Law School Discussion

Nine Years of Discussion
;

Author Topic: Calling all computer geeks!!!  (Read 442 times)

namorcram

  • Full Member
  • ***
  • Posts: 16
    • View Profile
Re: Calling all computer geeks!!!
« Reply #10 on: November 29, 2004, 10:53:53 PM »
1. Spybot SD 1.3 : http://www.safer-networking.org/en/mirrors/index.html

Make sure you update all the signatures with the live update feature...

With SpyBot, make sure you use the "Immunize" feature, and enable the 2 resident protections available from within the advanced mode...this will help to alert you when something has been modified without your knowledge (and consent).

2. CWShredder : http://www.majorgeeks.com/download3019.html

These 2 apps, with AdAware, are a pretty good defense against spyware infections...

3. Delete all Windows and Internet Explorer Temp files as well.

4. You may have to boot into Safe mode and then run the apps in order to clean some of the crud out.

5. If these steps don't help, you pretty much have to use RegMon to determine what's accessing which system resources, and when.(http://www.sysinternals.com/ntw2k/source/regmon.shtml)

Good luck!

TLFKARG

  • Guest
Re: Calling all computer geeks!!!
« Reply #11 on: November 29, 2004, 11:32:01 PM »
1. Spybot SD 1.3 : http://www.safer-networking.org/en/mirrors/index.html

Make sure you update all the signatures with the live update feature...

With SpyBot, make sure you use the "Immunize" feature, and enable the 2 resident protections available from within the advanced mode...this will help to alert you when something has been modified without your knowledge (and consent).

2. CWShredder : http://www.majorgeeks.com/download3019.html

These 2 apps, with AdAware, are a pretty good defense against spyware infections...

3. Delete all Windows and Internet Explorer Temp files as well.

4. You may have to boot into Safe mode and then run the apps in order to clean some of the crud out.

5. If these steps don't help, you pretty much have to use RegMon to determine what's accessing which system resources, and when.(http://www.sysinternals.com/ntw2k/source/regmon.shtml)

Good luck!

This is my report from the CSW Shredder thingie:
 **** Run Keys ****

RUN: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
RUN: [AGRSMMSG] AGRSMMSG.exe
RUN: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
RUN: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
RUN: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
RUN: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
RUN: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
RUN: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
RUN: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
RUN: [EasyMessage] C:\Program Files\Easy Message\em2.exe
RUN: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
RUN: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
RUN: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
RUN: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
RUN: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
RUN: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
RUN: [Pdsb] C:\Documents and Settings\Owner\Application Data\tpte.exe
RUN: [Ltwejssv] C:\WINDOWS\system32\w?wexec.exe


 **** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO: [AcroIEHlprObj Class] C:\WINDOWS\system32\ntmxivge.dll
BHO: [AcroIEHlprObj Class] C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar1.dll
BHO: [CNavExtBho Class] C:\Program Files\Norton AntiVirus\NavShExt.dll


 **** IE Toolbars ****

TOOLBAR: [Norton AntiVirus] C:\Program Files\Norton AntiVirus\NavShExt.dll
TOOLBAR: [&Google] c:\program files\google\googletoolbar1.dll


 **** IE Extensions ****

IEExt: [] 
IEExt: [AIM] C:\Program Files\AIM95\aim.exe
IEExt: [Yahoo! Messenger] C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe


 **** Hosts File Entries ****



 **** IE Settings ****

Default Page: about:blank
Default Search: res://C:\WINDOWS\system32\rcaxs.dll/sp.html#37680
Local Page: C:\WINDOWS\system32\blank.htm
Search Bar: res://C:\WINDOWS\system32\rcaxs.dll/sp.html#37680
Search Page: res://C:\WINDOWS\system32\rcaxs.dll/sp.html#37680


 **** IE Context Menu (Right click) ****

IEContext: [&Google Search] res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
IEContext: [Backward Links] res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
IEContext: [Cached Snapshot of Page] res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
IEContext: [Similar Pages] res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
IEContext: [Translate into English] res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html


 **** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9EE1BAD3-795D-46C9-BB6A-1477C0FBED4B}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9EE1BAD3-795D-46C9-BB6A-1477C0FBED4B}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1999E433-03FE-4215-9860-87634E26839E}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1999E433-03FE-4215-9860-87634E26839E}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7FE83E69-323B-421B-BD42-9B867918D528}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7FE83E69-323B-421B-BD42-9B867918D528}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A2E3F25B-4A4B-462C-905F-4A2D4C529F2D}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A2E3F25B-4A4B-462C-905F-4A2D4C529F2D}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4A7E2316-398E-4C48-BB01-531F9BDC3F0F}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4A7E2316-398E-4C48-BB01-531F9BDC3F0F}] DATAGRAM 2


 **** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


 **** Downloaded Program Files ****

{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab]
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab]
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


 **** Custom IE Search Items ****

SEARCH: [SearchAssistant] res://C:\WINDOWS\system32\rcaxs.dll/sp.html#37680
SEARCH: [SearchAssistant] res://C:\WINDOWS\system32\rcaxs.dll/sp.html#37680
SEARCH: [CustomizeSearch] http://ie.search.msn.com

What the hell does it all mean?  What do I do with it?

namorcram

  • Full Member
  • ***
  • Posts: 16
    • View Profile
Re: Calling all computer geeks!!!
« Reply #12 on: November 30, 2004, 12:08:31 AM »
It looks like you ran the "Make Report" option, which in and of itself doesn't help to repair anything...

When you bring up CWShredder, just click on "Fix", and then when it's done, click on "Next". There you'll see if the app found anything suspect. Then just click on "Exit" to close the app; I don't use any of it's other premium features, and don't know how they actually stack up against other, similar apps.

Did SpyBot find anything either? Just curious - let me know! :)