www.bestsafetyguide.net!
Downloaded what i thought was a media player codec,now im stuck with bestsafetyguide,please help me to get rid of it. Ive been running adaware,ewido and norton scans,nothing helped.
Logfile of HijackThis v1.99.1
Scan saved at 21:43:59, on 2006-06-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program\ewido anti-malware\ewidoctrl.exe
C:\Program\ewido anti-malware\ewidoguard.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN
Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN
Toolbar\01.02.4000.1001\sv\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN
Toolbar\01.02.4000.1001\sv\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program\Belkin\Bluetooth
Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://designer.room328.com/app/WebVDSetUp.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5co...b?1095866767293
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdat...b?1126695314312
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) -
http://designer.room328.com/app/WebVD.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file
missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk
Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\Belkin\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade
filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade
filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade
filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido
anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido
anti-malware\ewidoguard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -
C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation -
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust -
C:\WINDOWS\system32\Smartscaps.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade
filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec
Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH -
C:\Program\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner -
C:\WINDOWS\system32\UAService7.exe
-
Assuming you added this to your trusted zone yourself?
O15 - Trusted Zone: *.line6.net
Everything looks fine. How is your computer acting at this point?
0 -
Hi swed, Welcome!
Your HijackThis log is formatted wrong and we need to fix that so I can read the next one. Open Notepad and at the top choose the *format* button. Make sure that wordwrap is unchecked.
You have a Smitfraud Hijacker, and most programs are not able to remove it yet.. We can use a special free tool made for dealing with it.
1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
How to extract (decompress) zipped or compressed files
http://www.lvsonline.com/compresstut/index.shtml
Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
2. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.
Logs needed in your next post are:
rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed
Fresh HijackThis log
0 -
Hello,and thx for the fast reply! Here are the logs:
SmitFraudFix v2.58
Scan done at 22:54:22,29, 2006-06-11
Run from C:\Documents and Settings\Johan Brodin\Skrivbord\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{55059d4f-a1ac-4837-ae07-4859101f598d}"="chromatodysopia"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 23:01:40, on 2006-06-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Logitech\iTouch\iTouch.exe
C:\Program\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program\ewido anti-malware\ewidoctrl.exe
C:\Program\ewido anti-malware\ewidoguard.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://designer.room328.com/app/WebVDSetUp.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095866767293
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126695314312
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://designer.room328.com/app/WebVD.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido anti-malware\ewidoguard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
0 -
You're quite welcome! Glad we could help
Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr
Wait while Windows scans your system for files to delete.
Make sure these 3 are checkmarked and press *ok* to delete them.
Temporary Files
Temporary Internet Files
Recycle Bin
....................................................
And be sure to follow up with a full system scan with Adaware SE
....................................
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help .
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/
And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
0 -
Comp. acting normal! And yes,i trust Line6
Im very grateful for your help,thank you very much!!
0 -
Ok,followed your intructions,everything seeems alright.
Thanks again!
0
Vous devez vous connecter pour laisser un commentaire.
Commentaires
6 commentaires