Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problem with Smit.Fraud! [RESOLVED]

Started by Womanizer58 , May 12 2005 07:23 PM

  • This topic is locked This topic is locked

#1
Womanizer58
Posted 12 May 2005 - 07:23 PM

Womanizer58

    New Member

  • Member
  • Pip
  • 4 posts
I've been having a lot of problems with this guy. He's knocked out my background on my desktop as well as hijacking several pages to go to quicknavigate.com. I haven't really gotten a slow down yet, just those annoyances. Any help will be greatly appreciated.

Here is my hijack-this logfile.

Logfile of HijackThis v1.99.1
Scan saved at 9:22:13 PM, on 5/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
C:\Program Files\Anonymizer\sk\spywarekiller.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Documents and Settings\Danny\Juno\bin\juno.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\HJT2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.juno.com/s...1678e6575788303
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s...1678e6575788303
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s...1678e6575788303
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://my.juno.com/s...1678e6575788303
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://my.juno.com/s...1678e6575788303
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SAP IT
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp9C71.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\Anonymizer\sk\spywarekiller.exe /BOOT
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: hp psc 1000 series.lnk.disabled
O4 - Global Startup: SpySubtract.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FEF735A-F80C-468B-A05A-820D31336A63}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DADB302-F59F-4F32-9457-34B794A88AC8}: NameServer = 64.136.28.122 64.136.20.122
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wdf.sap.corp,phl.sap.corp
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FEF735A-F80C-468B-A05A-820D31336A63}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wdf.sap.corp,phl.sap.corp
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FEF735A-F80C-468B-A05A-820D31336A63}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wdf.sap.corp,phl.sap.corp
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Rescue_Account - Unknown owner - C:\WINDOWS\srvany.exe

Thanks in advance. :tazz:
  • 0

Advertisements

#2
greyknight17
Posted 12 May 2005 - 08:32 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Just want to know some more information on this. Right click on your desktop and go to Properties. Which tabs are showing up there now? Go into each tab and also see what is functioning and what is disabled. Just take note and post the followup after you do the below fixes. I just need to know what was disabled by this infection and try to help you enable it back later.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download KillBox http://www.greyknigh...spy/KillBox.exe. Don't run it yet.

Right click on this link and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s...1678e6575788303
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp9C71.tmp
O4 - Startup: PowerReg Scheduler V3.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} -

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
c:\wp.exe
c:\wp.bmp
C:\WINDOWS\System32\hp9C71.tmp

Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.
  • 0

#3
Womanizer58
Posted 14 May 2005 - 09:41 PM

Womanizer58

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for your help. :tazz:

When I open properties, the only two tabs are Screensaver and Settings, but these two have everything working.

I'll follow your instructions and hope for the best.

Thanks again!
  • 0

#4
Womanizer58
Posted 14 May 2005 - 09:57 PM

Womanizer58

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
If I wasn't Catholic, I would make you a god. I've been so frustrated with this thing, and you fix it in one post.

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:40:29 PM, on 5/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\HJT2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.juno.com/s...1678e6575788303
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s...1678e6575788303
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...1678e6575788303
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s...1678e6575788303
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://my.juno.com/s...1678e6575788303
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://my.juno.com/s...1678e6575788303
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SAP IT
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\Anonymizer\sk\spywarekiller.exe /BOOT
O4 - Global Startup: hp psc 1000 series.lnk.disabled
O4 - Global Startup: SpySubtract.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FEF735A-F80C-468B-A05A-820D31336A63}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wdf.sap.corp,phl.sap.corp
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FEF735A-F80C-468B-A05A-820D31336A63}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wdf.sap.corp,phl.sap.corp
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FEF735A-F80C-468B-A05A-820D31336A63}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wdf.sap.corp,phl.sap.corp
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Rescue_Account - Unknown owner - C:\WINDOWS\srvany.exe


There still is one problem however. I only have Screensaver and Settings tabs in Properties. What would I have to do to bring the others back?

And once again, thank you.
  • 0

#5
greyknight17
Posted 16 May 2005 - 07:12 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
God? LOL. We are glad to help you out :tazz:

No problem, we'll fix that all up now.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\System32\msmsgs.exe

Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.

OK, to fix that display properties problem, right click on this link and choose Save As. Save it on your desktop. Now double click on that file and choose yes to add/merge it to the registry.
  • 0

#6
Womanizer58
Posted 17 May 2005 - 08:31 AM

Womanizer58

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks again. Here is the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:32:02 AM, on 5/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\HJT2\HijackThis.exe
C:\Documents and Settings\Danny\Juno\bin\juno.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.juno.com/s...1678e6575788303
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s...1678e6575788303
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...1678e6575788303
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s...1678e6575788303
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s...1678e6575788303
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://my.juno.com/s...1678e6575788303
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://my.juno.com/s...1678e6575788303
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SAP IT
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\Anonymizer\sk\spywarekiller.exe /BOOT
O4 - Global Startup: hp psc 1000 series.lnk.disabled
O4 - Global Startup: SpySubtract.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FEF735A-F80C-468B-A05A-820D31336A63}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wdf.sap.corp,phl.sap.corp
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FEF735A-F80C-468B-A05A-820D31336A63}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wdf.sap.corp,phl.sap.corp
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FEF735A-F80C-468B-A05A-820D31336A63}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wdf.sap.corp,phl.sap.corp
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Rescue_Account - Unknown owner - C:\WINDOWS\srvany.exe

Thanks again.
  • 0

#7
greyknight17
Posted 17 May 2005 - 07:38 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Is nLayer Communications Inc. your Internet Service Provider?

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} -

No need for a new log (assuming that nLayer is your Internet Service Provider).

Your log is clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#8
greyknight17
Posted 22 June 2005 - 07:09 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP