[Rawe]

Delete..

C:\PROGRAM FILES\joystick networks
C:\PROGRAM FILES\ARES\NavHelper
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
C:\Program Files\FSI\F-Prot\fpav-help.chm
C:\Program Files\InstallShield Installation Information\{9FD12630-1991-46F5-8479-92DE1EAE87DA}\data1.cab[fpav-help.chm][prob-scan-ok.html]

Empty recycle bin.. Any particular problems?

- Rawe

[Advertisements]

ok, couple problems as always. i couldn't find:

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
C:\Program Files\InstallShield Installation Information\{9FD12630-1991-46F5-8479-92DE1EAE87DA}\data1.cab[fpav-help.chm][prob-scan-ok.html]


Also, i uninstalled Ewido the other day and while looking for these files i found a folder named ewido. I tried deleting it, and was got the "access denied" because "shellhook.dll" could be in use...any suggestions?

Janna

[Janna]

ok, couple problems as always. i couldn't find:

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
C:\Program Files\InstallShield Installation Information\{9FD12630-1991-46F5-8479-92DE1EAE87DA}\data1.cab[fpav-help.chm][prob-scan-ok.html]


Also, i uninstalled Ewido the other day and while looking for these files i found a folder named ewido. I tried deleting it, and was got the "access denied" because "shellhook.dll" could be in use...any suggestions?

Janna

[Rawe]

First, delete all other files from the Ewido folder.. Then move that shellhook.dll (It will be there), somewhere else, maybe at desktop. Delete the Ewido folder.. Empty recycle bin and reboot. You should now be able to delete that last file.

Are you noticing any problems on your PC?

[Janna]

No problems other than my computer booting up a little slower than it used to before all this happened to it... but nothing i cant deal with! I am very grateful for your help, thank you very much. Just a couple more things and i guess that's it.
I am uninstalling some of the programs i used throughout this process. I have AVG, Spybot, Ad-Aware SE, Hi-JackThis, Norton and F-prot for windows. Out of these, if any, do you suggest i keep for future scans and protection that i can do on my own. I dont want to keep all of them, unless neccessary. Do you have suggestions for anything better than any of these? I really dont like F-prot. it tends to give me crazy messages, but since its for windows i didnt know if it would hurt to delete it. Also, i have something called "viewpoint" that mysteriously appeared in my uninstall list. Is this spyware i need to delete? Thanks again for all your time and help....
Janna

[Rawe]

Go ahead and uninstall Viewpoint, it's something which sometimes installs to a users computer without asking the permissions..

Is F-prot Anti-virus software??

Can you post a new HiJackThis log and I'll see if I can fasten up your boot up.

- Rawe

[Janna]

Yeah, F-prot is anti-virus software. Its evidently for Windows, but i cant stand it.

Logfile of HijackThis v1.99.1
Scan saved at 4:06:00 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RaConfig2500.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS\system32\RaConfig2500.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb04.pog...aploader_v6.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

thanks rawe...

[Rawe]

You have AVG, get rid of F-prot.

Fix this line in HiJackThis:

O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe

Delete this folder: C:\WINDOWS\system32\vidctrl\

Empty recycle bin. The slowdown is because you have 2 anti-virus apps installed which isn't recommended.

- Rawe

[Janna]

hey rawe,
fixed the file in HJT, it wasnt there for me to delete...uninstalled F-prot. do i need to keep spy bot or is ad aware enough?
janna

[Rawe]

Great job it appears your logfile is clean.

**Re-hide hidden files option IF you modified earlier**

Let's clear out your restore points now.

Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".

Reboot.

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".

System Restore will now be active again. Be sure to set a new restore point, and if you need additional help with that, here's a link; http://filext.com/in...thread.php?t=27

Here's some tips for future to prevent spyware;

Detect and Remove Programs:

• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
• How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

• AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
• Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
• More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.

And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)

Visit;
http://www.windowsupdate.com

Most important is to remember Microsoft's security updates.. Make sure to install them.

- Rawe

If you want to learn how to help people with malware problems like I helped you, feel free to take a look at this thread; http://www.geekstogo...here-t4817.html

[Rawe]

I would suggest running Ad-aware & SpyBot with updated definitions from time to time, as well as keeping your anti-virus/firewall software updated.. Install AT LEAST SpywareBlaster. Google toolbar as well (if you decide not to use Firefox).

- Rawe

[Janna]

i dont know what a restore point is...much less how to set a new one..SO of course the link to help me doesnt work.

[Rawe]

It works for me

To set a System Restore Point...

• Open the Start menu
  
  
• Open the Programs menu
  
  
• Open the Accessories menu
  
  
• Open the System Tools menu
  
  
• Finally, start System Restore
  
  
• Pick the option for setting a System Restore Point and click on the Next button
  
  
• Fill in a name for the restore point so you can find it and click on the Create button
  
  
• Click on the Close button when done

If you need to restore the system to a particular point or change the options Windows uses to set restore points use the System Restore tool as well.

- Rawe

[Janna]

well, go figure the link didnt work the other day, but as soon as you type out all the instructions it works, lol....sorry! well, thank you very much for all your help and the time you have taken to figure out and fix these problems. my computer is running great. well, i guess that's it then?
janna

[Rawe]

Yep, that's it then.

[Kat]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.