HJT LOG.. Please help again...

[Lukey114]

I messed up my computer again. i am horrible. would anyone mind helping me again? thanks..

Logfile of HijackThis v1.99.1
Scan saved at 9:44:11 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Lucas\My Documents\hjt\HijackThis.exe

O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp5ED9.tmp (file missing)
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - LxrJD31s.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

[MicroBell]

Sorry...you didn't follow or complete your other log...so I'm not going to waste my time with this one.

 

[Lukey114]

That one is my girlfriends computer. im fixing that tonight, and i will have an updated log. I tried to explain to her, but shes not good enough with computers to figure it all out.
Please help me though. my computer is so bad that i cant even log onto my main account, i had to create another account. it keeps installing Malware programs every time i reboot.

 

[MicroBell]

Lucas,

Please follow though until this is concluded. Open up the msconfig utility and take the system off of selective startup.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

• Ad-Aware® SE Personal Edition
  *Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
  
• Spybot Search & Destroy
• CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure itÂ’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

• Download win32delfkil.exe.
• Save it on your desktop.
• Double click on win32delfkil.exe and install it. This creates a new folder on your desktop called win32delfkil.
• Close all windows and open the win32delfkil folder and double click on fix.bat.
• Once the tool has finished the computer will reboot automatically. If it does not reboot or asks you to shut down...please do so manually by powering the PC off and then on again by holding down the power button. DO NOT select shut down by any other menu as this will cause the fix to fail!
• Post the contents of the logfile c:\windelf.txt along with the other logs at the end of this fix.
  
  Download smitRem.exe and save the file to your desktop.
  
  *Note* Alternate download site for smitrem... http://www.downloads.subratam.org/smitRem.exe
  
  Double click on the file to extract it to it's own folder on the desktop.
  
  Place a shortcut to Panda ActiveScan on your desktop.
  
  Please download the trial version of Ewido Security Suite here:
  http://www.ewido.net/en/download/
  
  Please read Ewido Setup Instructions
  Install it, and update the definitions to the newest files. Do NOT run a scan yet.
  
  If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
  Ad-Aware SE Setup
  Don't run it yet!
  
  Next, please reboot your computer in SafeMode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.
  Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:
  
  O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp5ED9.tmp (file missing)
  O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
  
  Close HiJackThis.
  
  Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
  Wait for the tool to complete and disk cleanup to finish.
  
  The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
  
  
  Open Ad-aware and do a full scan. Remove all it finds.
  
  
  Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
  Close Ewido
  
  Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
  
  Reboot back into Windows and click the Panda ActiveScan shortcut.
  ** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
  Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
    [*] Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
    [*] Click on see report. Then click Save report
  
  Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt , the windelf.txt log, and the Ewido Log by using Add Reply.

 

[Lukey114]

First i want to say thanks a ton. ill do everything you say this time.
(i cant find the ewido log for some reason)

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 10:18:51 PM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - LxrJD31s.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe



---------------------------------------------------------------------------------Heres the log for win32delfkil

************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
g118234.dll
g118656.dll
g148876296.dll
g204609.dll
g238421.dll
g277265.dll
g324875.dll
g385625.dll
g763343.dll
g799015.dll
g844546.dll
g877281.dll
adsldpbf.dll
alt.exe

File(s) found in system32 folder
--------------------------------
browsela.dll

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} REG_SZ NetWrap for Windows
{31EE3286-D785-4E3F-95FC-51D00FDABC01} REG_SZ Master Browseui

Notify key
----------
subkey browsela is present!



AFTER RUNNING WIN32DELFKIL






----------------------------------------------------------------------------------

Smitrem log



smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 01/09/2006
The current time is: 20:34:47.23

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

Security Toolbar


~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

netwrap.dll
svcp.csv
1024 dir
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
logfiles


~~~ Icons in System32 ~~~

ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 852 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!


--------------------------------------------------------------------------------


Panda Activescan log



Incident Status Location

Adware:adware/azesearch Not disinfected C:\WINDOWS\SYSTEM32\phhr.bat
Adware:adware/adsmart Not disinfected C:\WINDOWS\SYSTEM32\vx.tll
Dialer:dialer.xd Not disinfected C:\WINDOWS\switchagreement.txt
Adware:adware/alexa-toolbar Not disinfected Windows Registry
Adware:adware/secure32 Not disinfected C:\WINDOWS\system32\drivers\etc\hosts
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-15216549-5090c178.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-16331361-7476b0d2.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1740a0eb-4a9399df.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-25e0f5b-4f9cafae.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-45b94317-3a6af086.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-476b1dc1-18186e07.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-54a9a965-75916d6d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-54a9a965-7e73878e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6d70ec1f-43a7367f.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-5a100adb-64cfe8cc.zip[Dummy.class]
Virus:Trj/ClassLoader.W Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-5a100adb-64cfe8cc.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7d2c9337-17e9d80a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv234.jar-2d572f72-7db7af2d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Lucas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-be2fb19-7e24b8bc.zip[Dummy.class]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Lucas\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Lucas\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Lucas\Desktop\win32delfkil\Process.exe
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Test\Cookies\test@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Test\Cookies\test@belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Test\Cookies\test@dist.belnk[1].txt
Spyware:Cookie/SpySheriff Not disinfected C:\Documents and Settings\Test\Cookies\test@www.spysheriff[1].txt
Spyware:Spyware/Smitfraud Not disinfected C:\Documents and Settings\Test\Local Settings\Temp\SSLanguage.ini
Adware:Adware/SpywareStrike Not disinfected C:\Documents and Settings\Test\Local Settings\Temp\~nsu.tmp\Au_.exe
Dialerialer.Gen Not disinfected C:\WINDOWS\switchagreement.txt

 

[MicroBell]

Again I'm asking you to TAKE THE SYSTEM OFF OF SELECTIVE STARTUP!

Click Start>>Run>>Type in msconfig. ONce that loads check "Load all devices and drivers" then reboot the system.

Please follow the instructions on this page for clearing out your java cache. http://www.java.com/en/download/help/cache_virus.xml


Download and install Cleanup but DO NOT run it yet!

Download KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Run Ewido:

• Click [Scanner]
• Click [Complete System Scan] to begin scanning.
• Click [OK] when prompted to clean files
• With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
• Once finished, click the [Save report] button
• Save the report to your desktop

Close Ewido

*Note* Save the report to a folder of your choice...but post it's log.

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletionÂ…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINDOWS\SYSTEM32\phhr.bat
C:\WINDOWS\SYSTEM32\vx.tll
C:\WINDOWS\switchagreement.txt

Once you reboot...run another Panda scan..and post it's log along with the Ewido log.

 

[Lukey114]

For some reason, it keeps choosing Selective startup again.
Well, heres my logs

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:11:13 AM, 1/15/2006
+ Report-Checksum: ABE12CD2

+ Scan result:

No infected objects found.


::Report End



Incident Status Location

Adware:adware/alexa-toolbar Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\hjt\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\hjt\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\hjt\win32delfkil\Process.exe

 

[MicroBell]

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below.


Reset hidden/system files and folders

Windows XP
===============

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Windows 2000
===============

• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Select the Advanced settings box option.
• Select the Hidden files Folders.
• Deselect the Show all files option.
• Click Yes to confirm.
• Click OK.

Windows ME
===============

• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Windows 95/98/98SE
===============

• Open My Computer.
• Select the View
• Select the Folder Options option.
• Select the View tab. option.
• Select the Advance Advanced settings box option.
• Select the Hidden files folder.
• Deselect the Show all files option
• Click Apply to confirm.
• Click OK.

Create a new System Restore point

Windows XP
===============

• Click Start >> Run - type SYSDM.CPL & press Enter
• Select the System Restore Tab
• Tick on the checkbox - "Turn off System Restore on all drives"
• Click Apply
• Then untick the same checkbox & click OK
• This deletes ALL restore points that had the infection and creates a clean one

Windows ME
===============

• Click the Start tab.
• Select the Settings option.
• Select the Control Panel option.
• Double Click the System icon Performance tab option.
• Select File System
• Select the Troubleshooting tab
• Check the Disable System Restore box
• Click Apply to confirm.
• Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option

• Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.

• Click the Start button.
• Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
• Choose Create a restore point, and then click Next.
• In the Restore point description box, type a name for your restore point, and then click Next.
  Click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• Tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Please visit Microsoft's Window's Update Page and install the latest service packs, patchÂ’s and security updates for your system.


Recommended Protection Programs

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
• WinPatrol to monitor any changes that programs make to the registry.

If you do not have a firewall, here are 4 free ones available for personal use:

• ZoneAlarm
• Avast Antivirus/firewall
• Tiny Personal Firewall
• OutPost Firewall

In todayÂ’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use:

• Grisoft AVG Anti-Virus System
• Alwil Avast 4 Home Edition
• Softwin BitDefender Free Edition Version 8

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

Please stay safe out there and take the helpful advice thatÂ’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place.