My Computer Is Running Slow

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

My Computer Is Running Slow, My Computer is Running Slow due to I think a Malware issue

Options

sluskimi View Member Profile	Aug 21 2008, 11:11 AM Post #1
New Member Group: Members Posts: 5 Joined: 21-August 08 From: Ontario, Canada Member No.: 231,977	I am somewhat of an experienced user of computers. I have noticed that I have had some considerable slow down of the computer. I have done the standard cleaning up: deleting of temporary files and internet files, scandisk, defragmentation of my drive, deleting of unwanted programs (that I am sure of), removing spyware using a spyware removing programs. I have also used msconfig to determine if anything is unusual. The only thing is a Startup Item called Dent Free, which is in a folder on my drive called C:\Documents and Seetings\All Users\Application Data\dumb pure bind support. I have made sure not to load this for the time being. I am running Windows XP Home Edition. I have updated Java to the most current version, but this item remains in my Startup List. How can I get rid of this? This post has been edited by sluskimi: Aug 21 2008, 01:05 PM Reason for edit: moved to a more appropriate forum ~ Pandy

quietman7 View Member Profile	Aug 21 2008, 02:49 PM Post #2
Bleepin' Janitor Group: Global Moderator Posts: 13,432 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	According to PREVEX it's a lop infection. Please uninstall any of the following program(s) using Add/Remove Programs if they are present. They are often bundled with the malware causing your problems. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove. Messenger Plus! Live & Sponsor (CiD) CiD Help CiD Manager Bitdownload Bitgrabber BitRol Download Plugin for Internet Explorer Get-Torrent Netpumper Search Plugin Torrent101 W3player WinZix Zone Media While uninstalling any of the above, if you are asked for a Verification code, please enter the numbers that appear in the window. When done, be sure to reboot your computer. <- Important! Note: If you were using Messenger Plus! Live and want to continue to use it, then reinstall and choose not to install the Sponsor after your computer has been cleaned. See How to remove Messenger Plus (C2Media) and How to install Messenger Plus! Live without the Sponsor. If none of these programs were listed, then continue with the next step. Please download the Lop uninstaller and save to your desktop. alternate download Double-click on uninstall.exe. Click Ok, the Ok again. Type the number you see on the "verification" screen and click Uninstall. You will be asked to "Please close all browser windows and Explorer folders...". Click Ok. Restart your computer when done. Note: Some anit-virus and anti-malware scanners may detect the uninstaller as malware. This is common with programs created to remove certain infections. You will have to let your anti-virus allow the file to download and run. When it has finished, you can allow your security programs to remove the uninstaller. Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet. Please download and install SUPERAntiSpyware Free Double-click SUPERAntiSypware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.) Under the "Configuration and Preferences", click the Preferences... button. Click the "*General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked. Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked): Close browsers before scanning.* Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen and exit the program. Do not run a scan just yet. Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Double-click ATF-Cleaner.exe to run the program. Under Main "*Select Files to Delete" choose: Select All. Click the Empty Selected* button. If you use Firefox browser click Firefox at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser click Opera at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator". Scan with SUPERAntiSpyware as follows: Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose *Perform Complete Scan* and click "Next". After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "*Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes" and reboot normally. To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

sluskimi View Member Profile	Aug 22 2008, 04:33 PM Post #3
New Member Group: Members Posts: 5 Joined: 21-August 08 From: Ontario, Canada Member No.: 231,977	Thanks, quietman7! Okay I have done as you have suggested. This is the contents of the log file: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/22/2008 at 05:16 PM Application Version : 4.15.1000 Core Rules Database Version : 3544 Trace Rules Database Version: 1533 Scan type : Complete Scan Total Scan Time : 02:56:19 Memory items scanned : 82 Memory threats detected : 0 Registry items scanned : 7117 Registry threats detected : 30 File items scanned : 127664 File threats detected : 15 Trojan.Downloader-Gen/FotoMoto HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85} Unclassified.Unknown Origin HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#buprestidae Trojan.Media-Codec HKU\S-1-5-21-1711949860-2634031608-2469675894-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName Adware.MyWay HKLM\Software\MyWay HKLM\Software\MyWay\myBar HKLM\Software\MyWay\myBar#Dir HKLM\Software\MyWay\myBar#ShzmCurInstall HKLM\Software\MyWay\myBar#pid HKLM\Software\MyWay\myBar#CurInstall HKLM\Software\MyWay\myBar#sr HKLM\Software\MyWay\myBar#pl HKLM\Software\MyWay\myBar#Id HKLM\Software\MyWay\myBar#Build HKLM\Software\MyWay\myBar#HistoryDir HKLM\Software\MyWay\myBar#Visible HKLM\Software\MyWay\myBar#Maximized HKLM\Software\MyWay\myBar#SettingsDir HKLM\Software\MyWay\myBar#ConfigRevisionURL HKLM\Software\MyWay\myBar#ConfigDateStamp HKLM\Software\MyWay\myBar\partner HKLM\Software\MyWay\myBar\partner#name C:\Program Files\MyWay\myBar\History\search C:\Program Files\MyWay\myBar\History C:\Program Files\MyWay\myBar\Settings\prevcfg.htm C:\Program Files\MyWay\myBar\Settings C:\Program Files\MyWay\myBar C:\Program Files\MyWay Trojan.Downloader-AUPD C:\DOCUMENTS AND SETTINGS\KRISTA\LOCAL SETTINGS\TEMP\AUPD.EXE Trojan.Downloader-Gen/FotoMoto-B C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1108\A0188027.DLL Adware.AdRotator/AdsSite C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1113\A0189361.DLL Adware.AdServer C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1113\A0189375.DLL Adware.AdRotator/RightOnz C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1113\A0189377.EXE Adware.AdRotator/SuperiorAds C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1113\A0189387.EXE Trojan.TrafficNinjaBiz C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1120\A0190234.DLL Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\WINTSVTR.EXE Trace.Known Threat Sources C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\IYDG0KPX\client_settings_3[1].bin What's next?

quietman7 View Member Profile	Aug 22 2008, 06:31 PM Post #4
Bleepin' Janitor Group: Global Moderator Posts: 13,432 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Please download OTMoveIt2 by OldTimer and save to your Desktop. Double-click on OTMoveIt2.exe to launch the program. Copy the file(s)/folder(s) paths listed below - highlight everything in the quote box and press CTRL+C or right-click and choose Copy. QUOTE [kill explorer] C:\Documents and Seetings\All Users\Application Data\dumb pure bind support EmptyTemp [start explorer] Return to OTMoveIt2, right-click in the open text box labeled "Paste List of Files/Folders to be Moved" (under the yellow bar) and choose Paste. Click the red MoveIt! button. The list will be processed and the results will be displayed in the right-hand pane. Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and *Paste* it in your next reply. Click Exit when done. A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run. -- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway. QUOTE Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders. Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

sluskimi View Member Profile	Aug 24 2008, 11:34 AM Post #5
New Member Group: Members Posts: 5 Joined: 21-August 08 From: Ontario, Canada Member No.: 231,977	Okay here are the results, first from OTMoveIt2: Explorer killed successfully File/Folder C:\Documents and Seetings\All Users\Application Data\dumb pure bind support not found. < EmptyTemp > File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\sqlite_eXZkaedioCENUS3 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\sqlite_fSd7NekmH4hUn0H scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\~DFD6C1.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Michael\LOCALS~1\Temp\~DFDB71.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_QqEky41mHbXMhBf scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_ByU4f0omCaEN6BU scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_Ge9Oy7o00b6fiM3 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_hdqEC0U76qDgS5p scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mca19B8.tmp\avvclean.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mca19B8.tmp\avvnames.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mca19B8.tmp\avvscan.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mca19B8.tmp\gdeltaavv.ini scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08242008_110057 Files moved on Reboot... File C:\DOCUME~1\Michael\LOCALS~1\Temp\sqlite_eXZkaedioCENUS3 not found! File C:\DOCUME~1\Michael\LOCALS~1\Temp\sqlite_fSd7NekmH4hUn0H not found! File C:\DOCUME~1\Michael\LOCALS~1\Temp\~DFD6C1.tmp not found! File C:\DOCUME~1\Michael\LOCALS~1\Temp\~DFDB71.tmp not found! File C:\WINDOWS\temp\mcmsc_QqEky41mHbXMhBf not found! C:\WINDOWS\temp\sqlite_ByU4f0omCaEN6BU moved successfully. C:\WINDOWS\temp\sqlite_Ge9Oy7o00b6fiM3 moved successfully. C:\WINDOWS\temp\sqlite_hdqEC0U76qDgS5p moved successfully. File move failed. C:\WINDOWS\temp\mca19B8.tmp\avvclean.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\mca19B8.tmp\avvnames.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\mca19B8.tmp\avvscan.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\mca19B8.tmp\gdeltaavv.ini scheduled to be moved on reboot. Next from Malwarebytes': Malwarebytes' Anti-Malware 1.25 Database version: 1081 Windows 5.1.2600 Service Pack 2 12:09:45 PM 24/08/2008 mbam-log-08-24-2008 (12-09-45).txt Scan type: Quick Scan Objects scanned: 77545 Time elapsed: 24 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 22 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\adpanel.panel1 (Adware.SuperiorAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adpanel.panel1.1 (Adware.SuperiorAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9d573d0e-663c-435f-bf31-2c4497373c41} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{683dff0f-331f-44d2-b69b-46d7bfb58f32} (Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Michael\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Kyle\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Krista\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Heather\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully. Does these mean everything is to be working fine now?

quietman7 View Member Profile	Aug 24 2008, 12:46 PM Post #6
Bleepin' Janitor Group: Global Moderator Posts: 13,432 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Rescan again with MBAM (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply. Also let me know how your computer is running and if there are any more reports/signs of infection. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

sluskimi View Member Profile	Aug 25 2008, 10:40 AM Post #7
New Member Group: Members Posts: 5 Joined: 21-August 08 From: Ontario, Canada Member No.: 231,977	According to Malwarebytes Anti-Malware, there are no other threats. Eveything on my system seems to be running smoothly. Thanks for all your help. Will these problems ever return?

quietman7 View Member Profile	Aug 25 2008, 10:59 AM Post #8
Bleepin' Janitor Group: Global Moderator Posts: 13,432 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	If there are no more problems or signs of infection, you should Create a New Restore Point *to prevent possible reinfection* from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go to Start > Run and type: Cleanmgr Click "Ok" Disk Cleanup will scan your files for several minutes, then open. Click the "More Options" Tab. Click the "Clean up*" button under System Restore. Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?" Click Yes, then click Ok. Click Yes* again when prompted with "Are you sure you want to perform these actions?" Disk Cleanup will remove the files and close automatically. For Tips to protect yourself against malware and reduce the potential for re-infection, be sure to read: • "Simple and easy ways to keep your computer safe". • "How did I get infected?, With steps so it does not happen again!". • "Best Practices - Internet Safety for 2008". • "Hardening Windows Security - Part 1 & Part 2". • "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser". • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

sluskimi View Member Profile	Aug 27 2008, 10:48 AM Post #9
New Member Group: Members Posts: 5 Joined: 21-August 08 From: Ontario, Canada Member No.: 231,977	Thanks again for all your help.

quietman7 View Member Profile	Aug 27 2008, 11:08 AM Post #10
Bleepin' Janitor Group: Global Moderator Posts: 13,432 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	You're welcome. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

« Next Oldest · Am I infected? What do I do? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides