Blaster Function Detail

Discussion in 'adware, spyware & hijack cleaning' started by Trogladyte, Apr 28, 2004.

Thread Status:
Not open for further replies.
  1. Trogladyte

    Trogladyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    4
    Greetings,
    Thanks for this opportunity.

    I did a short search but couldn't find the exact answer I need.

    I have my first question, about SpywareBlaster. In the Tools tab, with 'Browser Pages' selected, I see 16 items listed in the 'Internet Explorer browser pages' field. It says in Help that I may change these. Is deleting possible? Most of mine are 'c:searchpage.html#1524'. Whenever I try to alter these to my normal homepage URL, maybe 2 or 3 will take, but then they revert back to what they were. Is this normal? Should I be doing this in the first place?

    Would this be easier if I included the Spyware Blaster results?

    -rg-
     

    Attached Files:

  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Trogladyte,

    Welcome to Wilder's!!!!!

    First download Ad-Aware and double-click to install.
    Then follow the following steps:

    1.) Start Ad-Aware by double-clicking on its desktop icon.
    2.) Update Ad-aware by using its Globe icon.
    3.) After updating, close all IE windows, then close and restart Ad-aware.
    4.) Be sure the following items are checked under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
    "Unload recognized processes during scanning".
    5.) Be sure the following items are checked under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    "Automatically mark all objects in result list".
    "Automatically try to unregister objects prior to deletion".
    "XP/2000: Allow unloading explorer to unload shell extensions prior deletion" <-- Check only if you have Windows XP or 2000.
    "Let Windows remove files in use after reboot".
    6.) Press "Scan Now".
    7.) Check option "Use Custom scanning options".
    8.) Check option "Activate In-Depth Scan".
    9.) Press "Select drives\folders to scan".
    10.) Select the active partition which is usually C:
    11.) Press "Next" to let Ad-aware scan your drives...
    12.) If it finds "bad" files and registry keys, press "Next" again.
    13.) All items should be checked. if not right-click in that pane and choose "select all".
    14.) Press "next".
    15.) When it asks to remove all checked items, Press "OK".
    16.) You may now exit out of Ad-Aware and reboot your system. Then go to the next section for SpyBot S&D.

    Now download Spybot S&D and install by double-clicking on the downloaded file.
    Then follow the following steps:

    1.) Run Spybot S&D from desktop icon or Start menu.
    2.) Press "Search for updates" button to get list of updates available.
    3.) Press "Download updates" button.
    4.) Close all IE windows, then close and restart Spybot S&D.
    5.) Press "Check for problems" button.
    6.) Have SpyBot remove all it marks in red by pressing "Fix selected problems".
    7.) You may now exit out of SpyBot and reboot your system. Then go to the next section for CWShredder.

    Please download the latest copy of CWShredder and run by double-clicking the icon of the file you just downloaded.
    Click FIX and follow the instructions given.

    Now reboot your system and post HJT log.

    Regards,
    Kent
     
  3. Trogladyte

    Trogladyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    4
    Kent,
    In Ad-Aware, the "Automatically mark all objects in result list" was Grayed-out. Also, the "XP/2000: Allow unloading explorer to unload shell extensions prior deletion" was grayed-out. Everything else when as you suggested it would. I downloaded and ran the other two progs and the HJT report is below........................

    Logfile of HijackThis v1.97.7
    Scan saved at 11:51:33 AM, on 29/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\System32\timesync.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\DownloadedProgs\TestThenDump2\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.excite.com
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    .....................................................................................
    Should I now not have to worry about making the changes, as mentioned in the initial question?

    -rg-
     
  4. Trogladyte

    Trogladyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    4
    Let me add a screenshot for the present.

    -rg-
     

    Attached Files:

  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Running the CWShredder should have solved the behavior of those pages being put back. Let us know if that is not true.

    Regards,

    Pieter
     
  6. Trogladyte

    Trogladyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    4
    You guys deserve, at least, a Ferrari to drive around in, when you get to heaven.
    Thanks for the concise help.

    -rg-
     
Thread Status:
Not open for further replies.