Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

LONG TIME NEEDED HELP

Started by paperausa , Aug 23 2005 05:05 PM

  • Please log in to reply

#1
paperausa
Posted 23 August 2005 - 05:05 PM

paperausa

    New Member

  • Member
  • Pip
  • 6 posts
Hi there!
I tried everything you suggested before bothering you but my explorer still freezes every minute!
Could you please help? Thank you.
A very frustrated Italian mom. (Paperausa) :tazz:

Here is the Hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 3:56:45 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Protector Plus\PPAVMon.exe
C:\Program Files\Protector Plus\PPServ.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PROTEC~1\PPTbc.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Protector Plus\POPSCAN.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Roberta Lonati\Desktop\Ad-Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.italiansonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MSEvents Object - {28DFFB3C-A6C2-481B-B8D7-AD205DECBA6E} - C:\WINDOWS\Config\keydoc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PP2000 Taskbar Control] C:\PROGRA~1\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Manager HotSync.LNK = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124575823625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: dvdtask - C:\WINDOWS\msagent\dvdtask.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: keydoc - C:\WINDOWS\Config\keydoc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protector Plus Anti-virus Monitor Service (ProtectorPlusAVMonitor) - Unknown owner - C:\Program Files\Protector Plus\PPAVMon.exe
O23 - Service: Protector Plus Service (ProtectorPlusService) - Unknown owner - C:\Program Files\Protector Plus\PPServ.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
Wizard
Posted 23 August 2005 - 07:08 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi paperausa and Welcome to GeekstoGo!

Please download VundoFix.zip to your desktop.
  • Double-click VundoFix.zip and extract it to your C:\ directory.
  • Copy the instructions below and paste them into Notepad for reference.
    • All other windows need to be closed while doing this fix!
  • Navigate to the new folder C:\VundoFix
  • Double click on KillVundo.bat
    • When it starts running it will tell you that you need an active internet connection then ask you to press any key once you do.
  • Please press any key to continue.
  • Wait for HiJackThis to open.
  • When HiJackThis opens, click Do a system scan only. Place a check next to the following items, if found:

    O2 - BHO: MSEvents Object - {28DFFB3C-A6C2-481B-B8D7-AD205DECBA6E} - C:\WINDOWS\Config\keydoc.dll

    O20 - Winlogon Notify: dvdtask - C:\WINDOWS\msagent\dvdtask.dll (file missing)

    O20 - Winlogon Notify: keydoc - C:\WINDOWS\Config\keydoc.dll

  • Once they all have a check next to them, click the FIX CHECKED button, then close HiJackThis.
You will once again be prompted to press any key. Upon doing so this time you will receive a "Blue Screen Of Death". Don't worry, this is normal! Let the computer reboot. If it doesn't boot straight to windows, manually turn the computer off and then back on.

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from Ewido and Panda!

As well as the contents of vundofix.txt which can be found in this folder: C:\VundoFix
  • 0

#3
paperausa
Posted 24 August 2005 - 04:29 PM

paperausa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you Cretemonster, :tazz:
I really need your help: am I doing any better? :)

I followed your instructions and here come the 3 new reports:

Logfile of HijackThis v1.99.1
Scan saved at 3:25:30 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PROTEC~1\PPTbc.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Protector Plus\POPSCAN.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Protector Plus\PPAVMon.exe
C:\Program Files\Protector Plus\PPServ.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Documents and Settings\Roberta Lonati\Desktop\Ad-Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.italiansonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PP2000 Taskbar Control] C:\PROGRA~1\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Manager HotSync.LNK = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124575823625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protector Plus Anti-virus Monitor Service (ProtectorPlusAVMonitor) - Unknown owner - C:\Program Files\Protector Plus\PPAVMon.exe
O23 - Service: Protector Plus Service (ProtectorPlusService) - Unknown owner - C:\Program Files\Protector Plus\PPServ.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:18:26 PM, 8/24/2005
+ Report-Checksum: 93D5D041

+ Scan result:

