I did get IE to stop starting up and whenever I tried to quit it (using the end processes) I would keep coming up with the CornBash thingy
I did get IE to stop starting up and whenever I tried to quit it (using the end processes) I would keep coming up with the CornBash thingy
Mic
Mic, you have quite a bit of the junk that should be gone still in this HJT log:
Logfile of HijackThis v1.99.1 Scan saved at 8:24:34 PM, on 3/7/2007
Are you positive you have not posted an old HJT log? Much of the junk is still in the log? When did you scan for the newest log?
I will post these instructions again, be very sure both of these programs are turned off. If the stuff is still in the log when you scan again, then uninstall Ad-Watch and run the proceedure again. Understand if one of the programs is NOT blocking the change then you may not be following the directions so be careful.
1) It is hard to make changes with Ad-Watch running and at times it even has to be uninstalled, so this for now:
Ad-Aware Ad-Watch
Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both of those boxes
2) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.
3) Be sure all files and folder are unhidden, you will not see the LOP folder unless this is done:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [Body curb tons clock] C:\Documents and Settings\All Users.WINDOWS\Application Data\holddefybodycurb\MemoFirst.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKCU\..\Run: [Multi Plus] C:\DOCUME~1\BTNUSE~1\APPLIC~1\PARTBA~1\corn bash safe.exe
O21 - SSODL: CDRecorder029 - {A3BC5E20-0235-1ABF-9CE1-00AA00512029} - (no file)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\system32\spoolsvv.exe <<< delete that file
C:\Documents and Settings\All Users.WINDOWS\Application Data\holddefybodycurb\ <<< delete that folder
C:\DOCUMENTS & SETTINGS~1\BTNUSE~1\APPLIC~1\PARTBA~1\ <<< delete that folder
Restart the computer and post a new HJT log.
I would also like to take a look at a Blacklight scan, follow these directions and post the scan results along with that HJT log:
Please download F-Secure BlackLight Beta:
https://europe.f-secure.com/exclude/...ht/index.shtml
Save it to its own folder in the Desktop
Double-click blbeta.exe to run the program
Click : Scan
A list of all items found is created
The list is in the BlackLight folder on the Desktop, and named fsbl.xxxxxxx.log (xxxxxxx are numbers).
Please provide the log created by BlackLight in your next reply.
Thanks
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
This is because you have not removed it from the computer yet! It appears NoLop removed part of the problem but the rest must be removed manually, and it will do not good to tell me you can not find it. The junk is there, and you must find and remove it. If you have to use search companion to locate the junk.I did get IE to stop starting up and whenever I tried to quit it (using the end processes) I would keep coming up with the CornBash thingy
Thanks
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
IE fixed Working on getting the BLbeta log.
Mic
03/09/07 07:08:05 [Info]: BlackLight Engine 1.0.55 initialized
03/09/07 07:08:05 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/09/07 07:08:05 [Note]: 7019 4
03/09/07 07:08:05 [Note]: 7005 0
03/09/07 07:08:11 [Note]: 7006 0
03/09/07 07:08:11 [Note]: 7011 1328
03/09/07 07:08:12 [Note]: 7026 0
03/09/07 07:08:13 [Note]: 7026 0
03/09/07 07:08:55 [Note]: FSRAW library version 1.7.1021
03/09/07 07:08:58 [Note]: 4000 5
03/09/07 07:08:59 [Note]: 4000 5
03/09/07 07:08:59 [Note]: 4000 5
03/09/07 07:09:00 [Note]: 4000 5
03/09/07 07:09:01 [Note]: 4000 5
03/09/07 07:09:02 [Note]: 4000 5
03/09/07 07:09:03 [Note]: 4000 5
03/09/07 07:09:04 [Note]: 4000 5
03/09/07 07:09:06 [Note]: 4000 5
03/09/07 07:09:09 [Note]: 4000 5
03/09/07 07:09:10 [Note]: 4000 5
03/09/07 07:09:11 [Note]: 4000 5
03/09/07 07:09:12 [Note]: 4000 5
03/09/07 07:09:13 [Note]: 4000 5
03/09/07 07:09:14 [Note]: 4000 5
03/09/07 07:09:14 [Note]: 4000 5
03/09/07 07:09:16 [Note]: 4000 5
03/09/07 07:09:17 [Note]: 4000 5
03/09/07 07:09:17 [Note]: 4000 5
03/09/07 07:09:18 [Note]: 4000 5
03/09/07 07:09:21 [Note]: 4000 5
03/09/07 07:09:22 [Note]: 4000 5
03/09/07 07:09:23 [Note]: 4000 5
03/09/07 07:09:24 [Note]: 4000 5
03/09/07 07:09:25 [Note]: 4000 5
03/09/07 07:09:25 [Note]: 4000 5
03/09/07 07:09:26 [Note]: 4000 5
03/09/07 07:09:27 [Note]: 4000 5
03/09/07 07:09:28 [Note]: 4000 5
03/09/07 07:09:29 [Note]: 4000 5
03/09/07 07:09:30 [Note]: 4000 5
03/09/07 07:09:31 [Note]: 4000 5
03/09/07 07:09:33 [Note]: 4000 5
03/09/07 07:09:35 [Note]: 4000 5
03/09/07 07:09:36 [Note]: 4000 5
03/09/07 07:09:37 [Note]: 4000 5
03/09/07 07:09:38 [Note]: 4000 5
03/09/07 07:09:39 [Note]: 4000 5
03/09/07 07:09:41 [Note]: 4000 5
03/09/07 07:09:42 [Note]: 4000 5
03/09/07 07:09:43 [Note]: 4000 5
03/09/07 07:09:44 [Note]: 4000 5
03/09/07 07:09:47 [Note]: 4000 5
03/09/07 07:09:50 [Note]: 4000 5
03/09/07 07:09:53 [Note]: 4000 5
03/09/07 07:09:56 [Note]: 4000 5
03/09/07 07:09:59 [Note]: 4000 5
03/09/07 07:10:01 [Note]: 4000 5
03/09/07 07:10:04 [Note]: 4000 5
03/09/07 07:10:07 [Note]: 4000 5
03/09/07 07:10:10 [Note]: 4000 5
03/09/07 07:10:13 [Note]: 4000 5
03/09/07 07:10:16 [Note]: 4000 5
03/09/07 07:10:19 [Note]: 4000 5
03/09/07 07:10:22 [Note]: 4000 5
03/09/07 07:10:25 [Note]: 4000 5
03/09/07 07:10:28 [Note]: 4000 5
03/09/07 07:10:31 [Note]: 4000 5
03/09/07 07:10:34 [Note]: 4000 5
03/09/07 07:10:37 [Note]: 4000 5
03/09/07 07:10:40 [Note]: 4000 5
03/09/07 07:10:43 [Note]: 4000 5
03/09/07 07:10:46 [Note]: 4000 5
03/09/07 07:10:49 [Note]: 4000 5
03/09/07 07:10:52 [Note]: 4000 5
03/09/07 07:10:56 [Note]: 4000 5
03/09/07 07:10:59 [Note]: 4000 5
03/09/07 07:11:02 [Note]: 4000 5
03/09/07 07:11:05 [Note]: 4000 5
03/09/07 07:11:08 [Note]: 4000 5
03/09/07 07:11:12 [Note]: 4000 5
03/09/07 07:11:15 [Note]: 4000 5
03/09/07 07:11:18 [Note]: 4000 5
03/09/07 07:11:21 [Note]: 4000 5
03/09/07 07:11:25 [Note]: 4000 5
03/09/07 07:11:28 [Note]: 4000 5
03/09/07 07:11:31 [Note]: 4000 5
03/09/07 07:11:34 [Note]: 4000 5
03/09/07 07:11:38 [Note]: 4000 5
03/09/07 07:11:42 [Note]: 4000 5
03/09/07 07:11:45 [Note]: 4000 5
03/09/07 07:11:49 [Note]: 4000 5
03/09/07 07:11:52 [Note]: 4000 5
03/09/07 07:11:55 [Note]: 4000 5
03/09/07 07:11:58 [Note]: 4000 5
03/09/07 07:12:01 [Note]: 4000 5
03/09/07 07:12:04 [Note]: 4000 5
03/09/07 07:12:07 [Note]: 4000 5
03/09/07 07:12:10 [Note]: 4000 5
03/09/07 07:12:14 [Note]: 4000 5
03/09/07 07:12:17 [Note]: 4000 5
03/09/07 07:12:21 [Note]: 4000 5
03/09/07 07:12:24 [Note]: 4000 5
03/09/07 07:12:27 [Note]: 4000 5
03/09/07 07:12:30 [Note]: 4000 5
03/09/07 07:12:33 [Note]: 4000 5
03/09/07 07:12:34 [Note]: 4000 5
03/09/07 07:12:35 [Note]: 4000 5
03/09/07 07:12:37 [Note]: 4000 5
03/09/07 07:12:38 [Note]: 4000 5
03/09/07 07:12:40 [Note]: 4000 5
03/09/07 07:12:41 [Note]: 4000 5
03/09/07 07:12:43 [Note]: 4000 5
03/09/07 07:12:46 [Note]: 4000 5
03/09/07 07:12:49 [Note]: 4000 5
03/09/07 07:12:52 [Note]: 4000 5
03/09/07 07:12:56 [Note]: 4000 5
03/09/07 07:13:00 [Note]: 4000 5
03/09/07 07:13:03 [Note]: 4000 5
03/09/07 07:13:06 [Note]: 4000 5
03/09/07 07:13:10 [Note]: 4000 5
03/09/07 07:13:13 [Note]: 4000 5
03/09/07 07:13:16 [Note]: 4000 5
03/09/07 07:13:19 [Note]: 4000 5
03/09/07 07:13:24 [Note]: 4000 5
03/09/07 07:13:27 [Note]: 4000 5
03/09/07 07:13:30 [Note]: 4000 5
03/09/07 07:13:34 [Note]: 4000 5
03/09/07 07:13:37 [Note]: 4000 5
03/09/07 07:13:40 [Note]: 4000 5
03/09/07 07:13:44 [Note]: 4000 5
03/09/07 07:13:47 [Note]: 4000 5
03/09/07 07:13:50 [Note]: 4000 5
03/09/07 07:13:53 [Note]: 4000 5
03/09/07 07:13:55 [Note]: 4000 5
03/09/07 07:13:58 [Note]: 4000 5
03/09/07 07:14:00 [Note]: 4000 5
03/09/07 07:14:03 [Note]: 4000 5
03/09/07 07:14:05 [Note]: 4000 5
03/09/07 07:14:08 [Note]: 4000 5
03/09/07 07:14:10 [Note]: 4000 5
03/09/07 07:14:13 [Note]: 4000 5
03/09/07 07:14:16 [Note]: 4000 5
03/09/07 07:14:19 [Note]: 4000 5
03/09/07 07:14:22 [Note]: 4000 5
03/09/07 07:14:23 [Note]: 4000 5
03/09/07 07:14:25 [Note]: 4000 5
03/09/07 07:14:26 [Note]: 4000 5
03/09/07 07:14:27 [Note]: 4000 5
03/09/07 07:14:29 [Note]: 4000 5
03/09/07 07:14:30 [Note]: 4000 5
03/09/07 07:14:31 [Note]: 4000 5
03/09/07 07:14:34 [Note]: 4000 5
03/09/07 07:14:36 [Note]: 4000 5
03/09/07 07:14:38 [Note]: 4000 5
03/09/07 07:14:39 [Note]: 4000 5
03/09/07 07:14:40 [Note]: 4000 5
03/09/07 07:14:42 [Note]: 4000 5
03/09/07 07:14:43 [Note]: 4000 5
03/09/07 07:14:45 [Note]: 4000 5
03/09/07 07:14:47 [Note]: 4000 5
03/09/07 07:14:50 [Note]: 4000 5
03/09/07 07:14:54 [Note]: 4000 5
03/09/07 07:14:57 [Note]: 4000 5
03/09/07 07:15:01 [Note]: 4000 5
03/09/07 07:15:05 [Note]: 4000 5
03/09/07 07:15:08 [Note]: 4000 5
03/09/07 07:15:13 [Note]: 4000 5
03/09/07 07:15:17 [Note]: 4000 5
03/09/07 07:15:20 [Note]: 4000 5
03/09/07 07:15:24 [Note]: 4000 5
03/09/07 07:15:28 [Note]: 4000 5
03/09/07 07:15:35 [Note]: 4000 5
03/09/07 07:15:36 [Note]: 4000 5
03/09/07 07:15:38 [Note]: 4000 5
03/09/07 07:15:39 [Note]: 4000 5
03/09/07 07:15:40 [Note]: 4000 5
03/09/07 07:15:42 [Note]: 4000 5
03/09/07 07:15:43 [Note]: 4000 5
03/09/07 07:15:45 [Note]: 4000 5
03/09/07 07:15:46 [Note]: 4000 5
03/09/07 07:15:47 [Note]: 4000 5
03/09/07 07:15:49 [Note]: 4000 5
03/09/07 07:15:51 [Note]: 4000 5
03/09/07 07:15:52 [Note]: 4000 5
03/09/07 07:15:54 [Note]: 4000 5
03/09/07 07:15:56 [Note]: 4000 5
03/09/07 07:15:59 [Note]: 4000 5
03/09/07 07:16:01 [Note]: 4000 5
03/09/07 07:16:05 [Note]: 4000 5
03/09/07 07:16:08 [Note]: 4000 5
03/09/07 07:16:10 [Note]: 4000 5
03/09/07 07:16:12 [Note]: 4000 5
03/09/07 07:16:16 [Note]: 4000 5
03/09/07 07:16:18 [Note]: 4000 5
03/09/07 07:16:21 [Note]: 4000 5
03/09/07 07:16:24 [Note]: 4000 5
03/09/07 07:16:25 [Note]: 4000 5
03/09/07 07:16:27 [Note]: 4000 5
03/09/07 07:16:29 [Note]: 4000 5
03/09/07 07:16:31 [Note]: 4000 5
03/09/07 07:16:34 [Note]: 4000 5
03/09/07 07:16:38 [Note]: 4000 5
03/09/07 07:16:40 [Note]: 4000 5
03/09/07 07:16:42 [Note]: 4000 5
03/09/07 07:16:44 [Note]: 4000 5
03/09/07 07:16:48 [Note]: 4000 5
03/09/07 07:16:51 [Note]: 4000 5
03/09/07 07:16:54 [Note]: 4000 5
03/09/07 07:16:58 [Note]: 4000 5
03/09/07 07:17:01 [Note]: 4000 5
03/09/07 07:17:05 [Note]: 4000 5
03/09/07 07:17:08 [Note]: 4000 5
03/09/07 07:17:12 [Note]: 4000 5
03/09/07 07:17:15 [Note]: 4000 5
03/09/07 07:17:18 [Note]: 4000 5
03/09/07 07:17:22 [Note]: 4000 5
03/09/07 07:17:25 [Note]: 4000 5
03/09/07 07:17:28 [Note]: 4000 5
03/09/07 07:17:29 [Note]: 4000 5
03/09/07 07:17:31 [Note]: 4000 5
03/09/07 07:17:34 [Note]: 4000 5
03/09/07 07:17:39 [Note]: 4000 5
03/09/07 07:17:41 [Note]: 4000 5
03/09/07 07:17:43 [Note]: 4000 5
03/09/07 07:17:45 [Note]: 4000 5
03/09/07 07:17:47 [Note]: 4000 5
03/09/07 07:17:49 [Note]: 4000 5
03/09/07 07:17:53 [Note]: 4000 5
03/09/07 07:17:56 [Note]: 4000 5
03/09/07 07:18:00 [Note]: 4000 5
03/09/07 07:18:02 [Note]: 4000 5
03/09/07 07:18:03 [Note]: 4000 5
03/09/07 07:18:05 [Note]: 4000 5
03/09/07 07:18:07 [Note]: 4000 5
03/09/07 07:18:10 [Note]: 4000 5
03/09/07 07:18:17 [Note]: 4000 5
03/09/07 07:18:24 [Note]: 4000 5
03/09/07 07:18:28 [Note]: 4000 5
03/09/07 07:18:52 [Note]: 4000 5
03/09/07 07:18:56 [Note]: 4000 5
03/09/07 07:18:59 [Note]: 4000 5
03/09/07 07:19:03 [Note]: 4000 5
03/09/07 07:19:07 [Note]: 4000 5
03/09/07 07:19:40 [Note]: 4000 5
03/09/07 07:19:59 [Note]: 4000 5
03/09/07 07:20:09 [Note]: 4000 5
03/09/07 07:20:27 [Note]: 4000 5
03/09/07 07:20:45 [Note]: 4000 5
03/09/07 07:21:04 [Note]: 4000 5
03/09/07 07:21:16 [Note]: 4000 5
03/09/07 07:21:28 [Note]: 4000 5
03/09/07 07:21:57 [Note]: 4000 5
03/09/07 07:22:19 [Note]: 4000 5
03/09/07 07:22:46 [Note]: 4000 5
03/09/07 07:23:14 [Note]: 4000 5
03/09/07 07:23:41 [Note]: 4000 5
03/09/07 07:24:05 [Note]: 4000 5
03/09/07 07:24:08 [Note]: 4000 5
03/09/07 07:24:12 [Note]: 4000 5
03/09/07 07:24:18 [Note]: 4020 5 0
03/09/07 07:24:18 [Note]: 4018 5 0
03/09/07 07:24:21 [Note]: 4020 5 0
03/09/07 07:24:21 [Note]: 4018 5 0
03/09/07 07:24:24 [Note]: 4020 5 0
03/09/07 07:24:24 [Note]: 4018 5 0
03/09/07 08:17:51 [Note]: 7007 0
HJT
Logfile of HijackThis v1.99.1
Scan saved at 7:01:10 AM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Three Rings Design\Puzzle Pirates\java\bin\javaw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Micah's Internet Explorer
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programs\Java\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programs\Java\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Mic
Mic
Thanks for the information. Though the Blacklight is showing no infections, I have never seen a report quite like that. How is the computer running?
The HJT log appears to be clean of malware, if things are back to normal I would say you are good to go. Let's do this:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
http://pcpitstop.com/spycheck/eula.asp <<< see this information, make sure everyone who users your computer reads it.
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
It still has the toolbar menu (the one where I right click the taskbar) grayed out. .. even after several reboots. I ran AVG Antispyware, AVG Antivirus and ADAware and they came out clean .. /e thinks bout a new installation of windows
Also still not able to access the folder options. Can see hidden files/folders now though. wasn't able to before. Some options are grayed out.
Mic
Mic
Mic, these are probably setting that the malware that was on your computer changed, if you want to reinstall Windows to fix it, that is your option. Try to describe exactly what is happening.
Don't be afraid to ask google for help, likehttp://www.google.com/search?q=can%2...e7&rlz=1I7GGLGcan't access folder options
I am running Windows XP Pro SP2 with IE7. If you describe what you are doing step by step I will try to duplicate it to see if I can spot why it is happening.
Have a look here: http://www.google.com/search?q=reset...e7&rlz=1I7GGLG and especially here:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Keep me posted
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
I'm clean and I found out a tool on kellys-korner to restore my folder options and taskbar menus :
Thanks, mate.
Thanks for all the work you guys do and hopefully I will be joining you guys very soon.
Mic
Mic
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006