Help me plss [RESOLVED]
Started by
Travex
, May 11 2005 12:50 AM
#16
Posted 16 May 2005 - 08:46 PM
#17
Posted 17 May 2005 - 12:38 AM
First, I need you to locate HiJackThis here:
C:\Documents and Settings\Adminstrator\Local Settings\Temp\HijackThis.exe
UNZIP it, then move it to a permanent folder. This is important in case we need backups for any reason!!
Then, I need you to go into these folders and remove the CoolWebSearch links (in bold):
C:\Documents and Settings\Administrator\Favorites\AdultGambling.url
C:\Documents and Settings\Administrator\Favorites\Free Online Dating.url
C:\Documents and Settings\Administrator\Favorites\[bleep] Real Girls.url
C:\Documents and Settings\Administrator\Favorites\Kill Annoying Popups.url
C:\Documents and Settings\Administrator\Favorites\Online Sex Poker Rooms.url
C:\Documents and Settings\Administrator\Favorites\Play Adult-Poker.url
C:\Documents and Settings\Administrator\Favorites\Remove Toolbars.url
C:\Documents and Settings\Administrator\Favorites\Spyware Uninstall.url
C:\Documents and Settings\Administrator\Favorites\XXX personal photos.url
C:\Documents and Settings\All Users\Favorites\AdultGambling.url
C:\Documents and Settings\All Users\Favorites\Free Online Dating.url
C:\Documents and Settings\All Users\Favorites\[bleep] Real Girls.url
C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url
C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url
C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url
C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url
C:\Documents and Settings\All Users\Favorites\XXX personal photos.url
Please read these instructions carefully
*Click Here to download Killbox by Option^Explicit.
*Save it to your desktop.
*Double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field):
C:\Program Files\WareOut\wocount.exe
C:\WINDOWS\system32\minidrv.exe
C:\WINDOWS\system32\Tools\Restart.exe
Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you receive a "PendingRenamOperations..." prompt, click NO and restart your computer manually.
After your computer reboots, run HiJackThis and place a check next to the following items, if found, and click FIX CHECKED:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {9F5F8043-C1DA-838E-06AA-BF32A5E98C65} - 34763.dll (file missing)
O4 - HKLM\..\Run: [gabber] control64.exe
O4 - HKLM\..\Run: [FLKPT] ___.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [prcmon] TorontoMail.exe
O4 - HKCU\..\Run: [ATLIEHELPER] utsgmon.exe
O4 - HKCU\..\Run: [sound64] TForm1.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F2B1004-38E4-43AD-9D3A-57B11C7E8E75}: NameServer = 69.50.176.156,195.225.176.31
Close HiJackThis.
*IMPORTANT* Set your system to SHOW HIDDEN FILES
Then use Windows Explorer to delete the following files, in bold, if found:
C:\Program Files\WareOut
C:\Windows\System32\control64.exe
C:\Windows\System32\___.exe <- Yes, that's the name of the file!
C:\Windows\System32\TorontoMail.exe
C:\Windows\System32\utsgmon.exe
C:\Windows\System32\TForm1.exe
Post a new HiJackThis log.
C:\Documents and Settings\Adminstrator\Local Settings\Temp\HijackThis.exe
UNZIP it, then move it to a permanent folder. This is important in case we need backups for any reason!!
Then, I need you to go into these folders and remove the CoolWebSearch links (in bold):
C:\Documents and Settings\Administrator\Favorites\AdultGambling.url
C:\Documents and Settings\Administrator\Favorites\Free Online Dating.url
C:\Documents and Settings\Administrator\Favorites\[bleep] Real Girls.url
C:\Documents and Settings\Administrator\Favorites\Kill Annoying Popups.url
C:\Documents and Settings\Administrator\Favorites\Online Sex Poker Rooms.url
C:\Documents and Settings\Administrator\Favorites\Play Adult-Poker.url
C:\Documents and Settings\Administrator\Favorites\Remove Toolbars.url
C:\Documents and Settings\Administrator\Favorites\Spyware Uninstall.url
C:\Documents and Settings\Administrator\Favorites\XXX personal photos.url
C:\Documents and Settings\All Users\Favorites\AdultGambling.url
C:\Documents and Settings\All Users\Favorites\Free Online Dating.url
C:\Documents and Settings\All Users\Favorites\[bleep] Real Girls.url
C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url
C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url
C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url
C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url
C:\Documents and Settings\All Users\Favorites\XXX personal photos.url
Please read these instructions carefully
*Click Here to download Killbox by Option^Explicit.
*Save it to your desktop.
*Double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field):
C:\Program Files\WareOut\wocount.exe
C:\WINDOWS\system32\minidrv.exe
C:\WINDOWS\system32\Tools\Restart.exe
Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you receive a "PendingRenamOperations..." prompt, click NO and restart your computer manually.
After your computer reboots, run HiJackThis and place a check next to the following items, if found, and click FIX CHECKED:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {9F5F8043-C1DA-838E-06AA-BF32A5E98C65} - 34763.dll (file missing)
O4 - HKLM\..\Run: [gabber] control64.exe
O4 - HKLM\..\Run: [FLKPT] ___.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [prcmon] TorontoMail.exe
O4 - HKCU\..\Run: [ATLIEHELPER] utsgmon.exe
O4 - HKCU\..\Run: [sound64] TForm1.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F2B1004-38E4-43AD-9D3A-57B11C7E8E75}: NameServer = 69.50.176.156,195.225.176.31
Close HiJackThis.