C:\Program Files\Spy Cleaner\Backup\03_30_200521_43_51.zip/1.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\03_30_200521_43_51.zip/2.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\03_30_200521_43_51.zip/3.scl -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\03_30_200521_43_51.zip/4.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\03_30_200521_43_51.zip/5.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\03_30_200521_43_51.zip/6.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\03_30_200521_43_51.zip/7.scl -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\03_30_200521_43_51.zip/8.scl -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\03_30_200521_43_51.zip/9.scl -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/0.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/1.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/10.scl -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/12.scl -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/13.scl -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/2.scl -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/3.scl -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/4.scl -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/5.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/6.scl -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/7.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/8.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_06_200521_44_01.zip/9.scl -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_09_200507_22_12.zip/0.scl -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_09_200507_22_12.zip/1.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_09_200507_22_12.zip/2.scl -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/0.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/1.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/10.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/11.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/12.scl -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/13.scl -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/2.scl -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/3.scl -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/4.scl -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/5.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/6.scl -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/7.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/8.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_15_200514_34_41.zip/9.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_23_37.zip/0.scl -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_23_37.zip/1.scl -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_23_37.zip/2.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_23_37.zip/3.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_23_37.zip/4.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_23_37.zip/5.scl -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_33_33.zip/1.scl -> Spyware.Cookie.Overture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_33_33.zip/10.scl -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_33_33.zip/11.scl -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_33_33.zip/12.scl -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_33_33.zip/13.scl -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_33_33.zip/15.scl -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_33_33.zip/4.scl -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_33_33.zip/5.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_33_33.zip/6.scl -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_16_200518_33_33.zip/7.scl -> Spyware.Cookie.Overture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_17_200509_31_00.zip/0.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_17_200509_31_00.zip/3.scl -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_19_200509_13_25.zip/1.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_19_200509_13_25.zip/2.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_19_200509_13_25.zip/3.scl -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_19_200509_13_25.zip/4.scl -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_19_200509_13_25.zip/5.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_20_200522_23_43.zip/0.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_20_200522_23_43.zip/1.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_20_200522_23_43.zip/2.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_20_200522_23_43.zip/3.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_20_200522_23_43.zip/4.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_20_200522_23_43.zip/6.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_20_200522_23_43.zip/8.scl -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\04_21_200510_27_14.zip/0.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/1.scl -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/10.scl -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/11.scl -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/16.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/17.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/2.scl -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/20.scl -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/22.scl -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/25.scl -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/26.scl -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/3.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/4.scl -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/5.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/6.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/7.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/8.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_19_200507_52_04.zip/9.scl -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/10.scl -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/11.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/12.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/13.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/14.scl -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/15.scl -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/16.scl -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/19.scl -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/2.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/20.scl -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/22.scl -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/24.scl -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/26.scl -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/3.scl -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/30.scl -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/32.scl -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/34.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/35.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/36.scl -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/37.scl -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/4.scl -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/40.scl -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/41.scl -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/42.scl -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/46.scl -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/47.scl -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/49.scl -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/5.scl -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/50.scl -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/7.scl -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/8.scl -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\05_28_200519_13_49.zip/9.scl -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_09_200522_10_30.zip/7.scl -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_12_200508_31_47.zip/2.scl -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_13_200522_44_57.zip/3.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_13_200522_44_57.zip/6.scl -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_13_200522_44_57.zip/8.scl -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_23_200521_28_14.zip/2.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_23_200521_28_14.zip/3.scl -> Spyware.Cookie.Overture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_23_200521_28_14.zip/5.scl -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_23_200521_28_14.zip/6.scl -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_26_200508_24_51.zip/0.scl -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_26_200508_24_51.zip/4.scl -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_26_200508_24_51.zip/5.scl -> Spyware.Cookie.Overture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_26_200508_24_51.zip/7.scl -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_26_200508_24_51.zip/8.scl -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\06_26_200510_41_59.zip/1.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_10_200508_10_42.zip/11.scl -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_10_200508_10_42.zip/12.scl -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_10_200508_10_42.zip/13.scl -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_10_200508_10_42.zip/15.scl -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_10_200508_10_42.zip/3.scl -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_10_200508_10_42.zip/8.scl -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_10_200508_58_04.zip/0.scl -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_10_200508_58_04.zip/1.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_11_200520_54_00.zip/2.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_11_200520_54_00.zip/5.scl -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_16_200523_30_37.zip/2.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_16_200523_30_37.zip/3.scl -> Spyware.Cookie.Overture : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_23_200523_50_46.zip/0.scl -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_23_200523_50_46.zip/2.scl -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_23_200523_50_46.zip/3.scl -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_23_200523_50_46.zip/5.scl -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_23_200523_50_46.zip/7.scl -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Spy Cleaner\Backup\07_23_200523_50_46.zip/8.scl -> Spyware.Cookie.Falkag : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup


::Report End


Incident Status Location

Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Roberta Lonati\Desktop\VundoFix\VundoFix\backups\backup-20050824-094001-609.dll
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Config\keydoc.dll
Possible Virus. No disinfected C:\WINDOWS\Temp\ASHeuristic\ProcessViewer.exe.vir
  • 0

#4
Wizard
Posted 24 August 2005 - 06:28 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Looking much better,just a little clenup left!

Right-Click Here and Click "Save As" to download DelDomains.inf to your desktop.

Right Click DelDomains.inf on your desktop and select "Install"

It will perform a silent process>Give it a minute to run!


Make sure Windows and Showing Hidden Files
http://www.bleepingc...ut62.html#winxp

Please delete the following

C:\WINDOWS\Config\keydoc.dll<- File

C:\WINDOWS\Temp\ASHeuristic<- Folder

Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

C:\Windows\Temp

C:\Windows\System32\Temp

C:\Documents and Settings\Owner\Local Settings\Temp

C:\Documents and Settings\<Your Profile>\Local Settings\Temp

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp

Empty your "Recycle Bin"

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning!!)


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...p2002/hosts.htm

Made Easy
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Go ahead and remove any of the tools downloaded that are of no use anymore!

Post back and let me know how things are?
  • 0

#5
paperausa
Posted 24 August 2005 - 08:25 PM

paperausa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you again!
I followed all the steps down to the disk clean up but could not find these:

C:\Windows\System32\Temp

C:\Documents and Settings\Owner\Local Settings\Temp

C:\Documents and Settings\<Your Profile>\Local Settings\Temp

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp

Should I go on or do something else?

By the way, could you tell me in simple words what is the problem?

I really appreciate your prompt help!

:tazz:
  • 0

#6
Wizard
Posted 25 August 2005 - 04:37 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
To try to explain what happened will be a chore!

I have to get ready for a day of Heart Doc appts,so I will better explain later today!

Easiest explanation!

Some garbage attached itself to some very critical system files!

Had we just deleted or removed the files and reg keys!

The system would have said poo on you and wouldnt have restarted!

So thats why all the particular steps!


To help keep the Temp Files cleaned!


CleanUp! 4.0:
http://cleanup.stevengould.org/


CCleaner:
http://www.filehippo...d_ccleaner.html


Ill be back later today!

Go ahead and ask any other questions you need answered and I will do my best!
  • 0

#7
paperausa
Posted 25 August 2005 - 07:57 AM

paperausa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi and thank you again :) !
My computer runs regularly now and this is soooo much appreciated!
I understand the garbage thing.... better not to know all the details!
What is the Heart Doc job you have?
Should I keep looking for those file/folders I could not find? :tazz:
Take care. :)
  • 0

#8
Wizard
Posted 25 August 2005 - 06:27 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,there are a group of System Files that Windows has to have to be able to Operate!

Much like a car needs to gas and oil to run!

When a bug attaches itself to this System File,you have to disinfect the System File as well get rid of the bug!

This can be most interesting to accomplish since you have to catch the bug before it loads into the System File and the files function!

So basically,you have to pause the boot sequence between the time the PC is turned on and the time the first or second file begins to load and then kill the bug, remove the entries that activate the bug and restore or abort the boot sequence!

Now I am Confused!! :) LMAO!!!!!!!!!!! :)


You asked about the Heart Doc?

Well,lets just say,I am lucky to be here!

I have been home about a week and a half from the Hospital!

I got me a 3 week vacation in ICU-> CCU-> Observation-> and then a regular room!

No need to get into details! :tazz:

Things seem to be sorted and I should have recovered all my speech and walking abilities by Christmas! :)


As for those Temp Folders,it would be best that you try to locate those!

CCleaner and CleanUp will keep this cleaned up for the most part but its best you know how to find them!

When in Doubt-> Click Start-> Search-> Type in Temp for a System Search and they will all appear in the Search Window!


Feel free to ask any other questions!
  • 0

#9
paperausa
Posted 26 August 2005 - 10:12 AM

paperausa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
How scary! I am glad to hear that you are recovering!
Thank you again for all the help and explainations... I am just a home user and nowadays you must know so much to use a computer and not getting into trouble with all these bad stuff!
I understand it is a brain challenge to find the way to get rid of it and luckily thare are people like you who are willing to do so. But who are the bad guys?
I will try to resuscitate my old laptop that I am now thinking I put to retirement because of some malware attack I did not recognize. In case, I will contact you... always nice to have an extra pc to have my daughter play with (4: she wants to sit in my lap and push the keys... can you imagine!) :tazz:
Thank you again and take care!
Roberta
  • 0

#10
Wizard
Posted 27 August 2005 - 04:25 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Bring me that old laptop and lets see what we can do with it!

I think some of the answers you seek may be in these 2 links in my signature

Browser Hijacking & How to Stop It!

What are Hackers looking for on your PC?


I can always dig up more info but the bottom line is,this is all about easy money and the quest for it!
  • 0

#11
paperausa
Posted 29 August 2005 - 11:15 AM

paperausa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ciao Cretemonster,
Just tried to put together the old laptop again but realized it is not worthy.
Thank you again for your help and all the best to you.
Roberta
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP