• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
consumed

I know I am infected, but dont know what with

16 posts in this topic

So, I know that I am infected with something, but I am not sure what. I continually run Ad-Aware and S&D, they always find things, and if i run both, and come back an hour later (without ever doing anything on my computer, i could have gone to walmart or something) more will show up.

 

Pop ups keep showing up, etc. I uze mozilla and IE popups show up ... Any sugestions? I tried to get Hijack This but the link wasnt working. Thanks in advance

Share this post


Link to post
Share on other sites

Download Hiajckthis at:http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Unzip to a convenient permanent folder,doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

The file isnt working .. for some reason I cannot access www.spywareinfo.com or the direct link to the file you gave me ...Is there anywhere else it can be downloaded?

Edited by consumed

Share this post


Link to post
Share on other sites

I have also seen my homepage be rest to something like default-homepage-network.com or something with the big sotp sign, and NAV automatically detects and removes a trojan downloaded from that site ..

Share this post


Link to post
Share on other sites

consumed,

for some reason I cannot access www.spywareinfo.com

Download icon11.gifHijackThis! 1.98

 

Create a folder via Windows Explorer for HijackThis, unzip, then move the file (HijackThis.exe) to that folder. This way any backups created are saved in a legit folder.

 

Double-click "HijackThis.exe" and Press "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Click: "Save Log" (generates: "hijackthis.log")

 

Copy and Paste the entire log into your next post.

 

Note: do not attempt to "Fix" anything, as we need to see the entire log.

Also if you have any Startup items unchecked in Msconfig, uncheck those items, reboot, then post a fresh log. HijackThis can not "see" disabled items in Startup.

 

Hint: after posting your log click "Track this topic" at the top of the page, this way you will be notified (email) when a response is made to your post.

Share this post


Link to post
Share on other sites

Thanks ... here are my results:

====================

Logfile of HijackThis v1.98.0

Scan saved at 5:20:39 PM, on 7/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\documents and settings\brandon travis\local settings\temp\MlD.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Warez P2P Client\Warez.exe

C:\WINDOWS\System32\DllHost.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\SYSTEM32\CS4P028.EXE

C:\Program Files\mIRC\mirc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Microsoft Office\Office10\EXCEL.EXE

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\SYSTEM32\CS4P028.EXE

C:\Program Files\Trillian\trillian.exe

C:\WINDOWS\System32\IqzqA.exe

C:\WINDOWS\System32\Iii97y.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ISS\BlackICE\blackice.exe

C:\Program Files\ISS\BlackICE\rapapp.exe

C:\Program Files\ISS\BlackICE\blackd.exe

C:\WINDOWS\System32\imapi.exe

C:\hjt\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hkcu

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\Lycos\IEagent\CSIE.DLL

O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MlD.exe] C:\documents and settings\brandon travis\local settings\temp\MlD.exe

O4 - HKLM\..\Run: [4A7DHKC5H6M3HQ] C:\WINDOWS\System32\Pggg.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [sF4O3pR] helda.exe

O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll

Share this post


Link to post
Share on other sites

Hi,

Looks like you have several issues ... one being an incomplete log.

 

First thing to do is ...

 

Uninstall via Add Remove: IEagent | Sidesearch (if exists)

 

Next:

 

Download icon11.gifAd-Aware

 

After installing Ad-Aware, and before running the program.

 

Update Ad-aware's Reference File:

Please update the reference file following the instructions icon11.gifhere

 

Required Step:

icon11.gifReconfigure Ad-Aware for Full Scan

 

Download and run icon11.gifLavasoft's VX2 Cleaner (plug-in)

 

Note: do not run Ad-Aware yet ...

 

 

Reconfigure Windows Explorer to show Hidden Files: [required step]

Open the Windows Explorer Folder Options - View [tab]:

 

Scroll down to the "Files and Folders" section.

Select: "Display the contents of system folders".

 

Scroll down to the "Hidden Files and Folders" section.

Select: "Show hidden files and folders", Ok the prompt

Uncheck: "Hide file extensions for known file types"

Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

 

Click the "Apply to all Folders" button. Close Windows Explorer.

 

Next:

 

Close all open windows, except for HijackThis place a check in each of the following:

Then click "Fix checked".

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hkcu

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\Lycos\IEagent\CSIE.DLL

O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)

O4 - HKLM\..\Run: [MlD.exe] C:\documents and settings\brandon travis\local settings\temp\MlD.exe

O4 - HKLM\..\Run: [4A7DHKC5H6M3HQ] C:\WINDOWS\System32\Pggg.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [sF4O3pR] helda.exe

O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe

O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Start | Run (type) "%temp%" (no quotes)

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\WINDOWS\SYSTEM32\CS4P028.EXE <--this file

C:\WINDOWS\System32\IqzqA.exe <--this file

C:\WINDOWS\System32\Iii97y.exe <--this file

C:\WINDOWS\System32\Pggg.exe <--this file

C:\WINDOWS\System32\dp-him.exe <--this file

C:\PROGRAM FILES\Lycos <--this folder

 

Next:

 

The WinPup trojan runs silently from the Windows folder.

In most cases one or more of the "clones" in the "System32" folder will show up in a HijackThis log. These are usually "65,536" bytes. Note: the clones will generate a new filename on each restart, so a restart in Safe Mode won't catch all the files unless you kill them all.

 

Open Windows Explorer

Click "sort by size" (Date Modified) right pane

Check the "Windows" folder for:

 

24,576 bookmarks.exe

65,536 actulice.exe < new version

65,536 pup.exe

65,536 over.exe < old version

65,536 winpup.exe < old version

 

Delete any existing there, then check the Windows\System32 folder.

Click "sort by size" (Date Modified) right pane

Delete the clones, they should all be grouped together. (65,536)

Note: right-click and select: Properties | Version

The culprit = "CompanyName : thunderdome" or totempole < older version

 

[Example]

CompanyName : thunderdome

InternalName : actulice

OriginalFilename : actulice.exe

 

Next: run Ad-Aware (in Safe Mode) fix everything it finds and reboot.

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 10:06:38 PM, on 7/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ISS\BlackICE\blackd.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\ISS\BlackICE\rapapp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\ISS\BlackICE\blackice.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\Nyy42g.exe

C:\WINDOWS\System32\JlyNv62.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\hjt\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

 

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [4A7DHKC5H6M3HQ] C:\WINDOWS\System32\VexG0Jgv.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

Share this post


Link to post
Share on other sites

Hi,

For some reason you are not posting a complete log? (bottom half missing)

 

Anyway ...

 

Close all open windows, except for HijackThis place a check in each of the following:

Then click "Fix checked".

 

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [4A7DHKC5H6M3HQ] C:\WINDOWS\System32\VexG0Jgv.exe

 

Note: just close HijackThis (after selecting the above), do not reboot yet ...

 

Next: Download icon11.gifPeper Trojan Remover

 

Double click on Newuninst.exe and press Uninstall.

Let it run and when the progress bar says complete, press Close.

You must be online to have this work and do not block any attempts for the program to connect to Internet if your firewall requests access.

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Start | Run (type) "%temp%" (no quotes)

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following: (if exists)

 

C:\WINDOWS\System32\Nyy42g.exe <--this file

C:\WINDOWS\System32\JlyNv62.exe <--this file

C:\WINDOWS\System32\VexG0Jgv.exe <--this file

 

While still in Safe Mode, run Ad-Aware and fix everything it finds.

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Share this post


Link to post
Share on other sites

Well, I'm not entirely sure why HijackThis isnt giving me a full log ... I am simply pressing scan, then then save log and copying what it gives me to here ... And inside HJT, what i post is all that shows up ... here is my new log after completeing those steps

==============

Logfile of HijackThis v1.98.0

Scan saved at 12:37:24 PM, on 7/4/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ISS\BlackICE\blackd.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\ISS\BlackICE\rapapp.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\ISS\BlackICE\blackice.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\hjt\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

Share this post


Link to post
Share on other sites

Hi,

Your log looks clean now ... good job!

 

Note: I see you have one or more items disabled via Msconfig. If this is one of the items you were troubleshooting relating to your problem, you need to enable that entry, as HijackThis can not "see" disabled items, reboot and rescan with HijackThis. Otherwise ignore.

 

Last Step:

 

"Flush System Restore" (see "How To" below)

Basically turn off System Restore, reboot, run a full (updated) NAV scan, reboot and turn System Restore back on and create a new Restore Point.

 

How To: Configure Norton AntiVirus to scan all files

 

I would suggest adding some "Defense" to your system ...

How To: Prevent this from happening again? :wave:

Share this post


Link to post
Share on other sites

irelynnmisses,

You're welcome ... wasn't trying to jump in on your topic, I just happened to notice that the link wasn't working. :wave:

Share this post


Link to post
Share on other sites

Thanks so much! Sorry I havnt responded back yet, I had to run out of town on business last minute. I will finishe these last steps when I get home.

Share this post


Link to post
Share on other sites

WINHELP.. I know you wern't.. but i'm happy he got help!

 

BTW.. ive been meaning to tell you.. I laugh MAO everytime i see your avatar :D

Share this post


Link to post
Share on other sites

irelynnmisses,

I laugh MAO everytime i see your avatar
There is a long story behind that! I got in big trouble with MS when I first created that image. It was later shown at the MVP Summit several years ago. (Bill had a nice chuckle)

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0