Re: Semi-Admin...?



Spybot S & D (www.safer-networking.org)
is a MUST..! Brilliant - Thanks
Gerry

A list of problems and Stuff it found - *** That Norton Protection
Center Missed all together ******
--- Report generated: 2008-11-17 15:44 ---
Hint of the Day:
<<By Andrew>> Use SpyBotSD it gives you faith for free.

TangoDialer: [SBI $DBCD6571] RAS profile (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3753607005-2113850480-608942586-1006\RemoteAccess\Profile\XXXServer

Win32.Agent.pz: [SBI $21176E4B] Settings (Registry value, nothing
done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\{02FFAC45-0B10-5633-4296-1801F1A36678}

Win32.Agent.pz: [SBI $4F1806B3] Settings (Registry value, nothing
done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\{6780A29E-6A18-0C70-1DFF-1610DDE00108}

Win32.Agent.pz: [SBI $ED4906DB] Settings (Registry value, nothing
done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\{F710FA10-2031-3106-8872-93A2B5C5C620}

Smitfraud-C.gp: [SBI $A61C878B] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Mozilla\MSFox

Microsoft.Windows.Explorer: [SBI $F1AA2176] User settings (Registry
change, nothing done)
HKEY_USERS\S-1-5-21-3753607005-2113850480-608942586-1006\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff

Microsoft.Windows.Explorer: [SBI $DA080EA7] User settings (Registry
change, nothing done)
HKEY_USERS\S-1-5-21-3753607005-2113850480-608942586-1006\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings
(Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Microsoft.WindowsSecurityCenter.RegistryTools: [SBI $D60CD1E3]
Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3753607005-2113850480-608942586-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools

Delf.Spool.cn: [SBI $D357F13F] Executable (File, nothing done)
C:\WINDOWS\SYSTEM32\delself.bat

PWS.LDPinchIE: [SBI $32D83D62] User settings (Registry value, nothing
done)
HKEY_USERS\S-1-5-21-3753607005-2113850480-608942586-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\idstrf

Winsoftware.Common: [SBI $C4F141FA] Settings (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wff

Winsoftware.Common: [SBI $AD9AD01E] Application ID (Registry key,
nothing done)
HKEY_CLASSES_ROOT\AppID\FileCreationFilter.DLL

Winsoftware.Common: [SBI $4A372843] Application ID (Registry key,
nothing done)
HKEY_CLASSES_ROOT\AppID\{4D05A335-1A1C-46B3-BCFF-7F25B326895C}

Winsoftware.Common: [SBI $488E40E4] Type library (Registry key,
nothing done)
HKEY_CLASSES_ROOT\TypeLib\{4D05A335-1A1C-46B3-BCFF-7F25B326895C}

Winsoftware.Common: [SBI $564AF7D0] Library (File, nothing done)
C:\WINDOWS\SYSTEM32\DRIVERS\WFF.sys

Winsoftware.WinAntiVirus2005pro: [SBI $A3DC21BD] Program group
(Directory, nothing done)
C:\Documents and Settings\All Users\Application
Data\WinSoftware\WinAntiVirus 2005 Pro\

Zlob.Downloader.bit: [SBI $12A26DDA] Installer (File, nothing done)
c:\autorun.inf

***** Cleared all using the FIX Button *****
Re-Start PC - And so far all is repaired in Andrew Land again.
Will check further but am very confident.
Will do a System Backup (System Restore and RegBackup) to CD or DVD.

Absolutly loads of praise.. All hail Gerry.
An Overjoyed
Andrew

"Gerry" <gerry@xxxxxxxxxx> wrote in message
news:ebRi5IKSJHA.1484@xxxxxxxxxxxxxxxxxxxxxxx
| Andrew
| Try this link:
| http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
| One of the links you posted earlier brings up an invitation to run a
| file, which does not feel right.
|
| Can you run Norton in Safe Mode?
|
| Are you able to download and run Spybot S & D?
| there is a freeware version buried in this link:
| http://www.safer-networking.org/en/spybotsd/index.html
|
| If it lists a number of trojans it is likely that you have an
| infestation.
<Snipped>
| Hope this helps.
| Gerry
| ~~~~
| FCA
| Stourport, England
| Enquire, plan and execute
| ~~~~~~~~~~~~~~~~~~~
|


.



Relevant Pages

  • AntivirusDisableNotify
    ... SpyBot tells this is a "Registry Change". ... Should I accept Spybot's advice and agree to let it "fix" the registry? ... is it a "registry change". ...
    (microsoft.public.windowsxp.general)
  • Summary (was Re: Ok, so Im a lazy moron - Explorer crashes at startup)
    ... ALWAYS with a/v, Spybot and AAW. ... Up to date CWShredder finds nothing (even in Safe Mode). ... Data source object exploit (Registry change, ... a LOT of stuff loading but all the extra stuff appears to me tablet PC ...
    (microsoft.public.windowsxp.general)
  • Re: New computer, which security software?
    ... Spybot would be a good additional spyware scanner. ... Be Clean is the best ... To protext your XP from sending stuff home to MS I advice XP Antispy ... RegSeeker is the only genue registry scanner that can somehow ...
    (alt.computer.security)
  • Re: OT - Win XP .. http://www.safer-networking.org/ SPYBOT !!!!!!
    ... including startup shit. ... Having just downloaded spybot from the link you posted, I've installed it and so far every time I've tried to run it I've had to invoke Program ... info that their malware was so deeply embedded into the registry ... Did I mention that you can try Windows Defender, a free download from Microsoft? ...
    (alt.guitar.amps)
  • tweaking software...to tweak or not to tweak
    ... There's all this tweaking software out there like Spybot, ... problems with registry ... they do...not even their own programs uninstall completely ...
    (microsoft.public.security)