Before Posting a Hijack This Log
#1
Posted 25 February 2007 - 05:50 PM
Register to Remove
#2
Posted 26 February 2007 - 08:54 AM
Double click HJTsetup.exe to begin installation.*By default it will install to C:\Program Files\HijackThis.
*Continue to click Next in the setup dialog boxes until you get to the Select Addition Tasks dialog.
*Put a check by Create a desktop icon then click Next again.
*Continue to follow the prompts from there.
*When HJT opens, click on the Do a system scan and save a log file button.
*When HJT has finished scanning, a window entitled "hijackthis.log" will open - when you close this window the log will be saved into the hijackthis folder.
Copy and paste this log into your reply by using the Add Reply button on the lower right hand side of the screen. Note: After you click the Add Reply post the entire contents of the HJT log into the text box. Then scroll down and click Add Reply. You can preview what your post will look like by clicking the Preview Post button first. If you're happy with the way it looks then click Add Reply.
Regards,
Dave
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#3
Posted 01 March 2007 - 10:43 AM
Here are the instructions for downloading and running AVG.
Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop
and double-click it to launch the set up program.
Run AVG Anti-Spyware and update the definition files.
On the main screen select the icon Update then select the Start Update Button. The progress bar will show the updates being installed.
Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
In the Settings screen click on Recommended actions and then select Quarantine.
Under Reports:
*Select Automatically generate report after every scan
*Un-Select Only if threats were found
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.Reboot your computer into SafeMode. You can do this by restarting
your computer and tap the F8 key just before the loading Windows screen appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or
programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the Scanner icon at the top and then the Scan tab
then click on Complete System Scan.
AVG will now begin the scanning process, be patient this may take a little
time.
Once the scan is complete do the following:
*If you have any infections you will prompted, then select Apply all
actions
*Next select the Reports icon at the top.
*Select the Save report as button in the lower left hand of the
screen and save it to a text file on your system (make sure to remember where
you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the
results of the AVG Anti-Spyware report scan along with a new HijackThis log.
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#4
Posted 01 March 2007 - 07:12 PM
Scan saved at 12:34:49 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\TurboNote\tbnote.exe
C:\Program Files\WordWeb\wweb32.exe
C:\HIJACKTHIS 1\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.world2search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T Worldnet Service
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Add Feed to Tristana Reader - res://C:\Program Files\Tristana Reader\Reader.exe/AddContent.js
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I think that "020 Winlogon Notify" is a large part of the problem.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:11:08 PM 3/1/2007
+ Scan result:
C:\System Volume Information\_restore{33944CCD-5B8B-4781-8E9C-3CA5ACCF8CAD}\RP2\A0001741.exe -> Adware.eNSHandle : Cleaned.
C:\System Volume Information\_restore{33944CCD-5B8B-4781-8E9C-3CA5ACCF8CAD}\RP2\A0001743.dll -> Adware.SideSearch : Cleaned.
C:\System Volume Information\_restore{33944CCD-5B8B-4781-8E9C-3CA5ACCF8CAD}\RP2\A0001742.exe -> Adware.SpywareRem : Cleaned.
C:\Documents and Settings\Lab-4\Cookies\lab-4@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1292428093-839522115-1957994488-1004\Dc422.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1292428093-839522115-1957994488-1004\Dc424.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1292428093-839522115-1957994488-1004\Dc425.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1292428093-839522115-1957994488-1004\Dc426.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-1292428093-839522115-1957994488-1004\Dc427.txt -> TrackingCookie.2o7 : Cleaned.
::Report end
And here the tracking cookie 207 is right back on there again. Also when I run the AVG AntiVirus,
there is a new file listed as changed that wasn't before the guy worked on it. It is called: "ntoskrnl.exe"
I have a legit copy (the kink Microsoft Employees get he said) that is activated but he used some sort
of his stuff. For this I paid $107.00? Wah!
#5
Posted 01 March 2007 - 08:19 PM
I know you are frustrated with having to pay someone who only caused more problems and all but...
