Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Not sure whats wrong...

  1. #11
    Member
    Join Date
    Mar 2007
    Location
    Bangor, ME USA
    Posts
    29

    Thumbs up Accomplished 1 thing

    I did get IE to stop starting up and whenever I tried to quit it (using the end processes) I would keep coming up with the CornBash thingy
    Mic

  2. #12
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Mic, you have quite a bit of the junk that should be gone still in this HJT log:

    Logfile of HijackThis v1.99.1 Scan saved at 8:24:34 PM, on 3/7/2007

    Are you positive you have not posted an old HJT log? Much of the junk is still in the log? When did you scan for the newest log?

    I will post these instructions again, be very sure both of these programs are turned off. If the stuff is still in the log when you scan again, then uninstall Ad-Watch and run the proceedure again. Understand if one of the programs is NOT blocking the change then you may not be following the directions so be careful.

    1) It is hard to make changes with Ad-Watch running and at times it even has to be uninstalled, so this for now:
    Ad-Aware Ad-Watch
    Right click on the Ad-Watch icon in the system tray.
    At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    Active: This will turn Ad-Watch On\Off without closing it
    Automatic: Suspicious activity will be blocked automatically
    Uncheck both of those boxes

    2) AVG Anti-Spyware: Deactivate the Resident Shield
    - Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
    - To do this, click "Change State" to the right of the Resident Shield option in the main window.
    - You will clearly see the status change to Inactive if you have done this correctly.

    3) Be sure all files and folder are unhidden, you will not see the LOP folder unless this is done:
    http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    O4 - HKLM\..\Run: [Body curb tons clock] C:\Documents and Settings\All Users.WINDOWS\Application Data\holddefybodycurb\MemoFirst.exe
    O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
    O4 - HKCU\..\Run: [Multi Plus] C:\DOCUME~1\BTNUSE~1\APPLIC~1\PARTBA~1\corn bash safe.exe
    O21 - SSODL: CDRecorder029 - {A3BC5E20-0235-1ABF-9CE1-00AA00512029} - (no file)


    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    RIGHT Click on Start then click on Explore. Locate and delete these items:

    C:\WINDOWS\system32\spoolsvv.exe <<< delete that file
    C:\Documents and Settings\All Users.WINDOWS\Application Data\holddefybodycurb\ <<< delete that folder

    C:\DOCUMENTS & SETTINGS~1\BTNUSE~1\APPLIC~1\PARTBA~1\ <<< delete that folder

    Restart the computer and post a new HJT log.

    I would also like to take a look at a Blacklight scan, follow these directions and post the scan results along with that HJT log:
    Please download F-Secure BlackLight Beta:
    https://europe.f-secure.com/exclude/...ht/index.shtml

    Save it to its own folder in the Desktop
    Double-click blbeta.exe to run the program
    Click : Scan
    A list of all items found is created

    The list is in the BlackLight folder on the Desktop, and named fsbl.xxxxxxx.log (xxxxxxx are numbers).

    Please provide the log created by BlackLight in your next reply.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #13
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    I did get IE to stop starting up and whenever I tried to quit it (using the end processes) I would keep coming up with the CornBash thingy
    This is because you have not removed it from the computer yet! It appears NoLop removed part of the problem but the rest must be removed manually, and it will do not good to tell me you can not find it. The junk is there, and you must find and remove it. If you have to use search companion to locate the junk.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  4. #14
    Member
    Join Date
    Mar 2007
    Location
    Bangor, ME USA
    Posts
    29

    Default Ie

    IE fixed Working on getting the BLbeta log.
    Mic

  5. #15
    Member
    Join Date
    Mar 2007
    Location
    Bangor, ME USA
    Posts
    29

