Jump to content


Photo

A Maintenance Check Please


  • Please log in to reply
10 replies to this topic

#1 neostone

neostone

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 July 2004 - 10:12 PM

Hi. I have read the FAQS and related tutorials.
Have a few of new items that have showed up. Could you please tell me if they are ok? If you have the time could you please also check the rest of the log for anything suspicious? Thanks in advance.
The items in question are as follows:

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)

O9 - Extra button: (no name) - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - (no file)

O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - (no file)

O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - (no file)

O16 - DPF: {B9D029D3-CDE3-11CF-855E-00A0C908FAF9} (ActiveX Tree Control) -

O16 - DPF: {B797C9C3-39C1-11D1-95AC-00609721D4C2} (ButtonControl.Button) -

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) -

O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://Z:\Content\include\msSecUcd.cab

O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM\WOWCTL2.DLL





Win98SE



Logfile of HijackThis v1.98.0
Scan saved at 22:23:56, on 7/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\GRXP4EXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.c...&.intl=&.src=my
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NewzCrawlerRSSAutodiscovery2 Object - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - C:\PROGRA~1\NEWZCR~1\NCRSSA~1.DLL
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\PROGRAM FILES\FLASHCAPTURE\FCIEXT.DLL/FCIEXT.htm
O8 - Extra context menu item: Subscribe to NewzCrawler - file://C:\Program Files\NewzCrawler\context.htm
O9 - Extra button: (no name) - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - (no file)
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://C:\PROGRAM FILES\FLASHCAPTURE\FCIEXT.DLL/FCIEXT.htm (file missing)
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {B9D029D3-CDE3-11CF-855E-00A0C908FAF9} (ActiveX Tree Control) -
O16 - DPF: {B797C9C3-39C1-11D1-95AC-00609721D4C2} (ButtonControl.Button) -
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) -
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith...ec/tsccinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://Z:\Content\include\msSecUcd.cab
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM\WOWCTL2.DLL

#2 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 28 July 2004 - 11:08 PM

You can fix the No file entries that you are questioning about. The O18 refers to this program: http://www.eztools-s...wow/default.asp

If you had not installed that let me know and I will walk you through fixing that . Otherwise you are clean.
<b>Lawrence</b>

#3 neostone

neostone

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 29 July 2004 - 07:30 AM

Hi and thanks for the fast respose. I will fix the no name entries. The eztools one was not installed. Could you walk me through removing that please?. Thanks.

#4 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 29 July 2004 - 10:56 AM

Go into add/remove programs and see if you have a listing for a program named WOW. If you do uninstall it.

If you do not have it do the following:

Copy the text in the quote box below to notepad. Name the file nofilter.reg and change the save as type to all All files. Then save the file to the desktop.

REGEDIT4

[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\x-mem1]
[-HKEY_CLASSES_ROOT\CLSID\{C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC}]


Then post a new log

Edited by grinler, 29 July 2004 - 11:05 PM.

<b>Lawrence</b>

#5 neostone

neostone

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 29 July 2004 - 06:22 PM

Hi again. There was no program in the Add/Remove. Saved the file you specified on my desktop. Nothing else has been done. Here is the log.

Logfile of HijackThis v1.98.0
Scan saved at 19:17:41, on 7/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\GRXP4EXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.c...&.intl=&.src=my
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microfuck Internal Exploiter
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NewzCrawlerRSSAutodiscovery2 Object - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - C:\PROGRA~1\NEWZCR~1\NCRSSA~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Subscribe to NewzCrawler - file://C:\Program Files\NewzCrawler\context.htm
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {B9D029D3-CDE3-11CF-855E-00A0C908FAF9} (ActiveX Tree Control) -
O16 - DPF: {B797C9C3-39C1-11D1-95AC-00609721D4C2} (ButtonControl.Button) -
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) -
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith...ec/tsccinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://Z:\Content\include\msSecUcd.cab
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\SYSTEM\WOWCTL2.DLL

#6 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 29 July 2004 - 06:28 PM

Sorry meant to tell you to do this already. Double click on the reg file you made and when it asks if you would like to merge, specify yes. Then reboot and post a last log
<b>Lawrence</b>

#7 neostone

neostone

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 29 July 2004 - 09:20 PM

Hi. Tried to merge the reg fix you gave me, but it wouldn't merge. Said the specified file is not a registry script. Could I go in and delete the reg entries that you had me copy? Of course I will back up the reg 1st.

#8 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 29 July 2004 - 11:06 PM

I modified the above reg file info. Please use the text above in the reg file and try again
<b>Lawrence</b>

#9 neostone

neostone

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 30 July 2004 - 08:43 AM

Hi. The reg file merge did the trick. Thank you very much. Just for your info last night I backed up the reg and deleted those files manually. My comp would boot up. Restore the reg and comp booted up ok. After I merged your file. I rebooted and all is well. By the way, what did the reg file do?
Thanks again
Neostone





Logfile of HijackThis v1.98.0
Scan saved at 9:36:43, on 7/30/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\GRXP4EXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.c...&.intl=&.src=my
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microfuck Internal Exploiter
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NewzCrawlerRSSAutodiscovery2 Object - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - C:\PROGRA~1\NEWZCR~1\NCRSSA~1.DLL
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Subscribe to NewzCrawler - file://C:\Program Files\NewzCrawler\context.htm
O9 - Extra button: (no name) - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - (no file)
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {B9D029D3-CDE3-11CF-855E-00A0C908FAF9} (ActiveX Tree Control) -
O16 - DPF: {B797C9C3-39C1-11D1-95AC-00609721D4C2} (ButtonControl.Button) -
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) -
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith...ec/tsccinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} - file://Z:\Content\include\msSecUcd.cab

#10 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 30 July 2004 - 09:39 AM

That reg file got rid of the O18 entry that you had. The eztools i believe it was called that you had not installed.

As for the rest...you are clean.. Great job!!

Now that you are clean, please follow this simple step and use the following programs:

Visit http://www.windowsupdate.com regularly. This will ensure that you have the latest patches for your operating system installed. If there are new updates to install, install all the critical updates, reboot and revisit the site until there are no more critical updates.

I would strongly advise you download and install SpywareBlaster and Spybot (With TeaTimer)

Tutorials and download locations for each programs can be found below. They will help to prevent a lot of future reinfections.

Using SpywareBlaster to protect your computer from Spyware and Malware

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Glad i was able to help.
<b>Lawrence</b>

#11 neostone

neostone

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 31 July 2004 - 08:51 AM

I run Spybot and Adaware regularly. Haven't tried Spyblaster. I did remove the BHO no name and the 3 extra context button no name files. Thank you again for your knowledgeable and speedy help.
N




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button