Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

slow connection speed

Started by warrenbuffet , Jun 08 2005 11:25 PM

  • This topic is locked This topic is locked

#1
warrenbuffet
Posted 08 June 2005 - 11:25 PM

warrenbuffet

    Member

  • Member
  • PipPip
  • 55 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:23:53 AM, on 6/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP2\System32\smss.exe
C:\WINXP2\system32\winlogon.exe
C:\WINXP2\system32\services.exe
C:\WINXP2\system32\lsass.exe
C:\WINXP2\system32\svchost.exe
C:\WINXP2\System32\svchost.exe
C:\WINXP2\system32\spoolsv.exe
C:\WINXP2\Explorer.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
C:\WINXP2\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINXP2\System32\tcpsvcs.exe
C:\WINXP2\System32\snmp.exe
C:\WINXP2\System32\mqsvc.exe
C:\WINXP2\System32\mqtgsvc.exe
C:\WINXP2\System32\cidaemon.exe
C:\WINXP2\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\mike\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?pcscm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINXP2\bvbre.dll/sp.html#24098
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?pcscm (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdo...com/success.htm
R3 - Default URLSearchHook is missing
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - Startup: StickyNote.lnk = C:\Program Files\StickyNote\StickyNote.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AdsGone 2003.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116467397750
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAACC274-55CF-48AB-AEFA-FFBC547600D1}: NameServer = 69.50.176.156 195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O19 - User stylesheet: C:\WINXP2\stsheets.dat
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINXP2\aim.exe (file missing)
O23 - Service: Microsoft Registry Viewer (dumpreg) - Unknown owner - C:\WINXP2\dumpreg.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

Advertisements

#2
insipid
Posted 08 June 2005 - 11:44 PM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
warrenbuffet, your log shows no indication of anti-virus or firewall software running. I strongly urge you to download and install AVG Free Edition and Kerio or Sygate Firewall. I will work on a response to your log as you do.

Links to these programs can be found in my signature below.

Edited by insipid, 08 June 2005 - 11:46 PM.

  • 0

#3
insipid
Posted 09 June 2005 - 12:17 AM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
warrenbuffet, next set of instructions:

Please download Atribune's Find batch from here:
http://www.atribune....nloads/find.zip
Unzip it to the desktop and run Find.bat. This should create a file in the same folder called report.txt. Please post the entire text of this file here for me.
  • 0

#4
warrenbuffet
Posted 09 June 2005 - 10:44 AM

warrenbuffet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ok i ran find.exe. shortly after it created report1, then report2. and after a while it copied the contents of those files and created log.txt.... so this is what's inside log.txt:


C:\WINXP2\SYSTEM32\DRIVERS\
tapem.sys Wed Jul 16 2003 12:41:38p A.... 31,744 31.00 K

C:\WINDOWS\SOFTWA~1\DOWNLOAD\6CA7B3~1\
atinxbxx.sys Wed Aug 4 2004 1:29:32a A.... 31,744 31.00 K
wceusbsh.sys Wed Aug 4 2004 2:08:46a A.... 31,744 31.00 K

3 items found: 3 files, 0 directories.
Total of file sizes: 95,232 bytes 93.00 K

No matches found.

  • 0

#5
insipid
Posted 09 June 2005 - 11:11 AM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
  • Please download the Killbox.
  • Unzip it to the desktop but do NOT run it yet.
  • Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
  • Once in Safe Mode, please run Killbox.
  • Click "Delete on Reboot".
  • Paste the following into the top "Full Path of File to Delete" box.
    • C:\WINDOWS\System32\drivers\tapem.sys
  • Click the red-and-white "Delete File".
  • Click "Yes" at the Delete on Reboot prompt.
  • Click "No" at the Pending Operations prompt.
  • Repeat steps 5-9 above for this file:
    • C:\WINDOWS\stsheets.dat
Restart your computer in normal mode, and then please run HijackThis, click Scan, and check:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?pcscm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINXP2\bvbre.dll/sp.html#24098
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?pcscm (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O1 - Hosts: 1159680172 auto.search.msn.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O19 - User stylesheet: C:\WINXP2\stsheets.dat
O23 - Service: Microsoft Registry Viewer (dumpreg) - Unknown owner - C:\WINXP2\dumpreg.exe (file missing)

Please delete these files using Windows Explorer(if present):

C:\WINXP2\bvbre.dll


Close all open windows except for HijackThis and click Fix Checked. Restart your computer once more and please post a new HijackThis log.
  • 0

#6
warrenbuffet
Posted 09 June 2005 - 11:21 AM

warrenbuffet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
after i ran hijackthis, what do you want me to check? i know you listed those paths in the post, but how do you want me to check those? and the only file i need to delete is bvbre.dll right?
  • 0

#7
warrenbuffet
Posted 09 June 2005 - 11:25 AM

warrenbuffet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
nevermind i know what you mean by checking now... the boxes :tazz:
i'll get right on it with the instructions.. be back when it's all done
  • 0

#8
insipid
Posted 09 June 2005 - 11:27 AM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
Yes, that's the only file after the Killbox step. For HijackThis, place a checkmark next to those entries I list, close all open windows and browsers, and click 'Fix Checked'.
  • 0

#9
warrenbuffet
Posted 09 June 2005 - 11:56 AM

warrenbuffet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ok i just ran killbox in safemode and did the steps you told me for those two files,however aftewards it showed me a prompt box saying "PendingFIleRename Operation Registory Data Had been removed by external process... click ok" so i did and then clicked exit to get out of the program... is this correct? i just want to make sure i did this step correctly
  • 0

#10
warrenbuffet
Posted 09 June 2005 - 12:09 PM

warrenbuffet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
also are you sure i'm supposed to delete those files under C:\windows and C:\windows\system32\drivers\ ?

'cuz if you look at the first post with the hijackthis log, i think it says C:\winxp2

the reason for this is because i had some problems with the cmputer before and ms told me to do a parallel install taht's why i have a new folder called winxp2 with all the system files in addition to the old stuff i had in C:\windows
  • 0

Advertisements

#11
insipid
Posted 09 June 2005 - 02:46 PM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
warrenbuffet, I apologize, those are the wrong filepaths. I simply didn't edit the speech.

Substitute these paths in Killbox:

C:\winxp2\System32\drivers\tapem.sys
C:\winxp2\stsheets.dat

and do the fix again. Answer 'No' at the Pending Operations' prompt and reboot manually. Then continue with the fix from there. Please post a fresh HJT log when done.
  • 0

#12
warrenbuffet
Posted 09 June 2005 - 04:27 PM

warrenbuffet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 6:23:42 PM, on 6/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP2\System32\smss.exe
C:\WINXP2\system32\winlogon.exe
C:\WINXP2\system32\services.exe
C:\WINXP2\system32\lsass.exe
C:\WINXP2\system32\svchost.exe
C:\WINXP2\System32\svchost.exe
C:\WINXP2\system32\spoolsv.exe
C:\WINXP2\Explorer.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINXP2\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINXP2\System32\tcpsvcs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINXP2\System32\snmp.exe
C:\WINXP2\System32\mqsvc.exe
C:\WINXP2\System32\mqtgsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\mike hu\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdo...com/success.htm
O4 - Startup: StickyNote.lnk = C:\Program Files\StickyNote\StickyNote.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AdsGone 2003.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116467397750
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINXP2\aim.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Microsoft Registry Viewer (dumpreg) - Unknown owner - C:\WINXP2\dumpreg.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

what's next? :tazz:
  • 0

#13
insipid
Posted 09 June 2005 - 04:40 PM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
warrenbuffet, that's much better, but we need to get rid of two bad services.

To stop a service and set to 'disabled':
  • Go to Start > Run and type in Services.msc then click OK
  • Click the Extended tab.
  • Scroll down until you find the AOL Instant Messanger (note the 'a' in Messanger)
  • Click once on the service to highlight it.
  • Click Stop
  • Right-Click on the service and select 'Properties'
  • Select the 'General' tab
  • Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
  • From the drop-down menu, click on 'Disabled'
  • Click the 'Apply' tab, then click 'OK'
The service is now stopped and disabled. Please repeat the process for Microsoft Registry Viewer.

Rescan with HijackThis and place a checkmark next to the following entries:

O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINXP2\aim.exe (file missing)
O23 - Service: Microsoft Registry Viewer (dumpreg) - Unknown owner - C:\WINXP2\dumpreg.exe (file missing)

Now, close all windows including your browser and then click "Fix Checked" in Hijackthis.

Please delete these files using Windows Explorer(if present):

C:\WINXP2\aim.exe
C:\WINXP2\dumpreg.exe


Next, clean out all the temporary files and cookies on your system. Go to Start > Run and enter: cleanmgr. Let it scan your system for files to remove. Check these three boxes and then press ok to remove: Temporary Files, Temporary Internet Files, Recycle Bin.

Reboot and post a new HJT log for review.
  • 0

#14
warrenbuffet
Posted 09 June 2005 - 05:13 PM

warrenbuffet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:10:45 PM, on 6/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP2\System32\smss.exe
C:\WINXP2\system32\winlogon.exe
C:\WINXP2\system32\services.exe
C:\WINXP2\system32\lsass.exe
C:\WINXP2\system32\svchost.exe
C:\WINXP2\System32\svchost.exe
C:\WINXP2\system32\spoolsv.exe
C:\WINXP2\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINXP2\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINXP2\System32\tcpsvcs.exe
C:\WINXP2\System32\snmp.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINXP2\System32\mqsvc.exe
C:\WINXP2\System32\mqtgsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\mike hu\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdo...com/success.htm
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: StickyNote.lnk = C:\Program Files\StickyNote\StickyNote.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AdsGone 2003.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116467397750
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6C75707-AAB4-4FAD-BAE4-0DCA2AE58D35}: NameServer = 69.50.176.156,195.225.176.31
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
  • 0

#15
insipid
Posted 09 June 2005 - 05:18 PM

insipid

    Visiting Staff

  • Member
  • PipPipPip
  • 313 posts
Your log is clean :tazz:. How's it running?

Windows System Restore can and does backup malware files which can then be reinstalled if you ever restore to a previous point. To prevent this, we need to purge your Restore points:

Go to Start->Control Panel->System, System Restore. Click "Turn off System Restore". That will erase all restore points. You will be prompted to reboot. When Windows restarts, immediately go back in and uncheck "Turn off System Restore" to re-enable it. Windows will automatically create a new restore point.

To reduce re-infection potential for malware in the future:

Please read Tony Klein's article: So how did I get infected in the first place?.

It is extremely important to keep Windows and Internet Explorer up-to-date. Please go to http://v5.windowsupd...t.aspx?ln=en-us regularly and install ALL critical updates.

It would be a good idea to install a firewall if you don't have one . Here are a few free ones:
Kerio Personal Firewall
Zone Alarm
Sygate Personal Firewall

I strongly recommend installing three free programs: SpywareBlaster, SpywareGuard, and IE/Spyad.

Use AdAware SE and Spybot S&D regularly to scan your system. Links to excellent tutorials on these programs are in my signature below.

Finally, I suggest downloading and trying Mozilla Firefox browser. Firefox is a free fully functional browser. It's much safer than Internet Explorer.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP