYSTEM32\3DNATO~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

Thanks again!

Ralpher
__________________

__________________
Ralpher is offline  
Old 12-10-2005, 09:22 PM   #2 (permalink)
Monster Techie
 
Join Date: Oct 2002
Posts: 1,134
Default

Ralpher,

Please DO NOT start a new thread with any logs. Keep them in ONE thread...as it's too hard to follow it around.

Please empty both the Norton recycle bin as well as windows.

Download DelDomains.inf
Right-click and select..... Save Target As

To use: Right-click and select....... Install (no need to restart)
**Note** This will remove all entries in the "Trusted Zone"


Run hijackthis and fix the follow if they are still listed.

O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com


Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log".

I then need you to repeat the same procedure above again... using the TrendMicro scan tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.


Let me know how the system is running.
__________________

__________________
We Are The BORG Spyware KILLER and Adware Destroyer!


Spyware/Adware Remover Downloads
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Old 12-11-2005, 07:55 AM   #3 (permalink)
Newb Techie
 
Join Date: Dec 2005
Posts: 10
Default

Hello MicroBell,
Sorry for starting a new thread. Have a hard time 'logging in' after cleaning everything. No cookies for this site and I can't find a 'log in' button or tab.
Followed your instructions (never got the chance to save file for MicroTend Scan Utility) and the scan finished saying no treats found - system seams clean and running well.
Do I create a new Restore point now?

Thanks again!!!!!!!

Ralpher
__________________
Ralpher is offline  
Old 12-11-2005, 03:28 PM   #4 (permalink)
Monster Techie
 
Join Date: Oct 2002
Posts: 1,134
Default

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below.


Reset hidden/system files and folders

Windows XP
===============
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Windows 2000
===============
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Select the Advanced settings box option.
  • Select the Hidden files Folders.
  • Deselect the Show all files option.
  • Click Yes to confirm.
  • Click OK.

Windows ME
===============
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Windows 95/98/98SE
===============
  • Open My Computer.
  • Select the View
  • Select the Folder Options option.
  • Select the View tab. option.
  • Select the Advance Advanced settings box option.
  • Select the Hidden files folder.
  • Deselect the Show all files option
  • Click Apply to confirm.
  • Click OK.



Create a new System Restore point

Windows XP
===============
  • Click Start >> Run - type SYSDM.CPL & press Enter
  • Select the System Restore Tab
  • Tick on the checkbox - "Turn off System Restore on all drives"
  • Click Apply
  • Then untick the same checkbox & click OK
  • This deletes ALL restore points that had the infection and creates a clean one

Windows ME
===============
  • Click the Start tab.
  • Select the Settings option.
  • Select the Control Panel option.
  • Double Click the System icon Performance tab option.
  • Select File System
  • Select the Troubleshooting tab
  • Check the Disable System Restore box
  • Click Apply to confirm.
  • Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option
  • Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.
  • Click the Start button.
  • Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
  • Choose Create a restore point, and then click Next.
  • In the Restore point description box, type a name for your restore point, and then click Next.
    Click OK



Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • Tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  • WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:

In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:



In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!


Spyware/Adware Remover Downloads
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 12:02 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.