No, No, NOOO! That is part of Windows Genuine Advantage and is a perfectly legitimate entry. DO NOT FIX IT!I think that "020 Winlogon Notify" is a large part of the problem.
As I said before...tracking cookies are totally harmless.And here the tracking cookie 207 is right back on there again.
I'm not understanding you here. That file, ntoskrnl.exe, is a legitimate windows file. What are you talking about?Also when I run the AVG AntiVirus,
there is a new file listed as changed that wasn't before the guy worked on it. It is called: "ntoskrnl.exe"
I have a legit copy (the kink Microsoft Employees get he said) that is activated but he used some sort
of his stuff. For this I paid $107.00? Wah! sad.gif
I would recommend you try running DR Web Cureit! again. Here are the instructions:
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
- Back at the main window, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found:
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) - After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#6
Posted 03 March 2007 - 03:27 AM
#7
Posted 03 March 2007 - 07:57 AM
Run through the instructions found at this link and let me know how you make out:
http://www.theelderg.../repair_ie6.htm
Dave
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#8
Posted 04 March 2007 - 06:34 AM
#9
Posted 04 March 2007 - 08:28 AM
As an alternative you can download and try the free Firefox browser. No this is not a fix to the problem but might be a temporary work around. I personally use the Firefox browser almost exclusively now.
http://www.mozilla.com/en-US/
Dave
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#10
Posted 04 March 2007 - 02:45 PM
Register to Remove
#11
Posted 04 March 2007 - 04:33 PM
Not sure what you mean here. The browser will not protect you all by itself. You need to have adequate protection in place otherwise. And we need to be mindful of where we go online. I like to refer to that as my "Common Sense Security Suite 2007" software (just joking of course but think about it).I always thought highly of Firefox but the last time I used it a few months ago all kinds of things were getting in
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#12
Posted 05 March 2007 - 09:28 AM
#13
Posted 05 March 2007 - 10:42 AM
Both what? The IE fix and what else? And you said you "backed away" from the fix so how do we know if it would have worked or not?I already did them both before I saw your post. No effect.
Not sure how that could happen but as I have said before. Cookies are not malware.I was getting cookies through Firefox after I had removed it.
At this point I'm not quite sure how I can help you here. The last HJT log you posted appeared to be clean. The scans are also not picking up anything malicious. We seem to be going around in circles also. Let's try this:
1. Post a fresh HJT log for review.
2. Describe the main problem you are having at this point.
Dave
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#14
Posted 06 March 2007 - 08:29 AM
Dennis
Logfile of HijackThis v1.99.1
Scan saved at 6:23:03 AM, on 3/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TurboNote\tbnote.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HIJACKTHIS 1\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.world2search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by
AT&T Worldnet Service
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download
Express\Add_Url.htm
O8 - Extra context menu item: Add Feed to Tristana Reader - res://C:\Program Files\Tristana
Reader\Reader.exe/AddContent.js
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A9FE6D6-0AB7-4E9E-9B07-27744207E055}: NameServer = 204.127.160.3
12.102.240.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7A9FE6D6-0AB7-4E9E-9B07-27744207E055}: NameServer = 204.127.160.3
12.102.240.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
#15
Posted 06 March 2007 - 09:38 AM
Your HJT appears to be all clean and I'm glad things are running better now.
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).
Click Start>Help and Support>Undo changes to your computer with System Restore
Select Create A Restore Point then click Next. Give it a name it and then click Create
Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.
Use ATF Cleaner to remove temp files, cookies, cache, ect...
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
It's normal after running ATF cleaner that the PC will be slower to boot the first time.
In addition to updating and running your current protection I recommend the following:
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware - Ad-Aware SE You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Install SpywareGuard - SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
A tutorial on installing & using this product can be found here:
Using SpywareGuard to protect your computer from Spyware and Malware
Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.
Here is a great link to a post here on securing your PC after an attack.
http://forums.tomcoy...mp;#entry257163
Follow this list and your potential for being infected again will reduce dramatically.
Glad I was able to help.
Dave
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users