PDA

View Full Version : malware removal-logs


jamesshell
2006-09-19, 03:21
I followed all the steps to remove the malware and here are the rapport.txt, exido log, and HJT log:

SmitFraudFix v2.92

Scan done at 16:09:51.71, Mon 09/18/2006
Run from C:\Documents and Settings\JAMES CHAMPAGNE\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6076d2b1-634c-4685-843b-f826045ea5dc}"="hemadynamometer"

[HKEY_CLASSES_ROOT\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc}\InProcServer32]
@="C:\WINDOWS\system32\syycum.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc}\InProcServer32]
@="C:\WINDOWS\system32\syycum.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\strCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:06:20 PM 9/18/2006

+ Scan result:



C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\atl.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\dminstall3.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\found.000\dir0000.chk\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\found.000\dir0000.chk\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Gator.com -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Gator.com\AppInfo -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Gator.com\CMEII -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Gator.com\Gator -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2672964994-362046713-656809453-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\Program Files\PerfectNav -> Adware.PerfectNav : Cleaned with backup (quarantined).
C:\Program Files\PerfectNav\BHO -> Adware.PerfectNav : Cleaned with backup (quarantined).
C:\Program Files\PerfectNav\BHO\PerfectNav150c.dll -> Adware.PerfectNav : Cleaned with backup (quarantined).
C:\Documents and Settings\JAMES CHAMPAGNE\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\JAMES CHAMPAGNE\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\JAMES CHAMPAGNE\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\JAMES CHAMPAGNE\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\JAMES CHAMPAGNE\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\JAMES CHAMPAGNE\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.db -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\saveupdate.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\store.db -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners\EEPE -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinSoftware\PCheck.dll -> Adware.Winfixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005 -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\lock.dat -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Documents and Settings\JAMES CHAMPAGNE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-15d1f760-5a7c64f6.zip/web.exe -> Downloader.CWS : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.c : Ignored.
C:\Documents and Settings\JAMES CHAMPAGNE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-15d1f760-5a7c64f6.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Ignored.
C:\Documents and Settings\JAMES CHAMPAGNE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv407.jar-16c6c3e3-7e3694f1.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP561\A0067729.dll -> Not-A-Virus.Hoax.Win32.Renos.er : Ignored.
C:\WINDOWS\SYSTEM32\DRIVERS\df_kmd.sys -> Rootkit.Agent.af : Cleaned with backup (quarantined).
C:\found.000\dir0000.chk\Cookies\james champagne@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\found.000\dir0000.chk\Cookies\james champagne@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\JAMES CHAMPAGNE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-9ba2108-17dcc896.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup (quarantined).
C:\Documents and Settings\JAMES CHAMPAGNE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-15d1f760-5a7c64f6.zip/Beyond.class -> Trojan.Femad : Cleaned with backup (quarantined).
C:\My Downloads\MP3 Audio Sound Recorder 1.32.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\My Downloads\MP3 Audio Sound Recorder 1.32\Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 6:42:40 PM, on 9/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JAMES CHAMPAGNE\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 70.140.209.182:13166
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
jamesshell
2006-09-19, 08:02
Strcodec was on my computer before I ran all the scans. Does it look like my computer is clean? If not what should I delete? Thanks!
pskelley
2006-09-19, 15:50
Welcome to the forum, I am sorry we are not moving fast enough for you:sad: tashi has placed a link here:
http://forums.spybot.info/showthread.php?t=1137 if you ever wait four days, though most forums are running five days and more and that is IF you ever get a response. Has to do with the lack of volunteers, not everyone wants to give up their time in an effort to help others.
As far as I can see smitfraudfix and ewido were able to remove what they located. If you own or keep ewido I suggest you navigate to that quarantine folder and delete the contents.

You HJT log also appears clean of malware, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

Safe surfing...tashi:) will close your topic in a day or so.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
tashi
2006-09-24, 21:09
This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.