unable to change to "Show hiden files"

[neal2087]

i have it  installed but its installed just because my internet client dosent launch if its not installed and i close it after i launch my  internet client i close all its processes as it dosent catch any malewares and it eats up my  memory making all process go slow

this is the log file u requested :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\windows\system32\28463 not found.
c:\windows\Tasks\At1.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\nilesh\LOCALS~1\Temp\Perflib_Perfdata_a3c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\nilesh\LOCALS~1\Temp\Perflib_Perfdata_a58.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\nilesh\LOCALS~1\Temp\~DF330E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\nilesh\Local Settings\Application Data\Mozilla\Firefox\Profiles\13l2jbiy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\nilesh\Local Settings\Application Data\Mozilla\Firefox\Profiles\13l2jbiy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\nilesh\Local Settings\Application Data\Mozilla\Firefox\Profiles\13l2jbiy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\nilesh\Local Settings\Application Data\Mozilla\Firefox\Profiles\13l2jbiy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11072008_190348

Files moved on Reboot...
File C:\DOCUME~1\nilesh\LOCALS~1\Temp\Perflib_Perfdata_a3c.dat not found!
File C:\DOCUME~1\nilesh\LOCALS~1\Temp\Perflib_Perfdata_a58.dat not found!
File C:\DOCUME~1\nilesh\LOCALS~1\Temp\~DF330E.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_8c.dat moved successfully.
C:\Documents and Settings\nilesh\Local Settings\Application Data\Mozilla\Firefox\Profiles\13l2jbiy.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\nilesh\Local Settings\Application Data\Mozilla\Firefox\Profiles\13l2jbiy.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\nilesh\Local Settings\Application Data\Mozilla\Firefox\Profiles\13l2jbiy.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\nilesh\Local Settings\Application Data\Mozilla\Firefox\Profiles\13l2jbiy.default\Cache\_CACHE_MAP_ moved successfully.


This is the hijack this log file :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:59 PM, on 11/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Documents and Settings\nilesh\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sify.com/?userid=3729&check=838d03a7347f55fa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4200454F-5193-4FCE-A2EF-DA93D4C4CD0A}: NameServer = 202.144.115.4,202.144.66.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{4200454F-5193-4FCE-A2EF-DA93D4C4CD0A}: NameServer = 202.144.115.4,202.144.66.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{4200454F-5193-4FCE-A2EF-DA93D4C4CD0A}: NameServer = 202.144.115.4,202.144.66.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (file missing)

--
End of file - 4682 bytes

[guestolo]

i have it installed but its installed just because my internet client dosent launch if its not installed and i close it after i launch my internet client i close all its processes as it dosent catch any malewares and it eats up my memory making all process go slow

I'm not familiar with your ISP's requirements
Hopefully your Virus scanner updates?

I would like to do some final cleanup of the tools we used, but I'm hesitating till you had a chance to clean your cousin's pen drive

For now, can you do the following
I suggest that you add SpywareBlaster to your protection software, this small program does not, and won't run in the background
SpywareBlaster  by JavaCool  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

Take a look at miekiemoes' site with other ideas on How to prevent Malware:
You can also look at her site Help! My computer is slow!

[neal2087]

MY isp's name is Sifybroadband

this antivirus dosent update itself

i wont be inserting her pendrive in my pc unles i get AVG or something causei am going to  change my ISP  soon  and will get AVG installed then untill then no other flash drives going in my pc

am downloading that s/w u said

[guestolo]

Let's clean some of the tools we used
I would opt to hold onto Malwarebytes AntiMalware
Update and run a Quick Scan occassionally

You can delete Flash_Disinfector and DirLook from desktop

Then, * Go to START> RUN and copy and paste next command :

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore.

OTMoveit3

• Double-click OTMoveIt3.exe to run it.
  
• Click the Cleanup! button
  A list will be downloaded>>Allow it Internet access if prompted by your Firewall
  Don't change anything in this list
  
• Select Yes at the prompt
  Wait for the confirmation box to open to reboot the computer
  Don't mouseclick during the wait as you may cause the tool to stall
  
• Select Yes to reboot Now
  

NOTE: This procedure will also delete OTMoveit.exe from desktop

Stay safe
Note: You should convince your cousin to post a log
Try and stop some of the infections being passed around by her thumbdrive
Or at least, have her run Flash_Disinfector.exe with her thumbdrive inserted to the computer
And run an Updated Virus scan on her pendrive and whole computer