Lumpy Posted January 15, 2006 Report Share Posted January 15, 2006 Logfile of HijackThis v1.99.1Scan saved at 3:08:07 PM, on 1/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\ahead\InCD\InCD.exeC:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Microsoft ActiveSync\WCESMgr.exeC:\Program Files\Microsoft Office\Office10\OUTLOOK.EXEC:\Program Files\mobile PhoneTools\mPhonetools.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\xint\xint.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\mIRC\mirc.exeC:\My Documents\Downloads\HijackThis.exeC:\My Documents\Downloads\HijackThis.exeC:\My Documents\Downloads\HijackThis.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exeO4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\System32\mmsvc32.exeO4 - HKLM\..\Run: [spools Service Controller] C:\WINDOWS\System32\spools.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exeO4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -winO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Win32 Classes - O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...r/ICSScanner37500.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9C0745B3-C514-4E53-B9DE-DBF96D6BE8E1}: NameServer = 66.94.25.120 66.94.9.120O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Link to post Share on other sites
Besttechie Posted January 15, 2006 Report Share Posted January 15, 2006 Hey Lump,Ok, let's clean up your machine.Close all windows except HJT and have it fix the following:O4 - HKLM\..\Run: [spools Service Controller] C:\WINDOWS\System32\spools.exeThen reboot, into safe mode and delete the following file in red (if present)C:\WINDOWS\System32\spools.exe <-- delete the file (if present)Then reboot again, back into normal mode, and run the following scan:Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a brand new HJT logGood luck! B Link to post Share on other sites
Lumpy Posted January 16, 2006 Author Report Share Posted January 16, 2006 ACTIVE SCAN RESULTSIncident Status Location Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.overture.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.toplist.cz/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.valueclick.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.hitbox.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.sexlist.com/] Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.paycounter.com/] Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.sexlist.com/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.ccbill.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.com.com/] Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.2o7.net/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.com.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.adtech.de/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.clickbank.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.phg.hitbox.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.advertising.com/] Spyware:Cookie/Hypercount Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.hypercount.com/] Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[.centrport.net/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[statse.webtrendslive.com/] Virus:W32/Gaobot.FED.worm Disinfected C:\WINDOWS\SYSTEM32\TFTP644 Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Lumpy\Application Data\Mozilla\Firefox\Profiles\bonkhvnn.default\cookies.txt[] ******************************************Logfile of HijackThis v1.99.1Scan saved at 7:30:51 PM, on 1/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\ahead\InCD\InCD.exeC:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Microsoft ActiveSync\WCESMgr.exeC:\Program Files\Microsoft Office\Office10\OUTLOOK.EXEC:\Program Files\mobile PhoneTools\mPhonetools.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\mIRC\mirc.exeC:\My Documents\Downloads\HijackThis.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exeO4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\System32\mmsvc32.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exeO4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -winO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Win32 Classes - O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37500.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9C0745B3-C514-4E53-B9DE-DBF96D6BE8E1}: NameServer = 66.94.25.120 66.94.9.120O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Link to post Share on other sites
Besttechie Posted January 16, 2006 Report Share Posted January 16, 2006 Ok, I missed something, due to the formatting of the first HJT log you posted.Close all windows except for HJT and have it fix the following:O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\System32\mmsvc32.exeThen reboot into safe mode again, delete the following file in red (if present)C:\WINDOWS\System32\mmsvc32.exe <-- delete the file (if present)Then reboot back into normal mode and post a brand new HJT log.Good luck! B Link to post Share on other sites
Lumpy Posted January 16, 2006 Author Report Share Posted January 16, 2006 hopefully the third time is a charmLogfile of HijackThis v1.99.1Scan saved at 8:21:19 PM, on 1/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\ahead\InCD\InCD.exeC:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\My Documents\Downloads\HijackThis.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Microsoft ActiveSync\WCESMgr.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exeO4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -winO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Win32 Classes - O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37500.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Link to post Share on other sites
Besttechie Posted January 16, 2006 Report Share Posted January 16, 2006 Your log looks clean now! Are you having any more problems? Please take a look at the prevention advice below, as it can help keep you from getting infected again. The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.SpywareBlaster - Great prevention tool to keep nasties from installing on your system.SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony KleinB Link to post Share on other sites
Besttechie Posted January 16, 2006 Report Share Posted January 16, 2006 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts