Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91521 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

ATTN: LDTate - “Giddy’up”- it’s a Trojan rodeo w/mystery malware.


  • This topic is locked This topic is locked
19 replies to this topic

#16 DazedandConfused77

DazedandConfused77

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 12 April 2007 - 07:59 AM

Hi -

Here ya' go...

Combofix Log:

"Compaq_Owner" - 07-04-12 9:36:05 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Compaq_Owner\Desktop"


((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 ))))))))))))))))))))))))))))))))))


2007-04-08 09:54 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-03-18 14:45 <DIR> d-------- C:\Program Files\HP
2007-03-16 20:52 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-03-16 20:32 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-03-16 19:35 <DIR> d-------- C:\Program Files\Trustix
2007-03-16 19:21 51,328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-03-16 18:52 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-03-16 18:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-03-16 18:41 95,344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2007-03-16 18:41 74,864 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-03-16 18:41 74,864 --a------ C:\WINDOWS\system32\iSafProd.dll
2007-03-16 18:41 629,264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-03-16 18:41 243,824 --a------ C:\WINDOWS\unicows.dll
2007-03-16 18:41 21,031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-03-16 18:41 15,735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-03-16 18:41 15,478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-03-16 18:41 115,824 --a------ C:\WINDOWS\UnVet32.exe
2007-03-16 18:41 111,728 --a------ C:\WINDOWS\AVShlExt.dll
2007-03-16 18:41 108,592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-03-16 18:41 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-03-16 17:59 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Talkback
2007-03-16 17:58 <DIR> d-------- C:\Program Files\KeyScrambler
2007-03-16 13:32 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-03-16 13:30 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-03-16 13:29 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\SiteAdvisor
2007-03-16 13:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-03-16 13:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-03-16 13:07 <DIR> d-------- C:\ie-spyad
2007-03-16 12:48 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2007-03-16 12:47 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-03-12 16:14 164 --a------ C:\install.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-11 16:23 -------- d-------- C:\Program Files\scrubxp
2007-04-07 16:34 -------- d-------- C:\Program Files\java
2007-03-18 13:34 -------- d-------- C:\Program Files\pestpatrol
2007-03-18 11:04 -------- d-------- C:\Program Files\spywareguard
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 19:39 -------- d--h----- C:\Program Files\installshield installation information
2007-03-16 19:38 -------- d-------- C:\Program Files\comodo
2007-03-16 18:41 -------- d-------- C:\Program Files\yahoo!
2007-03-16 13:03 -------- d-------- C:\Program Files\spywareblaster
2007-03-11 00:07 -------- d-------- C:\Program Files\serenescreen
2007-03-10 17:19 -------- d-------- C:\Program Files\iobit
2007-03-10 16:31 -------- d-------- C:\Program Files\trueassistant
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-01 19:54 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-03-01 19:54 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-03-01 19:54 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-03-01 19:54 144960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-23 13:17 -------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\u3
2007-02-20 10:03 -------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\yahoo!
2007-02-19 14:10 -------- d-------- C:\Program Files\trueswitchat&tyahoo
2007-02-19 14:09 -------- d-------- C:\Program Files\trueswitch
2007-02-19 14:00 -------- dr-h----- C:\Program Files\rnamfler
2007-02-17 13:28 -------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\snapfish
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-02 16:45 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"Sonic RecordNow!"=""
"IPInSightMonitor 01"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"2wSysTray"="C:\\Program Files\\2Wire\\2PortalMon.exe"
"YOP"="\"C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe\" /autostart"
"Comodo Firewall"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"Advanced WindowsCare V2 Personal"="\"C:\\Program Files\\IObit\\Advanced WindowsCare V2\\Awc.exe\" /startup"
"IPInSightMonitor 01"="\"C:\\Program Files\\SBC Yahoo!\\Connection Manager\\IP InSight\\IPMon32.exe\""
"SiteAdvisor"="\"C:\\Program Files\\SiteAdvisor\\6028\\SiteAdv.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
Usnsvc REG_MULTI_SZ usnsvc\



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1104366958.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WebReg 20070301220444.job
C:\WINDOWS\tasks\wrSpySweeper20051015194949.job
C:\WINDOWS\tasks\wrSpySweeper_FAB0DDBC64324B4A9C3E3A265A5ED6B4.job
C:\WINDOWS\tasks\wrSpySweeper_FCD9FAFA0D5C4671B195F1C67F49F14C.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-12 9:39:52
C:\ComboFix-quarantined-files.txt ... 07-04-12 09:39

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:45:59 AM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\Desktop\SYSTEM DEFENSE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6028\SiteAdv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing)
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...rols/Rovion.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124113000546
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Thanks...

    Advertisements

Register to Remove


#17 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,166 posts

Posted 12 April 2007 - 03:47 PM

You can remove any programs I had you install. Use Add/Remove Programs to remove if listed there:

Log looks good :D


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.



If you dont have any programs like these, I would recommend that you get them.
Spywareblaster,
Spywareguard.


Also get a FREE FIREWALL and FREE ANTI VIRUS if you need one.

Only run one Anti-Virus and Firewall program.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Do not use Ad-aware if you have McAfee's VirusScan and AntiSpyware


Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#18 DazedandConfused77

DazedandConfused77

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 14 April 2007 - 07:15 PM

Hi -

LD, as always, I can't thank you enough for your assistance. I haven't set a restore point yet, however, due to the fact that since we deleted the R1 - H...\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../ references, I'm still caught in a loop when attempting to log in to Yahoo Services (e-mail, etc) via IE; this specifically occurs when going from

http://www/yahoo/r/l6

to

https://login.yahoo.com/config/login?.src=fpctx&done=http://www.yahoo.com

It just keeps toggling back and forth and I can't enter log-in data into any field. Is there anything we can do to fix this? I'm also getting prompts from Spyware Guard about resetting old values (that have no text - just blank) to new ones (referencing "about:blank").

Thanks again... :oops:

#19 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,166 posts

Posted 14 April 2007 - 07:46 PM

Typically, Spyware Guard will take a snapshot of your settings and warn you if something is trying to alter it.
For example, your home page might be (should be?) http://www.dozleng.c...s/calendar.html , if you install an upgrade to your browser, the browser might want to insert it's own home page (Internet Explorer might try to make MSN.com the home page).
When this occurs...or when it tries to occur...Spyware Guard jumps up and says "...are you sure you want this to occur?"

Anything like google toolbar could be doing that. Set your homepage to whatever and see if that stops it.

I have no idea what to do about Yahoo. You might need to contact Yahoo.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#20 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,166 posts

Posted 22 April 2007 - 08:47 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users