Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spysheriff? [resolved]


  • Please log in to reply

#1
knihc2008

knihc2008

    Member

  • Member
  • PipPip
  • 25 posts
this malware seems to have taken over my computer. i can't even open ie anymore, so i have to transfer logs, etc to another computer to get online. annoying!

Logfile of HijackThis v1.99.1
Scan saved at 1:43:48 PM, on 6/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
D:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\gopy.dll
O2 - BHO: (no name) - {E9590744-812B-46C3-96EB-33212855927D} - C:\WINDOWS\System32\netcfg.dll (file missing)
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [WG511WLU] D:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
O4 - HKLM\..\Run: [DNSCacheBoost] C:\WINDOWS\System32\dnsping.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = D:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFBE07E-36B9-4E82-B05A-0DFDBBB79776}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{B982E7D7-0F77-4FDC-AAB0-3505BF021629}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEC36D72-2737-4162-BB3B-B1DAC6BFB701}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6AA7EA1-85D8-496D-BD82-175B2F1ADC7D}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFDB8FF7-EF46-474F-8722-D939CD2446B3}: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

thanks in advance! :tazz:
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Since it's been awhile, please run a new log and post it.
  • 0

#3
knihc2008

knihc2008

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
the log is the same. the computer hasn't been on or online since i posted that log before.
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Is this your ISP? I'm thinking that it isn't. See note below in italics regarding 017 entries.

OrgName:    Atrivo
OrgID:      ATRIV
Address:    200 Paul Avenue
City:      San Francisco
StateProv:  CA
PostalCode: 94124
Country:    US


Please Download CoolWebShredder, from http://www.geekstogo...=download&id=17 , Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants

First, download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download, install, and update Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Once in Safe Mode, Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

After Cleanup! is finished:
  • Run Ewido.
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
Reboot into normal mode.

Go to Start > Control Panel > Add or Remove Programs and remove the following:

SpySheriff

Exit Add or Remove Programs.

Delete the following, in bold, if found:

C:\Program Files\SpySheriff <-whole folder
C:\Windows\Desktop.html
C:\winstall.exe

Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HiJackThis. Place a check next to the following items, if found, and click FIX CHECKED:


O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\gopy.dll
O2 - BHO: (no name) - {E9590744-812B-46C3-96EB-33212855927D} - C:\WINDOWS\System32\netcfg.dll (file missing)

O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)

O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
O4 - HKLM\..\Run: [DNSCacheBoost] C:\WINDOWS\System32\dnsping.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE<<resource hog

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll


O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

Remember the note from above regarding your ISP. If it is NOT your ISP, put check marks next to these 017 entries.
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFBE07E-36B9-4E82-B05A-0DFDBBB79776}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{B982E7D7-0F77-4FDC-AAB0-3505BF021629}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEC36D72-2737-4162-BB3B-B1DAC6BFB701}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6AA7EA1-85D8-496D-BD82-175B2F1ADC7D}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFDB8FF7-EF46-474F-8722-D939CD2446B3}: NameServer = 69.50.166.94,69.31.80.244



O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe


Close HiJackThis.

RIGHT-CLICK HERE and go to Save As (in IE it's "Save Target As") in order to download the smitfraud reg to your desktop.

Double-click smitfraud.reg on your desktop. When asked if you want to merge with the registry click YES.

After the merged successfully prompt, Using Windows Explorer, navigate to the following folder:

C:\Windows\Prefetch

If there are any files inside the Prefetch folder, delete ALL of them. (Do NOT delete the folder. Just delete the files inside.)

Reboot your computer.

You should be able to change your desktop back to normal now.

Post the report from Ewido and a new HiJackThis log into this topic.

Edited by coachwife6, 20 June 2005 - 11:21 AM.

  • 0

#5
knihc2008

knihc2008

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
hi, wanted to thank you tons (Again) for saving my computer. it all seems to be working fine now. here are the logs just in case something's still lurking.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:20:32 PM, 6/27/2005
+ Report-Checksum: 3079B6F0

+ Date of database: 6/20/2005
+ Version of scan engine: v3.0

+ Duration: 40 min
+ Scanned Files: 52231
+ Speed: 21.67 Files/Second
+ Infected files: 30
+ Removed files: 30
+ Files put in quarantine: 30
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
C:\Documents and Settings\Chan\Cookies\chan@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Chan\Cookies\chan@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Chan\Cookies\chan@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227716.exe -> Spyware.Small.cg -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227717.exe -> Spyware.Small.br -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227718.exe -> TrojanDropper.Small.ow -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227719.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227720.exe -> TrojanDownloader.Small.agg -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227721.exe -> TrojanDownloader.Small.awa -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227722.exe -> TrojanDownloader.Agent.ho -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227723.exe -> TrojanDropper.Small.wv -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227724.exe -> TrojanDownloader.Small.aqu -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227725.exe -> Dialer.Generic -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227726.dll -> Spyware.Zbar -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227727.exe -> TrojanDownloader.Small.aue -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227728.exe -> TrojanDownloader.Small.aue -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227729.exe -> Not-A-Virus.Hoax.Renos.a -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227730.exe -> TrojanDownloader.Small.awa -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227731.exe -> TrojanDownloader.Small.awa -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227732.exe -> TrojanDownloader.Agent.ho -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227733.dll -> TrojanDownloader.Agent.li -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227734.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227735.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227736.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227737.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227738.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227739.exe -> TrojanDownloader.Agent.cz -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227740.DLL -> Spyware.ClearSearch -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227741.exe -> Not-A-Virus.Hoax.Renos.a -> Cleaned with backup
C:\System Volume Information\_restore{DFAD0B93-3AA7-402A-837E-723AE412F656}\RP913\A0227742.exe -> Spyware.Hijacker.Generic -> Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 6:24:20 PM, on 6/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
D:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Chan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [WG511WLU] D:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Cisco Systems VPN Client.lnk = D:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
  • 0

#6
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Looks clean, and it's running well.

Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. ;)


We highly recommend installing SP2. Click here: http://windowsupdate.microsoft.com/.
-or-
It's a very large download, so if you're on dial-up, order a free CD here:
http://www.microsoft...default810.mspx

I would also reset your restore points.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP