Tech Support Forum - View Single Post - Am I clean - please help

sUBs · 07-13-2005, 09:53 AM

Please download these additional files/programs :- (Do not run them unless instructed to do so)
Unplug your computer from the Internet when you have finished downloading

fixssk.reg - Right click on this & choose "Save As...". Save it to your Desktop & name it as fixssk.reg.
Double click on fixssk.reg & click on Yes when asked to merge into the registry.

Download the file I've attached to this post - sandreg.txt - & rename it to sandreg.reg. Run it by double clicking on it & answer YES when aske dto merge into the registry

~~~~~~~~~~~~~~

Uninstall the following programs, if present, using Control Panel > Add/Remove Programs :

Weatherbug
CxtPls
Search3 Toolbar
Surf SideKick

~~~~~~~~~~~~~~

Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard.

C:\WINNT\LastGood\INF\ceres.inf
C:\WINNT\LastGood\INF\ceres.inf
C:\WINNT\LastGood\INF\ceres.PNF
C:\WINNT\system32\saie.log
C:\WINNT\system32\saieau.dat
C:\WINNT\system32\saie_kyf.dat
C:\WINNT\system32\vugwk.dat

Start KillBox.

Go to the File menu, and choose Paste from Clipboard.
Verify that you've done this properly by clicking the dropdown-arrow next to the "Full Path of File to Delete" field. The filenames you pasted will be found in there.
Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
* "Unregister.dll Before Deleting" if it's not grayed out.
Click the RED X button.
Click [Yes] at the 'Delete on Reboot' prompt.
Click [Yes] at the Pending Operations prompt.

~~~~~~~~~~~~~~

Reboot to SafeMode

Shut Windows down, and then turn off the computer.
Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the
[Windows Advanced Options] menu appears.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

~~~~~~~~~~~~~~

Enable the viewing of Hidden files

Open Windows Explorer
Go to Tools>Folder Options>View tab.
enable the option for `Show hidden files and folder´
disable the option for `Hide file extensions for known types´
disable the option for `Hide protected operating system files´
click "Yes" to confirm & then click "OK"

Locate and delete the following folder(s), if present:

C:\Program Files\CasStub\
C:\Program Files\Aprps\
C:\Program Files\Cas\
C:\Program Files\AWS\
C:\Documents and Settings\Administrator\Favorites\1111\
C:\Program Files\Search3 Toolbar
C:\Documents and Settings\Administrator\Favorites\Casino & Carrers

Locate and delete the following file(s), if present:

C:\WINNT\System32\saie_*.dat

~~~~~~~~~~~~~~

Run Cleanup! & configure the program up as follows:

Click Options...
Move the arrow down to Custom CleanUp!
Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- [X]Scan local drives for temporary files (Please uncheck this option)
- Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

* CleanUp! will delete all the files in your temp folders without making a backup

~~~~~~~~~~~~~~

Reboot to Normal mode & download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

Save it to your desktop.
Double-click the new icon on your desktop (tmas-web-scan.exe)
It will say "Loading TrendMicro definitions".
Once the definitions are loaded, the program will appear to close then re-open.
Click "Start Scan"
After it's done scanning, click "Scan Results"
Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here along with a fresh HJT log

07-13-2005, 09:53 AM	#6 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Please download these additional files/programs :- (Do not run them unless instructed to do so) Unplug your computer from the Internet when you have finished downloading fixssk.reg - Right click on this & choose "Save As...". Save it to your Desktop & name it as fixssk.reg. Double click on fixssk.reg & click on Yes when asked to merge into the registry. Download the file I've attached to this post - sandreg.txt - & rename it to sandreg.reg. Run it by double clicking on it & answer YES when aske dto merge into the registry ~~~~~~~~~~~~~~ Uninstall the following programs, if present, using Control Panel > Add/Remove Programs : Weatherbug CxtPls Search3 Toolbar Surf SideKick ~~~~~~~~~~~~~~ Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard. C:\WINNT\LastGood\INF\ceres.inf C:\WINNT\LastGood\INF\ceres.inf C:\WINNT\LastGood\INF\ceres.PNF C:\WINNT\system32\saie.log C:\WINNT\system32\saieau.dat C:\WINNT\system32\saie_kyf.dat C:\WINNT\system32\vugwk.dat Start KillBox. Go to the File menu, and choose Paste from Clipboard. Verify that you've done this properly by clicking the dropdown-arrow next to the "Full Path of File to Delete" field. The filenames you pasted will be found in there. Select/tick the following: * Delete on Reboot * End Explorer Shell While Killing File * "Unregister.dll Before Deleting" if it's not grayed out. Click the RED X button. Click [Yes] at the 'Delete on Reboot' prompt. Click [Yes] at the Pending Operations prompt. ~~~~~~~~~~~~~~ Reboot to SafeMode Shut Windows down, and then turn off the computer. Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the [Windows Advanced Options] menu appears. Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter. ~~~~~~~~~~~~~~ Enable the viewing of Hidden files Open Windows Explorer Go to Tools>Folder Options>View tab. enable the option for `Show hidden files and folder´ disable the option for `Hide file extensions for known types´ disable the option for `Hide protected operating system files´ click "Yes" to confirm & then click "OK" Locate and delete the following folder(s), if present: C:\Program Files\CasStub\ C:\Program Files\Aprps\ C:\Program Files\Cas\ C:\Program Files\AWS\ C:\Documents and Settings\Administrator\Favorites\1111\ C:\Program Files\Search3 Toolbar C:\Documents and Settings\Administrator\Favorites\Casino & Carrers Locate and delete the following file(s), if present: C:\WINNT\System32\saie_.dat ~~~~~~~~~~~~~~ Run Cleanup! & configure the program up as follows: Click Options... Move the arrow down to Custom CleanUp! Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck* this option) Cleanup! All Users Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will delete all the files in your temp folders without making a backup ~~~~~~~~~~~~~~ Reboot to Normal mode & download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button). Save it to your desktop. Double-click the new icon on your desktop (tmas-web-scan.exe) It will say "Loading TrendMicro definitions". Once the definitions are loaded, the program will appear to close then re-open. Click "Start Scan" After it's done scanning, click "Scan Results" Make sure all items found have a check next to them, then click "Clean Threats Now". Click Exit. Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here along with a fresh HJT log __________________ Question - what have you done for the community today?