Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antispyware Master


  • Please log in to reply

#16
chubb3g114

chubb3g114

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello Tal
Have changed apperance and screen saver and all is ok.

Scanning Report
Friday, May 23, 2008 18:47:48 - 20:26:09

Computer name: VAUPROP6102
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 19 malware found
AdWare.Win32.Virtumonde (spyware)

* System

Tracking Cookie (spyware)

* System

Trojan.Win32.Monder (virus)

* System

Trojan.Win32.Monder.gen (virus)

* C:\WINDOWS\SYSTEM32\BFPPLBWO.DLL
* C:\WINDOWS\SYSTEM32\CJCHINLD.DLL
* C:\WINDOWS\SYSTEM32\FNYBIPOK.DLL
* C:\WINDOWS\SYSTEM32\MTRDLWXU.DLL
* C:\WINDOWS\SYSTEM32\OUNVEUHJ.DLL
* C:\WINDOWS\SYSTEM32\SQFJBUUY.DLL
* C:\WINDOWS\SYSTEM32\SUEKDHXN.DLL
* C:\WINDOWS\SYSTEM32\VKTSONCP.DLL
* C:\WINDOWS\SYSTEM32\XJMQOCLX.DLL
* C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20080520-094338-912.DLL (Renamed & Submitted)

Vundo.gen179 (virus)

* C:\WINDOWS\SYSTEM32\GLFXBKOS.DLL (Submitted)
* C:\WINDOWS\SYSTEM32\IKMLIWQX.DLL (Submitted)
* C:\WINDOWS\SYSTEM32\JAKXHTYM.DLL
* C:\WINDOWS\SYSTEM32\MXUUOODW.DLL (Submitted)

Vundo.gen38 (virus)

* C:\WINDOWS\SYSTEM32\DNTEFXGY.INI (Submitted)

W32/Suspicious_N.gen (virus)

* C:\PROGRAM FILES\DVDFAB PLATINUM 4\DVDFABPLATINUM.EXE (Submitted)

Statistics
Scanned:

* Files: 39199
* System: 4038
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 18
* Submitted: 6

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{A2E85D9F-1229-4206-BDE9-C8C62ECD26C5}.BIN

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Blacklight: 1.0.68
* F-Secure Hydra: 2.8.8110, 2008-05-23
* F-Secure Pegasus: 1.20.0, 2008-04-15
* F-Secure AVP: 7.0.171, 2008-05-23

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

Advertisements


#17
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Looking clean! :) Let's just delete several files and see a new DSS.

Navigate to the directory where you placed The Avenger.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\SYSTEM32\BFPPLBWO.DLL
C:\WINDOWS\SYSTEM32\CJCHINLD.DLL
C:\WINDOWS\SYSTEM32\FNYBIPOK.DLL
C:\WINDOWS\SYSTEM32\MTRDLWXU.DLL
C:\WINDOWS\SYSTEM32\OUNVEUHJ.DLL
C:\WINDOWS\SYSTEM32\SQFJBUUY.DLL
C:\WINDOWS\SYSTEM32\SUEKDHXN.DLL
C:\WINDOWS\SYSTEM32\VKTSONCP.DLL
C:\WINDOWS\SYSTEM32\XJMQOCLX.DLL
C:\WINDOWS\SYSTEM32\DNTEFXGY.INI

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log (it will only produce main.txt this time) .
  • 0

#18
chubb3g114

chubb3g114

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello Tal

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\SYSTEM32\BFPPLBWO.DLL" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\BFPPLBWO.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\CJCHINLD.DLL" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\CJCHINLD.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\FNYBIPOK.DLL" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\FNYBIPOK.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\MTRDLWXU.DLL" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\MTRDLWXU.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\OUNVEUHJ.DLL" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\OUNVEUHJ.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\SQFJBUUY.DLL" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\SQFJBUUY.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\SUEKDHXN.DLL" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\SUEKDHXN.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\VKTSONCP.DLL" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\VKTSONCP.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\XJMQOCLX.DLL" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\XJMQOCLX.DLL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\SYSTEM32\DNTEFXGY.INI" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Deckard's System Scanner v20071014.68
Run by IT on 2008-05-24 09:58:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.77 GiB (less than 15%) free.


-- HijackThis (run as IT.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:43, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\AnyTrial.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IT\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\IT.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: bw+0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp :) - C:\WINDOWS\AnyTrial.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 18061 bytes

-- Files created between 2008-04-24 and 2008-05-24 -----------------------------

2008-05-23 18:43:56 0 d-------- C:\fsaua.data
2008-05-23 11:33:41 0 d-------- C:\Program Files\Microsoft Works
2008-05-21 18:17:15 70595238 --a------ C:\registrybackup.reg
2008-05-18 08:51:29 0 d-------- C:\VundoFix Backups
2008-05-17 08:46:44 713919 --ahs---- C:\WINDOWS\system32\tEhjjkkj.ini2
2008-05-16 18:45:47 687396 --ahs---- C:\WINDOWS\system32\vGgjiRqr.ini2
2008-05-16 18:21:31 0 d-------- C:\Program Files\Trend Micro
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\IT\Application Data\SUPERAntiSpyware.com
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 17:23:49 0 d-------- C:\Program Files\Panda Security
2008-05-16 09:56:08 1414 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-16 09:55:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-16 09:55:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-16 09:55:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-16 09:55:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-16 09:55:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-16 09:33:04 725822 --ahs---- C:\WINDOWS\system32\opstBJjl.ini2
2008-05-15 12:36:36 125440 --a------ C:\WINDOWS\system32\ikmliwqx.dll
2008-05-15 12:35:45 11770 --ahs---- C:\WINDOWS\system32\ppXEOqru.ini2
2008-05-15 09:37:46 134656 --a------ C:\WINDOWS\system32\glfxbkos.dll
2008-05-15 09:34:46 125440 --a------ C:\WINDOWS\system32\mxuuoodw.dll
2008-05-15 08:58:44 436266 --ahs---- C:\WINDOWS\system32\aJlUCcdd.ini2
2008-05-14 17:34:04 419128 --ahs---- C:\WINDOWS\system32\gOpVDJjl.ini2
2008-05-14 15:37:28 418382 --ahs---- C:\WINDOWS\system32\PVyJRqss.ini2
2008-05-14 15:01:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 14:42:38 0 d-------- C:\WINDOWS\pss
2008-05-14 12:29:54 0 d-------- C:\Program Files\Enigma Software Group
2008-05-12 21:16:16 0 d-------- C:\Program Files\Lavasoft
2008-05-10 17:00:03 0 d-------- C:\Documents and Settings\IT\.housecall6.6
2008-05-09 13:57:44 0 d-------- C:\Bitdefender back-up
2008-05-09 13:22:46 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-09 11:04:17 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-09 11:04:03 0 d-------- C:\Documents and Settings\IT\Application Data\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Program Files\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-09 10:51:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-09 10:48:58 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-08 17:41:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 14:03:04 443813 --ahs---- C:\WINDOWS\system32\tutDJkkj.ini2
2008-05-08 13:56:14 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 13:55:46 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-29 13:57:56 0 d-------- C:\ISIS
2008-04-29 13:57:32 246272 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2008-04-29 13:57:30 0 d-------- C:\Documents and Settings\IT\WINDOWS
2008-04-25 20:44:04 0 dr-h----- C:\Documents and Settings\IT\Recent


-- Find3M Report ---------------------------------------------------------------

2008-05-23 20:43:03 0 d-------- C:\Documents and Settings\IT\Application Data\BitTorrent
2008-05-22 19:02:20 82015 --a------ C:\logfile
2008-05-17 10:33:29 0 d-------- C:\Program Files\lg_fwupdate
2008-05-16 17:24:03 2530 --a------ C:\WINDOWS\mozver.dat
2008-05-12 22:55:19 2002 --a------ C:\Documents and Settings\IT\Application Data\wklnhst.dat
2008-05-12 21:15:12 0 d-------- C:\Program Files\Common Files
2008-05-09 13:19:28 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-05-04 12:32:53 0 d-------- C:\Documents and Settings\IT\Application Data\Vso
2008-04-23 08:28:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 17:08:09 0 d-------- C:\Program Files\TomTom HOME 2
2008-04-22 16:58:23 0 d-------- C:\Program Files\TomTom HOME
2008-04-19 18:09:37 0 d-------- C:\Documents and Settings\IT\Application Data\DNA
2008-03-03 21:05:17 668 --a------ C:\Documents and Settings\IT\Application Data\vso_ts_preview.xml
2008-03-03 21:03:32 34 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.log
2008-03-03 21:03:26 47360 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-03 21:03:26 1144 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.inf
2008-03-03 21:03:26 7887 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.cat
2008-02-24 16:55:09 15872 --ahs---- C:\WINDOWS\AnyTrial.exe <Not Verified; Dr.Pc Putte Corp :); AnyTrial>
2008-02-24 16:50:42 73 --a------ C:\WINDOWS\system32\installerror.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/05/2008 13:21]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [09/05/2008 13:21]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"PMX Daemon"=ICO.EXE
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"Persistence"=C:\WINDOWS\system32\igfxpers.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"10e053bb"=rundll32.exe "C:\WINDOWS\system32\gqkhstvd.dll",b
"BM13d36027"=Rundll32.exe "C:\WINDOWS\system32\pofavgit.dll",s
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f264675-e51b-11dc-8cd7-00188b6175a8}]
AutoRun\command- G:\InstallTomTomHOME.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-05-24 09:59:17 ------------
  • 0

#19
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
And we are clean :) How is the computer doing?

Let's just update your Java.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

  • 0

#20
chubb3g114

chubb3g114

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello Tal

The computer appears to be running just fine, have updated Java.
Thanks for all your help and time in helping me get rid of this awfull virus.
What is the best way to ensure I keep the computer virus free?

David :)
  • 0

#21
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi David :)

You're welcome. Below, I will give you a list of programs and procedures that will help you keep your computer virus-free. Good luck!

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Tal
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP