|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
05-31-2005, 07:54 AM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 9
OS: NT200
|
Spyware please help
Please help me to get rid of the spyware on my PC.
I created the log file with the Highjack This Analyzer. Thank you for your help. ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 9:52:33 AM, on 5/31/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe C:\Program Files\AccessManager\Client\AMBroker.exe C:\Program Files\Network ICE\BlackICE\blackd.exe C:\WINNT\System32\ccsrvc.exe C:\Program Files\IP VPN Remote Services\cvpnd.exe C:\Program Files\Altiris\Carbon Copy\shellker.exe C:\BOSSDE\DEClntNT.EXE C:\Program Files\3C Software\ImpactECS\Imp3CSvr.exe C:\Program Files\AccessManager\PMAC\sp_SWIns.exe C:\PROGRA~1\Altiris\CARBON~1\client.exe C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe C:\WINNT\System32\RASLOGON.EXE C:\Program Files\AccessManager\Client\AccessMgr.exe C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe C:\WINNT\system\astcg.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\vs7jit.exe C:\PROGRA~1\COMMON~1\MICROS~1\VS7Debug\vs7jit.exe C:\HighJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ffbunet.bpweb.bp.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.maxifiles.com/toolbar/sid...d=%AffiliateID R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Fabrics1 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = f1aussm001.fabrics1.com:8002 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.bp.com;*.fabrics1.com;*.*.bp.com;*.*.*.bp.com;*.amoco.com;172.26.*.*;<local> R3 - URLSearchHook: MaxiFiles - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\MaxiFiles\maxifiles.dll O2 - BHO: (no name) - {31001E19-CDF4-AF30-9AD2-9C90C8004650} - C:\WINNT\cdmweb\fuisdkrlqj.dll O4 - HKLM\..\Run: [IBMPMSVC] C:\WINNT\System32\ibmpmsvc.exe -helper O4 - HKLM\..\Run: [iRAS Logon Tool Current User Settings] C:\Program Files\BP\iRAS\ACU.exe O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe" O4 - HKLM\..\Run: [RASLogon] %SystemRoot%\System32\RASLOGON.EXE O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\eXpress\NS Client\AeXAgentActivate.exe" /logon O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe O4 - HKLM\..\Run: [PS1] C:\WINNT\system32\ps1.exe O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteotd32.exe O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe" O4 - HKLM\..\Run: [wyhvhc] C:\WINNT\system32\wyhvhc.exe O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe O4 - Global Startup: Cisco Systems IP VPN Remote Services.lnk = C:\Program Files\IP VPN Remote Services\vpngui.exe O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll O12 - Plugin for .dmn: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL O12 - Plugin for .dmo: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL O12 - Plugin for .dmu: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL O14 - IERESET.INF: START_PAGE_URL=http://ffbunet.fabrics1.com/ O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {6BF35011-3AE5-44D3-A8BB-73ED462A0BC0} (EZUploader Control) - http://www.ezprints.com/software/ezuploader.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fabrics1.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bp1.ad.bp.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fabrics1.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fabrics1.com O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINNT\System32\ccsrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\IP VPN Remote Services\cvpnd.exe O23 - Service: CWShredder Service - InterMute, Inc. - C:\CWShreder\CWShredder.exe O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe O23 - Service: BOSS DiagWin Client (DEClntService) - Unknown owner - C:\BOSSDE\DEClntNT.EXE O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe O23 - Service: Impact Server - 3C Software, Inc. - C:\Program Files\3C Software\ImpactECS\Imp3CSvr.exe O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe End of KRC HijackThis Analyzer Log. ==================================================================== |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
05-31-2005, 07:43 PM
|
#2 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
  |
Hi and Welcome to TSF
Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log….. If you have a highspeed connection please Run an online virus scan from TrendMicro Please select the “autoclean” option when prompted to do so. Open My Computer-->Tools-->Folder Options-->View-->Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files and click YES and then OK.. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove MaxiFiles if listed. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure) C:\WINNT\system\astcg.exe Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.maxifiles.com/toolbar/si...id=%AffiliateID R3 - URLSearchHook: MaxiFiles - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\MaxiFiles\maxifiles.dll O2 - BHO: (no name) - {31001E19-CDF4-AF30-9AD2-9C90C8004650} - C:\WINNT\cdmweb\fuisdkrlqj.dll O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteotd32.exe O4 - HKLM\..\Run: [wyhvhc] C:\WINNT\system32\wyhvhc.exe O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe Delete the following Files/Folders in RED (delete folders if no filename is specified or if they are highlighted in RED) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directorys..ect enabled if it applys to your OS) C:\winnt\system32\eliteotd32.exe C:\WINNT\system32\wyhvhc.exe C:\WINNT\cdmweb\fuisdkrlqj.dll C:\Program Files\MaxiFiles\maxifiles.dll C:\WINNT\VCMnet11.exe C:\WINNT\system\astcg.exe C:\Program Files\Common Files\mc-58-12-0000079-d.exe Once done...reboot into normal mode and proceed with the next step. Download ewido security suite from here… http://www.ewido.net/en/download/ Update it’s database from here.. http://www.ewido.net/en/download/updates/ Run a scan and let it clean the PC. Post a new hijackthis log when complete.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
   Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
06-01-2005, 12:44 PM
|
#3 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 9
OS: NT200
|
Log File after the suggested steps
Thanks MicroBell.
I did all the steps that you have suggested and this is my log file after the fixes. I created the log file with the HighJackThis Analyzer. ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 2:40:40 PM, on 6/1/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe C:\Program Files\AccessManager\Client\AMBroker.exe C:\Program Files\Network ICE\BlackICE\blackd.exe C:\WINNT\System32\ccsrvc.exe C:\Program Files\IP VPN Remote Services\cvpnd.exe C:\Program Files\Altiris\Carbon Copy\shellker.exe C:\BOSSDE\DEClntNT.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\3C Software\ImpactECS\Imp3CSvr.exe C:\Program Files\AccessManager\PMAC\sp_SWIns.exe C:\PROGRA~1\Altiris\CARBON~1\client.exe C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe C:\WINNT\System32\RASLOGON.EXE C:\Program Files\AccessManager\Client\AccessMgr.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe C:\HighJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ffbunet.bpweb.bp.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Fabrics1 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = f1aussm001.fabrics1.com:8002 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.bp.com;*.fabrics1.com;*.*.bp.com;*.*.*.bp.com;*.amoco.com;172.26.*.*;<local> O4 - HKLM\..\Run: [IBMPMSVC] C:\WINNT\System32\ibmpmsvc.exe -helper O4 - HKLM\..\Run: [iRAS Logon Tool Current User Settings] C:\Program Files\BP\iRAS\ACU.exe O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe" O4 - HKLM\..\Run: [RASLogon] %SystemRoot%\System32\RASLOGON.EXE O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\eXpress\NS Client\AeXAgentActivate.exe" /logon O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe O4 - Global Startup: Cisco Systems IP VPN Remote Services.lnk = C:\Program Files\IP VPN Remote Services\vpngui.exe O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll O12 - Plugin for .dmn: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL O12 - Plugin for .dmo: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL O12 - Plugin for .dmu: C:\PROGRA~1\INTERN~1\PLUGINS\NPDWSS32.DLL O14 - IERESET.INF: START_PAGE_URL=http://ffbunet.fabrics1.com/ O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {6BF35011-3AE5-44D3-A8BB-73ED462A0BC0} (EZUploader Control) - http://www.ezprints.com/software/ezuploader.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fabrics1.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bp1.ad.bp.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fabrics1.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fabrics1.com O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINNT\System32\ccsrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\IP VPN Remote Services\cvpnd.exe O23 - Service: CWShredder Service - InterMute, Inc. - C:\CWShreder\CWShredder.exe O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe O23 - Service: BOSS DiagWin Client (DEClntService) - Unknown owner - C:\BOSSDE\DEClntNT.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe O23 - Service: Impact Server - 3C Software, Inc. - C:\Program Files\3C Software\ImpactECS\Imp3CSvr.exe O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe End of KRC HijackThis Analyzer Log. ==================================================================== |
|
|
|
|
06-01-2005, 08:34 PM
|
#4 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Your log is clean. Any more issues? If not...you should be set. Please disable system restore and re-enable it. This will clear the infection out of the restore folder. Please read through the spyware prevention section on how to protect yourself from spyware/adware Here and use the recommend programs and methods to protect yourself!
I also want to confirm the following entrys are a part of your company network and ISP provider... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ffbunet.bpweb.bp.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Fabrics1 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = f1aussm001.fabrics1.com:8002 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.bp.com;*.fabrics1.com;*.*.bp.com;*.*.*.bp.com;*. amoco.com;172.26.*.*;<local> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fabrics1.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bp1.ad.bp.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fabrics1.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fabrics1.com
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
| Thread Tools | |
|
|
