TechSpot

Internet search redirect

By spethstation
Nov 26, 2009
  1. Hi,
    Today my computer got infected with a huge virus from some bogus website. In an effort to get rid of it I ran all of my anti-virus software and thought I had eradicated it. Unfortunately, when I went to start up my computer, Windows Vista had limited functionality. i managed to restart in safe mode and do a system restore. I thought that had done the trick until I was searching on explorer and found that all my searches were being redirected. I found your website and followed the 8 STEPS. SuperAntiSpyware found some Trojans and got rid of them. I rebooted but am still getting site redirection. What should I do from here on? I changed all my passwords on another computer to prevent further problems of another kind, but should I be looking at a complete reinstallation of vista? I need help... :(
     
  2. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Can anyone check my logs and let me know if there are any problems?? Please!!
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'll check you logs now. I took Thanksgiving off to be thankful. Please use patient- this is a very busy forum and bumping a thread the same day you posted it is frowned on.

    Download theNorton Removal Tool save it to your desktop.

    Please reopen HijackThis to 'do system scan only'. Check each of the following if present:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    O4 - HKCU\..\Run: [rfweuboa] C:\Users\Elspeth\AppData\Local\chbylb\dgjrsysguard.exe


    Close all Windows except HijackThis and click on "Fix Checked."

    When finished:

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Double click on the Norton Tool and run.

    Reboot in to Normal Mode when finished.

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Attach Combofix report to next reply.

    Rescan with HijackThis and paste new log in to new reply.
     
  4. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    I fixed those files listed under HijackThis.
    Which Norton file should I download? I don't own any of their products. Does it matter?
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The Norton entry is for 'Norton Confidential' which is now use in their suites. I don't have enough information to give you a version. At some point, this was installed on the system. It might have been preloaded by the manufacturer:

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} NCO 2.0 IE BHO coIEPlg.dll "Norton Confidential" online identity theft protection, now incorporated into other Norton products

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Show Norton Toolbar CoIEPlg.dll "Norton Confidential" online identity theft protection, now incorporated into other Norton products .

    Source: system Lookup: Global Search.
     
  6. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Okay, ran ComboFix - they found a rootkit and I had to reboot, then it ran pretty quickly.
    Ran Hijack this, too.

    Here's the HJ log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:20:33 AM, on 29/11/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Combo-Fix\PEV.exe
    C:\Windows\system32\WerFault.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6018 bytes


    ComboFix log attached.

    By the way...thanks for all of your help so far!
     

    Attached Files:

  7. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Oh, I also managed to disable Norton.
    I've heard things about only having one antivirus program to use. Aside from what further steps I should take, can you give me info on this?
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please be patient. I'm helping others.
     
  9. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Hello,
    Sorry, I don't mean to be a bother. I appreciate all the help you've given me so far. I definitely couldn't do it alone, or without the help on this forum. I don't want to sound impatient, and I know you've been busy helping others, but I am just wondering what i should do next. I would like my computer up and running only because it's the only one I have, and I'm afraid to use it if it's still at risk. I appreciate anything you can add, if you have the time. Thank you very much!
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am very sorry. I answered this yesterday, but must have done a preview and not a send.

    Combofix is still finding entries to delete. Can you tell me how the system is running? Do any f the original problem remain?

    You need to update Java to v6u17- you're way behind on that and earlier version is a vulnerability:
    Check this site Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs

    [b[Make sure Adobe Reader is also current:[/b]
    Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.

    Please run this online AV scan to make sure we haven't missed anything:
    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Attach log to next reply. If it's clean and if the problems have been resolved, I'll have you remove thee cleaning tools and set clean restore point.

    Haver string on finger to make sure I 'post' after 'preview'!
     
  11. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Alright, both Adobe Reader and Java were removed and then updated.

    What sort of things did ComboFix find that needs to be acknowledged as a problem? Right now it seems like the internet redirect problem is gone. I haven't noticed any other weird things yet.

    I ran ESET, but it found no problems or infections. For some reason it generated no log (perhaps because it found nothing?) I do have a log, but it's from a few days ago when I first scanned my system with ESET (Nov. 28th - found 63 items). I'll post it in case you want to take a look at it.

    Seeing as my problem involved a rootkit, I am just worried that it's still lurking somewhere. They sound like they are quite virulent and hearty. I am hoping nothing on my computer has been compromised.

    With all that said, what's next? System restore?

    Thanks again for walking me through this!
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Unfortunately, the log shows Virut- even if it's a few days old, you will still have the infection:

    Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
    It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker


    Good explanation here:
    http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

    But let's check to make sure:

    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • c:\windows\system32\userinit.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
    Also scan these,

    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe


    Please paste the log into your next reply.

    Change all of your passwords and monitor any online financial transactions.

    Although Eset states 'cleaned and removed', If it is Virut, it has just morphed into another variant.
    Most agree that a complete reformat and reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

    * Backup all your documents and important items only.
    * DON'T backup any executable files (,exe .scr .html or .htm)
    * DON'T back up compressed files (zip/cab/rar) that may contain .exe or .scr files
     
  13. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Yikes, that worries me! What a nasty sounding demon. I've changed all my passwords again.

    Viruscan found nothing harmful, but to be on the safe side, I think I will reformat and reinstall. I've backed up everything important (pictures, photos, documents).
    What's the best way to approach this? I'm afraid I hardly know what I'm doing, so if you could point me in the right direction, I'd appreciate it.

    Thanks so much.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You don't need to reformat or reinstall. It's hard to believe that Virut was there and now it isn't.

    Would you do this please?
    1. Delete the temporary internet files:

    TFC (Temp File Cleaner)

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

    TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

    TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

    2. Delete the current Eset log. Rescan with Eset. After every scan an option to uninstall ESET Online Scanner with all its components is provided. Don't check this.
    Attach new log in your next reply.

    Empty the Recycle Bin

    Then delete the contents of the Recycler Folder. This is different from the bin:

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Click on Start> Run> type in cmd> OK> At a Command Prompt type rd /s /q c:\recycler

    NOTE: there is a space before each / in the command.
    Windows will create a new recycler for the drive when the computer is rebooted.

    Let me check the new log.
     
  15. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Ran TFC, rebooted, then ran ESET again. Nothing found. I deleted the log, but when the scan finished, it kept the log from before. It also won't let me upload it to the forum because it's already uploaded to this thread.
    I tried the recycling thing but it keeps telling me the file could not be specified.
    Am I doing this right? (rd /s /q c:\recycler)?
    Thanks.
     
  16. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Whoops, double post, sorry.
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry, I had one ] missing in the command.

    Try this for Recycler: Empty the Recycle Bin first

    Open windows Explorer: Right click on Start> Explore> My Computer> Local Drive (C)> go up to Tools> Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'hide system files and protected folders'> Apply> OK.

    Scroll down to Windows> click to open the Recycler folder> check the right screen for the files> Right click> Delete each.

    (The actual SID of the infected file is this: S-1-5-21-6841296011-9967747418-749282096-0715

    I don't always find this successful but not to worry- it's just freeing up a minute amount of the resources. It will not delete though unless the Recycle Bin is empty.

    FYI: The Recycle Bin is where the trash goes when you delete a file or folder.
    The Recycler is where the files go when you empty the Recycle Bin> I haven't figured out the need for this redundancy yet!

    I went back and checked the Combofix report again. It shows possible infection from Domain
    Code:
    dhusax.com
    
    I want you to put this Domain in the Restricted Zone as follows:
    Open Internet Options from either the Control Panel or IE> Tools)> click on security tap> Restricted Zone> Sites> type in *.dnusax.com> Add> Apply> OK

    (Note the use of the * which acts as a wild card, before the slash.)

    Then delete the Combofix Report on the desktop and any Eset logs you have:

    1. Run Combofix again> Attach new report.
    2. Update and run the Eset scan again> Attach the new log
    3. Go back and rehide the files.
     
  18. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Alright. After looking for Folder Options for about 20 minutes, I did what you specified. Under Recycler I only found one file - not the one you has listed. It's (S-1-5-1832671809-316018632-562484060-1001). I deleted it anyway.

    Put the address under the restricted zone for internet.

    Deleted ComboFix and Eset logs. Ran both. For some reason I couldn't access firewall and windows defender when I went to use my internet, (something about a registry key that has been labelled for deletion?). I restarted my computer and all was fine again - hopefully it wasn't a problem.

    Combofix log below. Eset again found nothing and only generated the log from the first time I scanned. Again, I can't repost it as an attachment.

    Hm, what's next?
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please rescan with HijackThis and give me a new log.

    Are you still having the redirect problem?
     
  20. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    The redirect problem seems to be gone.

    New log below.
     
  21. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Hmm, any word on what next?
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- Looks good.

    If the problem is resolved, you can remove the cleaning tools and set new restore point..


    Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    Remove all of the tools we used and the files and folders they created
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes.

    If you are prompted to Reboot during the cleanup, select Yes.


    You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
    • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
    • Click "OK" to select the partition or drive you desire.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    More details and screenshots for Disk Cleanup in Windows Vista can be found here.

    If I can be of help int he future, please let me know.
     
  23. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Thanks so much for your patience and help. Looks like everything should be fine from this point on. I really appreciate it!
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. Here are some tips to keep you clean!

    Please follow these simple steps to keep your computer clean and secure:
    1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

    System Restore Guide


    2.Stay current on updates:
    • Visit the Microsoft Download Sitefrequently.
      You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP2
    • Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

    3.Make Internet Explorer safer. Follow the suggestions HERE
    This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

    4.Remove Temporary Internet Files regularly: Use5. Use an AntiVirus Software(only one)
    6.Use a good, bi-directional firewall(one software firewall)
    [*]See Understanding and Using Firewalls including links to download a firewall.

    7.Consider these programs for Extra Security
    • Spywareblaster:
    • SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    • IE/Spyad
    • This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    • Google Toolbar Get the free google toolbar to help stop pop up windows.
     
  25. spethstation

    spethstation TS Rookie Topic Starter Posts: 25

    Awesome. I set a new restore point. I also followed your advice and did just about everything you listed. Thank you!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...