|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
09-30-2006, 03:04 PM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 3
OS: WinXP
|
G-Buster and Unistalled AVG
Hi, I entered in a suspect website yesterday, and the first time I rebotted the computer, the taskbar was a little strange (like win98 (I use "Windows MAX 2003" theme) and the windows firewall was off and unable to be turned on...
during the night I runned AVG Free full scan, that didn't dedected any great surprises.... So I bought the Kaspersky 6.0 today and unnistalled AVG but this one had some problem in the unistalling and I removed the files manually... I've also runned Spybot and Ad-Aware scans... tonight I'll also make Kaspersky full scan, but if there's any piece of advice that you could already spare, I would appreciate. I'll aready tried removing G-Buster and AVG by HijackThis, but wasn't able. (using Kaspersky to the actions by explorer.exe and winlogon.exe, i was able to maintain G-Buster away, but every time I restart the computer, it comes back) Thank you. Ps: I followed the steps recommended, but I already had SP2 Logfile of HijackThis v1.99.1 Scan saved at 18:46:14, on 30/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\LEXBCES.EXE D:\WINDOWS\system32\LEXPPS.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Lexmark X5100 Series\lxbabmgr.exe D:\WINDOWS\Mixer.exe D:\Program Files\Lexmark X5100 Series\lxbabmon.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\WINDOWS\system32\rundll32.exe D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe D:\WINDOWS\system32\LxrJD31s.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\wdfmgr.exe D:\WINDOWS\System32\wbem\wmiprvse.exe D:\WINDOWS\System32\alg.exe D:\HJT\HijackThis.exe D:\WINDOWS\system32\wuauclt.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - D:\WINDOWS\Downloaded Program Files\gbieh.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - D:\Program Files\Save Flash\SaveFlash.dll O4 - HKLM\..\Run: [Lexmark X5100 Series] "D:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Antivirus de la Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110w.bay110.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...61/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing) O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing) O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - D:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe |
|
     
|
|
| Thread Tools | |
|
|