    Question Logs sked for

    03/09/07 07:08:05 [Info]: BlackLight Engine 1.0.55 initialized
    03/09/07 07:08:05 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    03/09/07 07:08:05 [Note]: 7019 4
    03/09/07 07:08:05 [Note]: 7005 0
    03/09/07 07:08:11 [Note]: 7006 0
    03/09/07 07:08:11 [Note]: 7011 1328
    03/09/07 07:08:12 [Note]: 7026 0
    03/09/07 07:08:13 [Note]: 7026 0
    03/09/07 07:08:55 [Note]: FSRAW library version 1.7.1021
    03/09/07 07:08:58 [Note]: 4000 5
    03/09/07 07:08:59 [Note]: 4000 5
    03/09/07 07:08:59 [Note]: 4000 5
    03/09/07 07:09:00 [Note]: 4000 5
    03/09/07 07:09:01 [Note]: 4000 5
    03/09/07 07:09:02 [Note]: 4000 5
    03/09/07 07:09:03 [Note]: 4000 5
    03/09/07 07:09:04 [Note]: 4000 5
    03/09/07 07:09:06 [Note]: 4000 5
    03/09/07 07:09:09 [Note]: 4000 5
    03/09/07 07:09:10 [Note]: 4000 5
    03/09/07 07:09:11 [Note]: 4000 5
    03/09/07 07:09:12 [Note]: 4000 5
    03/09/07 07:09:13 [Note]: 4000 5
    03/09/07 07:09:14 [Note]: 4000 5
    03/09/07 07:09:14 [Note]: 4000 5
    03/09/07 07:09:16 [Note]: 4000 5
    03/09/07 07:09:17 [Note]: 4000 5
    03/09/07 07:09:17 [Note]: 4000 5
    03/09/07 07:09:18 [Note]: 4000 5
    03/09/07 07:09:21 [Note]: 4000 5
    03/09/07 07:09:22 [Note]: 4000 5
    03/09/07 07:09:23 [Note]: 4000 5
    03/09/07 07:09:24 [Note]: 4000 5
    03/09/07 07:09:25 [Note]: 4000 5
    03/09/07 07:09:25 [Note]: 4000 5
    03/09/07 07:09:26 [Note]: 4000 5
    03/09/07 07:09:27 [Note]: 4000 5
    03/09/07 07:09:28 [Note]: 4000 5
    03/09/07 07:09:29 [Note]: 4000 5
    03/09/07 07:09:30 [Note]: 4000 5
    03/09/07 07:09:31 [Note]: 4000 5
    03/09/07 07:09:33 [Note]: 4000 5
    03/09/07 07:09:35 [Note]: 4000 5
    03/09/07 07:09:36 [Note]: 4000 5
    03/09/07 07:09:37 [Note]: 4000 5
    03/09/07 07:09:38 [Note]: 4000 5
    03/09/07 07:09:39 [Note]: 4000 5
    03/09/07 07:09:41 [Note]: 4000 5
    03/09/07 07:09:42 [Note]: 4000 5
    03/09/07 07:09:43 [Note]: 4000 5
    03/09/07 07:09:44 [Note]: 4000 5
    03/09/07 07:09:47 [Note]: 4000 5
    03/09/07 07:09:50 [Note]: 4000 5
    03/09/07 07:09:53 [Note]: 4000 5
    03/09/07 07:09:56 [Note]: 4000 5
    03/09/07 07:09:59 [Note]: 4000 5
    03/09/07 07:10:01 [Note]: 4000 5
    03/09/07 07:10:04 [Note]: 4000 5
    03/09/07 07:10:07 [Note]: 4000 5
    03/09/07 07:10:10 [Note]: 4000 5
    03/09/07 07:10:13 [Note]: 4000 5
    03/09/07 07:10:16 [Note]: 4000 5
    03/09/07 07:10:19 [Note]: 4000 5
    03/09/07 07:10:22 [Note]: 4000 5
    03/09/07 07:10:25 [Note]: 4000 5
    03/09/07 07:10:28 [Note]: 4000 5
    03/09/07 07:10:31 [Note]: 4000 5
    03/09/07 07:10:34 [Note]: 4000 5
    03/09/07 07:10:37 [Note]: 4000 5
    03/09/07 07:10:40 [Note]: 4000 5
    03/09/07 07:10:43 [Note]: 4000 5
    03/09/07 07:10:46 [Note]: 4000 5
    03/09/07 07:10:49 [Note]: 4000 5
    03/09/07 07:10:52 [Note]: 4000 5
    03/09/07 07:10:56 [Note]: 4000 5
    03/09/07 07:10:59 [Note]: 4000 5
    03/09/07 07:11:02 [Note]: 4000 5
    03/09/07 07:11:05 [Note]: 4000 5
    03/09/07 07:11:08 [Note]: 4000 5
    03/09/07 07:11:12 [Note]: 4000 5
    03/09/07 07:11:15 [Note]: 4000 5
    03/09/07 07:11:18 [Note]: 4000 5
    03/09/07 07:11:21 [Note]: 4000 5
    03/09/07 07:11:25 [Note]: 4000 5
    03/09/07 07:11:28 [Note]: 4000 5
    03/09/07 07:11:31 [Note]: 4000 5
    03/09/07 07:11:34 [Note]: 4000 5
    03/09/07 07:11:38 [Note]: 4000 5
    03/09/07 07:11:42 [Note]: 4000 5
    03/09/07 07:11:45 [Note]: 4000 5
    03/09/07 07:11:49 [Note]: 4000 5
    03/09/07 07:11:52 [Note]: 4000 5
    03/09/07 07:11:55 [Note]: 4000 5
    03/09/07 07:11:58 [Note]: 4000 5
    03/09/07 07:12:01 [Note]: 4000 5
    03/09/07 07:12:04 [Note]: 4000 5
    03/09/07 07:12:07 [Note]: 4000 5
    03/09/07 07:12:10 [Note]: 4000 5
    03/09/07 07:12:14 [Note]: 4000 5
    03/09/07 07:12:17 [Note]: 4000 5
    03/09/07 07:12:21 [Note]: 4000 5
    03/09/07 07:12:24 [Note]: 4000 5
    03/09/07 07:12:27 [Note]: 4000 5
    03/09/07 07:12:30 [Note]: 4000 5
    03/09/07 07:12:33 [Note]: 4000 5
    03/09/07 07:12:34 [Note]: 4000 5
    03/09/07 07:12:35 [Note]: 4000 5
    03/09/07 07:12:37 [Note]: 4000 5
    03/09/07 07:12:38 [Note]: 4000 5
    03/09/07 07:12:40 [Note]: 4000 5
    03/09/07 07:12:41 [Note]: 4000 5
    03/09/07 07:12:43 [Note]: 4000 5
    03/09/07 07:12:46 [Note]: 4000 5
    03/09/07 07:12:49 [Note]: 4000 5
    03/09/07 07:12:52 [Note]: 4000 5
    03/09/07 07:12:56 [Note]: 4000 5
    03/09/07 07:13:00 [Note]: 4000 5
    03/09/07 07:13:03 [Note]: 4000 5
    03/09/07 07:13:06 [Note]: 4000 5
    03/09/07 07:13:10 [Note]: 4000 5
    03/09/07 07:13:13 [Note]: 4000 5
    03/09/07 07:13:16 [Note]: 4000 5
    03/09/07 07:13:19 [Note]: 4000 5
    03/09/07 07:13:24 [Note]: 4000 5
    03/09/07 07:13:27 [Note]: 4000 5
    03/09/07 07:13:30 [Note]: 4000 5
    03/09/07 07:13:34 [Note]: 4000 5
    03/09/07 07:13:37 [Note]: 4000 5
    03/09/07 07:13:40 [Note]: 4000 5
    03/09/07 07:13:44 [Note]: 4000 5
    03/09/07 07:13:47 [Note]: 4000 5
    03/09/07 07:13:50 [Note]: 4000 5
    03/09/07 07:13:53 [Note]: 4000 5
    03/09/07 07:13:55 [Note]: 4000 5
    03/09/07 07:13:58 [Note]: 4000 5
    03/09/07 07:14:00 [Note]: 4000 5
    03/09/07 07:14:03 [Note]: 4000 5
    03/09/07 07:14:05 [Note]: 4000 5
    03/09/07 07:14:08 [Note]: 4000 5
    03/09/07 07:14:10 [Note]: 4000 5
    03/09/07 07:14:13 [Note]: 4000 5
    03/09/07 07:14:16 [Note]: 4000 5
    03/09/07 07:14:19 [Note]: 4000 5
    03/09/07 07:14:22 [Note]: 4000 5
    03/09/07 07:14:23 [Note]: 4000 5
    03/09/07 07:14:25 [Note]: 4000 5
    03/09/07 07:14:26 [Note]: 4000 5
    03/09/07 07:14:27 [Note]: 4000 5
    03/09/07 07:14:29 [Note]: 4000 5
    03/09/07 07:14:30 [Note]: 4000 5
    03/09/07 07:14:31 [Note]: 4000 5
    03/09/07 07:14:34 [Note]: 4000 5
    03/09/07 07:14:36 [Note]: 4000 5
    03/09/07 07:14:38 [Note]: 4000 5
    03/09/07 07:14:39 [Note]: 4000 5
    03/09/07 07:14:40 [Note]: 4000 5
    03/09/07 07:14:42 [Note]: 4000 5
    03/09/07 07:14:43 [Note]: 4000 5
    03/09/07 07:14:45 [Note]: 4000 5
    03/09/07 07:14:47 [Note]: 4000 5
    03/09/07 07:14:50 [Note]: 4000 5
    03/09/07 07:14:54 [Note]: 4000 5
    03/09/07 07:14:57 [Note]: 4000 5
    03/09/07 07:15:01 [Note]: 4000 5
    03/09/07 07:15:05 [Note]: 4000 5
    03/09/07 07:15:08 [Note]: 4000 5
    03/09/07 07:15:13 [Note]: 4000 5
    03/09/07 07:15:17 [Note]: 4000 5
    03/09/07 07:15:20 [Note]: 4000 5
    03/09/07 07:15:24 [Note]: 4000 5
    03/09/07 07:15:28 [Note]: 4000 5
    03/09/07 07:15:35 [Note]: 4000 5
    03/09/07 07:15:36 [Note]: 4000 5
    03/09/07 07:15:38 [Note]: 4000 5
    03/09/07 07:15:39 [Note]: 4000 5
    03/09/07 07:15:40 [Note]: 4000 5
    03/09/07 07:15:42 [Note]: 4000 5
    03/09/07 07:15:43 [Note]: 4000 5
    03/09/07 07:15:45 [Note]: 4000 5
    03/09/07 07:15:46 [Note]: 4000 5
    03/09/07 07:15:47 [Note]: 4000 5
    03/09/07 07:15:49 [Note]: 4000 5
    03/09/07 07:15:51 [Note]: 4000 5
    03/09/07 07:15:52 [Note]: 4000 5
    03/09/07 07:15:54 [Note]: 4000 5
    03/09/07 07:15:56 [Note]: 4000 5
    03/09/07 07:15:59 [Note]: 4000 5
    03/09/07 07:16:01 [Note]: 4000 5
    03/09/07 07:16:05 [Note]: 4000 5
    03/09/07 07:16:08 [Note]: 4000 5
    03/09/07 07:16:10 [Note]: 4000 5
    03/09/07 07:16:12 [Note]: 4000 5
    03/09/07 07:16:16 [Note]: 4000 5
    03/09/07 07:16:18 [Note]: 4000 5
    03/09/07 07:16:21 [Note]: 4000 5
    03/09/07 07:16:24 [Note]: 4000 5
    03/09/07 07:16:25 [Note]: 4000 5
    03/09/07 07:16:27 [Note]: 4000 5
    03/09/07 07:16:29 [Note]: 4000 5
    03/09/07 07:16:31 [Note]: 4000 5
    03/09/07 07:16:34 [Note]: 4000 5
    03/09/07 07:16:38 [Note]: 4000 5
    03/09/07 07:16:40 [Note]: 4000 5
    03/09/07 07:16:42 [Note]: 4000 5
    03/09/07 07:16:44 [Note]: 4000 5
    03/09/07 07:16:48 [Note]: 4000 5
    03/09/07 07:16:51 [Note]: 4000 5
    03/09/07 07:16:54 [Note]: 4000 5
    03/09/07 07:16:58 [Note]: 4000 5
    03/09/07 07:17:01 [Note]: 4000 5
    03/09/07 07:17:05 [Note]: 4000 5
    03/09/07 07:17:08 [Note]: 4000 5
    03/09/07 07:17:12 [Note]: 4000 5
    03/09/07 07:17:15 [Note]: 4000 5
    03/09/07 07:17:18 [Note]: 4000 5
    03/09/07 07:17:22 [Note]: 4000 5
    03/09/07 07:17:25 [Note]: 4000 5
    03/09/07 07:17:28 [Note]: 4000 5
    03/09/07 07:17:29 [Note]: 4000 5
    03/09/07 07:17:31 [Note]: 4000 5
    03/09/07 07:17:34 [Note]: 4000 5
    03/09/07 07:17:39 [Note]: 4000 5
    03/09/07 07:17:41 [Note]: 4000 5
    03/09/07 07:17:43 [Note]: 4000 5
    03/09/07 07:17:45 [Note]: 4000 5
    03/09/07 07:17:47 [Note]: 4000 5
    03/09/07 07:17:49 [Note]: 4000 5
    03/09/07 07:17:53 [Note]: 4000 5
    03/09/07 07:17:56 [Note]: 4000 5
    03/09/07 07:18:00 [Note]: 4000 5
    03/09/07 07:18:02 [Note]: 4000 5
    03/09/07 07:18:03 [Note]: 4000 5
    03/09/07 07:18:05 [Note]: 4000 5
    03/09/07 07:18:07 [Note]: 4000 5
    03/09/07 07:18:10 [Note]: 4000 5
    03/09/07 07:18:17 [Note]: 4000 5
    03/09/07 07:18:24 [Note]: 4000 5
    03/09/07 07:18:28 [Note]: 4000 5
    03/09/07 07:18:52 [Note]: 4000 5
    03/09/07 07:18:56 [Note]: 4000 5
    03/09/07 07:18:59 [Note]: 4000 5
    03/09/07 07:19:03 [Note]: 4000 5
    03/09/07 07:19:07 [Note]: 4000 5
    03/09/07 07:19:40 [Note]: 4000 5
    03/09/07 07:19:59 [Note]: 4000 5
    03/09/07 07:20:09 [Note]: 4000 5
    03/09/07 07:20:27 [Note]: 4000 5
    03/09/07 07:20:45 [Note]: 4000 5
    03/09/07 07:21:04 [Note]: 4000 5
    03/09/07 07:21:16 [Note]: 4000 5
    03/09/07 07:21:28 [Note]: 4000 5
    03/09/07 07:21:57 [Note]: 4000 5
    03/09/07 07:22:19 [Note]: 4000 5
    03/09/07 07:22:46 [Note]: 4000 5
    03/09/07 07:23:14 [Note]: 4000 5
    03/09/07 07:23:41 [Note]: 4000 5
    03/09/07 07:24:05 [Note]: 4000 5
    03/09/07 07:24:08 [Note]: 4000 5
    03/09/07 07:24:12 [Note]: 4000 5
    03/09/07 07:24:18 [Note]: 4020 5 0
    03/09/07 07:24:18 [Note]: 4018 5 0
    03/09/07 07:24:21 [Note]: 4020 5 0
    03/09/07 07:24:21 [Note]: 4018 5 0
    03/09/07 07:24:24 [Note]: 4020 5 0
    03/09/07 07:24:24 [Note]: 4018 5 0
    03/09/07 08:17:51 [Note]: 7007 0

    HJT
    Logfile of HijackThis v1.99.1
    Scan saved at 7:01:10 AM, on 3/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Three Rings Design\Puzzle Pirates\java\bin\javaw.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Micah's Internet Explorer
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programs\Java\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
    O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
    O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\bin\ssv.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


    Mic
    Mic

  6. #16
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for the information. Though the Blacklight is showing no infections, I have never seen a report quite like that. How is the computer running?

    The HJT log appears to be clean of malware, if things are back to normal I would say you are good to go. Let's do this:
    System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

    http://pcpitstop.com/spycheck/eula.asp <<< see this information, make sure everyone who users your computer reads it.

    Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #17
    Member
    Join Date
    Mar 2007
    Location
    Bangor, ME USA
    Posts
    29

    Default Comp

    It still has the toolbar menu (the one where I right click the taskbar) grayed out. .. even after several reboots. I ran AVG Antispyware, AVG Antivirus and ADAware and they came out clean .. /e thinks bout a new installation of windows

    Also still not able to access the folder options. Can see hidden files/folders now though. wasn't able to before. Some options are grayed out.

    Mic
    Mic

  8. #18
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Mic, these are probably setting that the malware that was on your computer changed, if you want to reinstall Windows to fix it, that is your option. Try to describe exactly what is happening.
    Don't be afraid to ask google for help, like
    can't access folder options
    http://www.google.com/search?q=can%2...e7&rlz=1I7GGLG
    I am running Windows XP Pro SP2 with IE7. If you describe what you are doing step by step I will try to duplicate it to see if I can spot why it is happening.

    Have a look here: http://www.google.com/search?q=reset...e7&rlz=1I7GGLG and especially here:
    http://www.kellys-korner-xp.com/xp_tweaks.htm

    Keep me posted
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  9. #19
    Member
    Join Date
    Mar 2007
    Location
    Bangor, ME USA
    Posts
    29

    Thumbs up Clean :): :D:

    I'm clean and I found out a tool on kellys-korner to restore my folder options and taskbar menus :
    Thanks, mate.

    Thanks for all the work you guys do and hopefully I will be joining you guys very soon.
    Mic
    Mic

  10. #20
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    As the problem appears to be resolved this topic has been closed.

    If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

    Anyone else with similar problems please start a new topic.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •