|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
04-18-2005, 05:46 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 114
OS: xp
 |
msnsngr.exe
msnsngr.exe in my system
this is the log from Startdreck StartDreck (build 2.1.7 public stable) - 2005-04-18 @ 18:48:38 (GMT -06:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 1) Internet Explorer: 6.0.2800.1106 Logged in as Owner at CHARLENE 舞egistry 舞un Keys 翟urrent User 舞un *Systemboot=msnsngr.exe 舞unOnce 聞efault User 舞un *Systemboot=msnsngr.exe *AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE 舞unOnce 腿ocal Machine 舞un *ATIModeChange=Ati2mdxx.exe *CARPService=carpserv.exe *ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe *PreloadApp=c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d *srmclean=C:\Cpqs\Scom\srmclean.exe *TV Now=C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK *Display Settings=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s *QT4HPOT=C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE *SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe *SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe *Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe *hpsysdrv=c:\windows\system\hpsysdrv.exe *MMTray=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe *LXSUPMON=C:\WINDOWS\System32\LXSUPMON.EXE RUN *AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP *AVG7_EMC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe *Zone Labs Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" *gcasServ="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" *MSConfig=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto *Systemboot=msnsngr.exe +OptionalComponents +MSFS *Installed=1 +MAPI *NoChange=1 *Installed=1 +MAPI *NoChange=1 *Installed=1 舞unOnce 舞unServices *NAV Auto Updates=slserves.exe *Systemboot=msnsngr.exe 舞unServicesOnce 舞unOnceEx 舞unServicesOnceEx 肇iles 艋ystem/Drivers 舞unning Processes +0=<idle> +4=<system> +592=\SystemRoot\System32\smss.exe +644=\??\C:\WINDOWS\system32\csrss.exe +672=\??\C:\WINDOWS\system32\winlogon.exe +720=C:\WINDOWS\system32\services.exe +732=C:\WINDOWS\system32\lsass.exe +912=C:\WINDOWS\system32\svchost.exe +996=C:\WINDOWS\System32\svchost.exe +1168=C:\WINDOWS\System32\svchost.exe +1216=C:\WINDOWS\System32\svchost.exe +1472=C:\WINDOWS\Explorer.exe +1508=C:\WINDOWS\system32\LEXBCES.EXE +1584=C:\WINDOWS\system32\spoolsv.exe +1632=C:\WINDOWS\system32\LEXPPS.EXE +1852=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe +2008=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe +120=C:\WINDOWS\system32\HPConfig.exe +216=C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe +292=C:\WINDOWS\system32\ZoneLabs\vsmon.exe +624=C:\WINDOWS\System32\carpserv.exe +1176=C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE +1292=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe +1164=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe +1524=C:\windows\system\hpsysdrv.exe +1532=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe +1764=C:\WINDOWS\System32\LXSUPMON.EXE +1780=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe +1848=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe +976=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe +172=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe +556=C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe +3888=C:\WINDOWS\regedit.exe +2876=C:\New Folder\StartDreck\StartDreck.exe +2964=C:\Program Files\Mozilla Firefox\firefox.exe +2928=C:\WINDOWS\System32\msnsngr.exe +2728=C:\WINDOWS\System32\wuauclt.exe 翠pplication specific |
|
     |
| Sponsored Links |
|
04-18-2005, 06:28 PM
|
#2 (permalink) |
|
Analyst, Security Team
|
Please do not post your log in someone else's thread. I have created a new thread for you and posted it here.
You should not start off by giving us this log unless we asked for it. But since it's given already, let's get to work on it. Run StartDreck with the same options checked like before. Click on each of the following and hit the Delete button in the program: *Systemboot=msnsngr.exe *Systemboot=msnsngr.exe *Systemboot=msnsngr.exe *NAV Auto Updates=slserves.exe *Systemboot=msnsngr.exe Delete these files if found: slserves.exe msnsngr.exe The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Please download HijackThis http://www.greyknight17.com/spy/HijackThis.exe - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it. 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Get HijackThis Analyzer http://www.greyknight17.com/spy/KRC%...20Analyzer.zip and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless. Download this virus checker and tool from eScan Mwav.exe (Use Link 3) 1. Save it to a folder. 2. Reboot into safe mode 3. Double click the Mwav.exe file.(This is a stand alone tool and NOT just a virus checker......so it won't install anything) 4.Select all local drives, scan all files, press SCAN and when it is completed, anything found will be displayed in the lower pane. 5. In the Virus Log Information Pane...... Left click and Highlight all the info in the Lower pane--- Use "CTRL C" on your Keyboard to copy all found in the lower pane and save it to a notepad file *Note* If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything..but to ID the bad guys. Once you copy that to a notepad file...highlight the text and copy it here
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
04-19-2005, 08:53 AM
|
#3 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 114
OS: xp
|
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 9:42:31 AM, on 4/19/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\msnsngr.exe C:\Documents and Settings\Owner\My Documents\My Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/ F2 - REG:system.ini: Shell=Explorer.exe O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Systemboot] msnsngr.exe O4 - HKLM\..\RunServices: [Systemboot] msnsngr.exe O4 - HKCU\..\Run: [Systemboot] msnsngr.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe End of KRC HijackThis Analyzer Log. ==================================================================== |
|
|
|
|
04-19-2005, 09:00 AM
|
#4 (permalink) |
|
Analyst, Security Team
|
Did you follow the instructions I posted earlier? Please do them now if you haven't done so already.
We also need the mwav log file.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
04-19-2005, 09:13 AM
|
#5 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 114
OS: xp
|
Yes, I followed the instructions . I ran the cleanup and it deleted a lot of systemfiles and the only way I could get back into the computer was to use the f8 key and use last known good config. so I started over again and manually deleted all the temp files . I guess that was not good. I am a bit afraid to run cleanup again
|
|
|
|
|
04-19-2005, 09:44 AM
|
#6 (permalink) |
|
Analyst, Security Team
|
CleanUp should not have deleted any system files. You sure it wasn't just files that looked like system files that were in the temp folder?
OK, did you do the other steps at least? If not, do them now but skip the CleanUp step. We still need the mwav log.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
04-19-2005, 02:14 PM
|
#8 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 114
OS: xp
|
I am reding the scans
I started all over again and did the cleanup and it went ok.. did the hijackthis and analyzer and am doing the virus scan now. Will post as soon as it is done. Thank you for your help. I very much appreciate it
|
|
|
|
|
04-19-2005, 02:14 PM
|
#9 (permalink) |
|
Analyst, Security Team
|
No problem. Then try attaching it to your reply. Just hit Reply and then scroll down a little to where you see Additional Options. Click Manage Attachments and follow the instructions there to attach that mwav log here.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
04-19-2005, 03:16 PM
|
#10 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 114
OS: xp
|
result log and mwav log
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 3:04:57 PM, on 4/19/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Documents and Settings\Owner\My Documents\My Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/ O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [Systemboot] msnsngr.exe O4 - HKLM\..\RunServices: [Systemboot] msnsngr.exe O4 - HKCU\..\Run: [Systemboot] msnsngr.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe End of KRC HijackThis Analyzer Log. ==================================================================== mwav log File C:\Program Files\Common Files\wfwo\wfwop.exe infected by "not-a-virus:AdWare.Xupiter.m" Virus. Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\8D77323E-1D11-4BEB-9B6A-439835\416F8969-7F58-45FB-89F1-54C0F0 infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\8D77323E-1D11-4BEB-9B6A-439835\C510936E-8086-44FA-9511-B4FE7E infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\8D77323E-1D11-4BEB-9B6A-439835\CF5FC505-D128-40DF-91CA-4B8A1E infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken. File C:\Program Files\Microsoft AntiSpyware\Quarantine\FC55BF51-C523-46AF-A7E0-8F6811\E899C4A3-7F34-41CC-814D-3BE3EA infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP42\A0003814.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP45\A0003854.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP45\A0003855.dll infected by "not-a-virus:AdWare.WinAD.m" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP48\A0003937.exe infected by "not-a-virus:AdWare.Xupiter.m" Virus. Action Taken: No Action Taken. File C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP49\A0004268.exe infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: No Action Taken. File C:\WINDOWS\system32\new1.exe infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: No Action Taken. |
|
|
|
|
04-19-2005, 03:33 PM
|
#11 (permalink) |
|
Analyst, Security Team
|
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.
Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): O4 - HKLM\..\Run: [Systemboot] msnsngr.exe O4 - HKLM\..\RunServices: [Systemboot] msnsngr.exe O4 - HKCU\..\Run: [Systemboot] msnsngr.exe Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: msnsngr.exe C:\Program Files\Common Files\wfwo\ C:\WINDOWS\system32\new1.exe Go into this folder -> C:\Program Files\Microsoft AntiSpyware\Quarantine\ and delete all the quarantined files in there Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
04-19-2005, 04:40 PM
|
#12 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 114
OS: xp
|
I think you fixed me thank-you
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 5:36:37 PM, on 4/19/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Documents and Settings\Owner\My Documents\My Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/info/e-center-p R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/ O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe End of KRC HijackThis Analyzer Log. ==================================================================== |
|
|
|
|
04-19-2005, 04:43 PM
|
#13 (permalink) |
|
Analyst, Security Team
|
Yep, I think it's fixed also.
Update to Windows XP Service Pack 2 when you have time. It has more security features and other updates in it. Your log is clean. If you disabled System Restore, make sure to enable it now. To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial http://www.greyknight17.com/spyware.htm#prevent and use the tools provided. Are there any problems now? If not, you should be set to go.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
| Thread Tools | |
|
|
