Help [RESOLVED] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Help [RESOLVED] Please

#1 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 09 March 2006 - 09:16 PM

HELP
Slow pc and dial up connection errors....

froeign numbers in dial up connection...

help

Logfile of HijackThis v1.99.1
Scan saved at 11:05:17 PM, on 09/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
E:\Program Files\Athan\Athan.exe
E:\WINDOWS\system32\itunesff.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Norton AntiVirus 2005\navapsvc.exe
E:\Program Files\Norton AntiVirus 2005\IWP\NPFMntor.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\System32\Tablet.exe
E:\WINDOWS\System32\NAMED.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\program files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Welcome To The Realm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus 2005\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus 2005\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Athan] E:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [itunesff] E:\WINDOWS\system32\itunesff.exe -go -c7 -w10
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [BootWarn] E:\Program Files\Norton AntiVirus 2005\BootWarn.exe /a
O4 - HKLM\..\Run: [NAMED] E:\WINDOWS\System32\NAMED.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - E:\WINDOWS\System32\vbsys2.dll
O23 - Service: Ad-Axis Server - Unknown owner - E:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus 2005\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus 2005\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus 2005\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINDOWS\System32\Tablet.exe

#2 Antartic-Boy

  • Group: Visiting Consultant
  • Posts: 1,120
  • Joined: 23-September 05

Posted 10 March 2006 - 12:23 PM

Hi silentarts, and welcome to Geeks to Go.

I'm currently analyzing your log, and will post instructions to start with the clean up soon :tazz: .

#3 Antartic-Boy

  • Group: Visiting Consultant
  • Posts: 1,120
  • Joined: 23-September 05

Posted 10 March 2006 - 12:46 PM

-----------------------1

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - E:\WINDOWS\System32\vbsys2.dll

Now close all windows and browsers other than HiJackThis, then click Fix Checked.
Close HijackThis.

-----------------------2

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    E:\WINDOWS\System32\vbsys2.dll
c:\eied_s7.cab



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.

  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

-----------------------3

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti-malware it is a free version of the program.
  • Install ewido anti-malware
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu

  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.

  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

-----------------------4

Jotti File Submission:
  • Please go to Jotti's malware scan

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • E:\WINDOWS\system32\itunesff.exe

  • Click on the submit button

  • Please post the results in your next reply.
Do the same with the following file:

E:\WINDOWS\System32\NAMED.exe

-----------------------5

Please post me the Ewido Log and the Jotti Scan results along with a fresh Hjt Log and tell me how is the computer running now..

#4 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 12 March 2006 - 03:56 PM

OK…
-----------------------1

I removed what you told me to remove… here is the hijack this log…

Logfile of HijackThis v1.99.1
Scan saved at 08:35:39 AM, on 13/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Norton AntiVirus 2005\navapsvc.exe
E:\Program Files\Norton AntiVirus 2005\IWP\NPFMntor.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\System32\Tablet.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\program files\hijackthis\HijackThis.exe
E:\Program Files\ewido anti-malware\ewidoguard.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\Documents and Settings\Administrator\Desktop\To fix\KillBox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Welcome To The Realm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus 2005\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus 2005\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Athan] E:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [BootWarn] E:\Program Files\Norton AntiVirus 2005\BootWarn.exe /a
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ad-Axis Server - Unknown owner - E:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005\aaserver.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus 2005\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus 2005\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus 2005\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINDOWS\System32\Tablet.exe

-----------------------2

Killbox went fine… files removed

-----------------------3

This ran well also… here is the log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 02:48:55 PM, 13/03/2006
+ Report-Checksum: 9C5277F6

+ Scan result:

C:\System Volume Information\_restore{78400791-59A8-4E99-A4A4-9F34EC997D88}\RP26\A0015872.exe -> Proxy.Agent.ic : Cleaned without backup
:mozilla.37:E:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7vdb5uc7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned without backup
E:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
E:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned without backup
E:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned without backup
E:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt -> TrackingCookie.Adtech : Cleaned without backup
E:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned without backup
E:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned without backup
E:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned without backup
E:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned without backup
E:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned without backup
E:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned without backup
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KT6V4TIJ\eied_s7_7[1].cab/eied_s7_c_7.exe -> Downloader.Mediket.bt : Cleaned without backup
E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8TAVKP2F\p3[1].tar -> Proxy.Agent.ic : Cleaned without backup
:mozilla.14:E:\Program Files\Firefox\profile\cookies.txt -> TrackingCookie.Adtech : Cleaned without backup
:mozilla.15:E:\Program Files\Firefox\profile\cookies.txt -> TrackingCookie.Adtech : Cleaned without backup
E:\WINDOWS\internt.exe -> Trojan.LipGame.i : Cleaned without backup
E:\WINDOWS\system32\NAMED.exe -> Proxy.Agent.ic : Cleaned without backup
G:\All My Stuff\Trillian Pro 3.1.121 Cracked Version\SnD-Patch\Trillian3.x.exe -> Trojan.Agent.jh : Cleaned without backup
G:\All My Stuff\Trillian_Pro_3.1.121_cracked.Final.zip/Trillian Pro 3.1.121 Final/SnD-Patch/Trillian3.x.exe -> Trojan.Agent.jh : Cleaned without backup
G:\Downloads\Cracks\nbproldr.exe -> Not-A-Virus.VirTool.Win32.Patcher.a : Cleaned without backup
G:\Downloads\CrackSearcher.exe -> Not-A-Virus.HackTool.Win32.CrackSearch.a : Cleaned without backup
G:\Downloads\Newer Downloads\Crack Searcher.zip/Crack Searcher/Cracks/N/E/NewsBin_Pro_v4.2_build_4389_by_TSRH.zip/nbproldr.exe -> Not-A-Virus.VirTool.Win32.Patcher.a : Cleaned without backup
G:\Downloads\Newer Downloads\Crack Searcher.zip/Crack Searcher/CrackSearcher.exe -> Not-A-Virus.HackTool.Win32.CrackSearch.a : Cleaned without backup
G:\Downloads\Newer Downloads\HTTP Brute Forcer.exe -> Trojan.Pakes : Cleaned without backup
G:\Downloads\Newer Downloads\ist_remove.exe -> Downloader.IstBar.mx : Cleaned without backup
G:\Downloads\Newer Downloads\RockXP.exe/xpkey.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Cleaned without backup
G:\Downloads\Newer Downloads\RockXP.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Cleaned without backup


::Report End

-----------------------4

None of the files in this section was not there…

#5 Antartic-Boy

  • Group: Visiting Consultant
  • Posts: 1,120
  • Joined: 23-September 05

Posted 15 March 2006 - 04:03 AM

-----------------------1

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

-----------------------2

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

-----------------------3

Post me a fresh Ewido Log and tell me how is the computer running now..

#6 silentarts

  • Group: Member
  • Posts: 168
  • Joined: 15-May 05

Posted 19 March 2006 - 02:32 PM

Working good man... thanks

kool

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 03:04:29 PM, 19/03/2006
+ Report-Checksum: 6922723C

+ Scan result:

No infected objects found.


::Report End

#7 Antartic-Boy

  • Group: Visiting Consultant
  • Posts: 1,120
  • Joined: 23-September 05

Posted 19 March 2006 - 03:25 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1