*IMPORTANT* Set your system to SHOW HIDDEN FILES
Then use Windows Explorer to delete the following files, in bold, if found:
C:\Program Files\WareOut
C:\Windows\System32\control64.exe
C:\Windows\System32\___.exe <- Yes, that's the name of the file!
C:\Windows\System32\TorontoMail.exe
C:\Windows\System32\utsgmon.exe
C:\Windows\System32\TForm1.exe
Post a new HiJackThis log.
#18
Posted 18 May 2005 - 07:23 AM
Here You Go!
Logfile of HijackThis v1.99.1
Scan saved at 9:21:36 PM, on 5/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Download\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://gameguard1.le...Crypt/npkcx.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
Logfile of HijackThis v1.99.1
Scan saved at 9:21:36 PM, on 5/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Download\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://gameguard1.le...Crypt/npkcx.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
#19
Posted 18 May 2005 - 10:58 AM
Run HiJackThis. Place a check next to the below item and click FIX CHECKED:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
Close HiJackThis.
To protect your computer from the "DSO Exploit" it needs to be fully patched. Which means you need to go to http://www.microsoft.com click on "Windows Update" on the left hand side, then click on "Express Install" to install ALL security updates which includes XP Service Pack 2. This is very important!
After you get the security updates, post a new HiJackThis log.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
Close HiJackThis.
To protect your computer from the "DSO Exploit" it needs to be fully patched. Which means you need to go to http://www.microsoft.com click on "Windows Update" on the left hand side, then click on "Express Install" to install ALL security updates which includes XP Service Pack 2. This is very important!
After you get the security updates, post a new HiJackThis log.
Edited by bananafanafo, 18 May 2005 - 10:59 AM.
#20
Posted 20 May 2005 - 10:37 AM
Logfile of HijackThis v1.99.1
Scan saved at 12:34:09 AM, on 5/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Download\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://gameguard1.le...Crypt/npkcx.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
Scan saved at 12:34:09 AM, on 5/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Download\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://gameguard1.le...Crypt/npkcx.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
#21
Posted 20 May 2005 - 10:44 AM
It looks fine, but like I said you NEED service pack 2 to protect your computer from the DSO Exploit!!
Please follow the link in my previous post to get the security updates.
Please follow the link in my previous post to get the security updates.
#22
Posted 21 May 2005 - 09:27 AM
I tried installing servicepac2 its really a big file...
and i was not successful in installing the update. . .
does my pc really nid this file...
wat will i do,,
and i was not successful in installing the update. . .
does my pc really nid this file...
wat will i do,,
#23
Posted 21 May 2005 - 11:12 AM
Nah, you don't need it if you like your computer being vulnerable to attackers/infections...
You need the service pack.
But, like I said you log is clean...so if you don't get the service pack, I'll see you back here sometime soon
Congratulations your log is clean! Great job on the clean up
I recommend checking the http://www.microsoft.com website periodically for critical updates to install.
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
Ewido Security Suite <= Protection against Trojans, Worms, Dialers, Hijackers, Spyware, and Keyloggers.
Detect and Remove Programs:
You need the service pack.
But, like I said you log is clean...so if you don't get the service pack, I'll see you back here sometime soon
Congratulations your log is clean! Great job on the clean up
I recommend checking the http://www.microsoft.com website periodically for critical updates to install.
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
Ewido Security Suite <= Protection against Trojans, Worms, Dialers, Hijackers, Spyware, and Keyloggers.
Detect and Remove Programs:
- How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
- How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
- Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
- Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
- Google Toolbar <= Get the free google toolbar to help stop pop up windows.
- AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
- Firewall<= A firewall is definitely a must have. Two good free versions are Sygate and ZoneAlarm.
#24
Posted 28 May 2005 - 02:28 AM
One more thing...
How to turn off the DSO Exploit warning in SpyBot:
The Data Source Object (DSO) Exploit is a security gap in Internet Explorer, Outlook and Outlook Express. Microsoft has already closed this gap through Windows Update security updates. So if you have kept your Windows up to date, it should no longer be a threat to your system.
Unfortunately, Spybot Search & Destroy will still detect DSO Exploit. However, instead of fixing it for good, Spybot will set it back to the invalid value. Therefore, Spybot will continue to detect it even on a clean system.
This bug in Spybot Search & Destroy has already been repaired in beta versions and the official fix should be made available through a later update.
You can set Spybot to ignore DSO Exploit if it is really bothering you.
How to turn off the DSO Exploit warning in SpyBot:
The Data Source Object (DSO) Exploit is a security gap in Internet Explorer, Outlook and Outlook Express. Microsoft has already closed this gap through Windows Update security updates. So if you have kept your Windows up to date, it should no longer be a threat to your system.
Unfortunately, Spybot Search & Destroy will still detect DSO Exploit. However, instead of fixing it for good, Spybot will set it back to the invalid value. Therefore, Spybot will continue to detect it even on a clean system.
This bug in Spybot Search & Destroy has already been repaired in beta versions and the official fix should be made available through a later update.
You can set Spybot to ignore DSO Exploit if it is really bothering you.
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose "Yes" at the Warning prompt.
- Expand the "Settings" menu.
- Click "Ignore products".
- Click the "Security" tab.
- Check the "DSO Exploit" box.
- In the File menu click "Exit" to exit Spybot Search & Destroy.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users