Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spysherrif


  • Please log in to reply
3 replies to this topic

#1 cirulis

cirulis

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 18 June 2005 - 12:15 AM

Hi,
I recently got infected spy spysherrif and i am having trouble removing it.
Can anyone tell me which files i need to get rid of in this log.
thanks in advanced
Brett

Logfile of HijackThis v1.99.1
Scan saved at 3:09:46 PM, on 18/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\NET.EXE
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Archive\archive.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\internat.exe
C:\Program Files\ObjectDock\ObjectDock.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R3 - URLSearchHook: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINNT\system32\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ar\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINNT\system32\toolbar.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINNT\system32\nsk743.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\system32\nzdd.dll
O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINNT\system32\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InfoPenMSN] C:\Program Files\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Ultimate Popup Killer] E:\Brett\Programs\Ultimate Popup Killer\Popupkiller.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DTV Remote Control.lnk = C:\Program Files\V-Stream Multimedia\DVBT USB Utilities\DVBTRCtl.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload Plus.lnk = C:\Program Files\Real\RealDownload\RealDownload.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\SurfSecret\Popup Eliminator\PEToolBar500.dll (file missing)
O9 - Extra 'Tools' menuitem: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\SurfSecret\Popup Eliminator\PEToolBar500.dll (file missing)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://www.wildtangent.com/multiplayer/cannonsmmp/wtinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ee.mu.oz.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6D5BEC2-2389-4A89-8E78-775F42B9D2F7}: Domain = ee.mu.oz.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{D93FA3EE-C22C-42C3-BA20-0CD387C5A000}: NameServer = 203.12.160.35 203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ee.mu.oz.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ee.mu.oz.au,unimelb.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ee.mu.oz.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ee.mu.oz.au,unimelb.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ee.mu.oz.au,unimelb.edu.au
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: events (events) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: FireDaemon Service: svhost (svhost) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe



BC AdBot (Login to Remove)

 


m

#2 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:07 AM

Posted 18 June 2005 - 10:01 AM

Welcome cirulis to Bleeping Computer.

Please read these instructions carefully. You may want to print them as we will perform most of this advise in safe mode.
Be sure to follow ALL instructions!



Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
In the list find:
SpySheriff
ISearch

Press ‘delete this entry’.

***

Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HiJackThis. Place a check next to the following items, if found, and click FIX CHECKED:

R3 - URLSearchHook: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINNT\system32\toolbar.dll

O2 - BHO: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINNT\system32\toolbar.dll

O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINNT\system32\nsk743.dll

O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\system32\nzdd.dll

O3 - Toolbar: iSearch Toolbar - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINNT\system32\toolbar.dll

O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/drm.cab

Close HiJackThis.

***

Delete the following, in bold, if found:

C:\Program Files\SpySheriff <-whole folder
C:\Program Files\Archive\ <-whole folder
C:\Program Files\Common Files\GMT\ <-whole folder
C:\Windows\Desktop.html
C:\winstall.exe

***

Copy everything inside the quote box below (starting with REGEDIT4). Paste it into Notepad. Go up to "File > Save As", then click the drop-down box to change the "Save As Type" to "All Files". Save it as fixspy.reg on your desktop. *Make sure there is NO blank line above REGEDIT4

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=-


Double-click fixspy.reg on your desktop. When asked if you want to merge with the registry click YES. After the merged successfully prompt, please reboot your computer.

You should be able to change your desktop back to normal now.

***

Please do an online scan, 2 would be better,

Trend Micro Housecall
Panda online scan

Make sure that you choose "fix" or "clean".

Save the results from the scan!

***

Post a new HiJackThis log.


Posted Image
Life is what happens while you're making other plans

#3 cirulis

cirulis
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 18 June 2005 - 07:56 PM

:thumbsup: :flowers: Thanks so much mate! :trumpet:

Its finally gone and the desktop is back to normal. This one was really annoying me!. The other day i got this program called psguard but i just looked on this site and followed instructions to kill it and that worked. It is a very helpful site.

Just out of curosity, where do this dodgy programs come from? i mainly use opera and firefox and i use zonealarm and a virus scan. But IE still gets used occasionaly on this computer. Is it though ie that they get on the computer?

Here is the new hjthis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:55:13 AM, on 19/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\NET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\internat.exe
C:\Program Files\ObjectDock\ObjectDock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ar\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InfoPenMSN] C:\Program Files\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Ultimate Popup Killer] E:\Brett\Programs\Ultimate Popup Killer\Popupkiller.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DTV Remote Control.lnk = C:\Program Files\V-Stream Multimedia\DVBT USB Utilities\DVBTRCtl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload Plus.lnk = C:\Program Files\Real\RealDownload\RealDownload.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://www.wildtangent.com/multiplayer/cannonsmmp/wtinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ee.mu.oz.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6D5BEC2-2389-4A89-8E78-775F42B9D2F7}: Domain = ee.mu.oz.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{D93FA3EE-C22C-42C3-BA20-0CD387C5A000}: NameServer = 203.12.160.35 203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ee.mu.oz.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ee.mu.oz.au,unimelb.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ee.mu.oz.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ee.mu.oz.au,unimelb.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ee.mu.oz.au,unimelb.edu.au
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: events (events) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: FireDaemon Service: svhost (svhost) - Unknown owner - C:\WINNT\system32\FireDaemon.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe


cheers
Brett

ps: the online scans are running atm.

#4 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:07 AM

Posted 19 June 2005 - 04:33 AM

Looks good, how is your computer running now?


Almost forgot.
I recommend using Opera and Firefox for regular browsing.
IE can be used if those two don't work and during updates.

Edited by g2i2r4, 19 June 2005 - 04:34 AM.



Posted Image
Life is what happens while you're making other plans




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users