Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection -- System Slowed Way Down


  • Please log in to reply
5 replies to this topic

#1 Jarrod

Jarrod

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 17 February 2006 - 11:40 PM

Hi,

This is my first time posting a HijackThis log. I read everything on your tutorial before posting and followed all the instructions running CleanMGR, Ad-Aware, SpyBot, my own AVG, the 3 online scanners and the Stinger. It found some spyware, but my problem still exists.

A few weeks ago my laptop starting shutting down really slow. It would hang up on the shutdown screen for 10 minutes or so before completing. It is almost as bad when I start up. My firewall, anti-virus, and wireless card software all take minutes to initialize and I can't use the laptop for a few minutes after that. From that point on, various things will "...ecounter a serious error and need to close..."

After a few days I noticed that on SOME restarts the bios would report, "The amount of system memory has changed, hit any key to continue." I searched for this problem online and couldn't find anything. Below is my HijackThis log. Please help.

Logfile of HijackThis v1.99.1
Scan saved at 10:31:43 PM, on 2/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: NETGEAR WG511 Smart Wizard.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124667965658
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




Thanks for your help in advance. I hope I do not have to reformat.

Jarrod

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 18 February 2006 - 10:48 AM

Step #1

Scan again with HijackThis and check the following items:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Reboot your computer normally.

Step #2

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

-------------------

Most slowness is not due to malware. Here are some common causes and suggestions:

Overheating
A major cause of slowness is overheating. Open the case and make sure there are no accumulated dustballs or other obstructions to fan operation or air circulation. You can monitor your temperatures with (free) Motherboard Monitor.

Not enough RAM
If you have less than 512 MB, consider adding more memory.

Excessive fragmentation
Defragment your hard disk every so often. The defrag that comes with Win XP is fine, or you may prefer O&O Defrag 2000 Freeware which has more interesting graphics. For defragmenting your pagefile and registry hives, I recommend (free) PageDefrag.

Some legitimate programs are known to use a lot of resources and slow you down
Those described in replies below do not need to be running. If you think that is your problem, please post a HijackThis log and we will help you keep them from starting automatically.

#3 Jarrod

Jarrod
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 18 February 2006 - 01:24 PM

Thank you for the reply. On doing those scans and restarting my laptop multiple times....I keep getting the error, "The amount of system memory has changed. Press F1 to continue" I press F1 and it boots up fine. I haven't changed my memory ever on this laptop and that error just starting happening a few weeks ago. Here are the logs fromt he 2 scans you requested:

Panda ActiveScan:


Incident Status Location

Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@112.2o7[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@c3.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@ccbill[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@ct.360i[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@gostats[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@microsofteup.112.2o7[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@searchportal.information[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@www.myaffiliateprogram[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@yadro[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.ask.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.c3.gostats.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.com.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.server.iad.liveperson.net/hc/42435556]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.server.iad.liveperson.net/hc/72597726]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[42435556]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[72597726]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jarrod\Application Data\Mozilla\Firefox\Profiles\2bqy242f.default\cookies.txt[]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@112.2o7[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@c3.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@ccbill[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@ct.360i[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@gostats[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@microsofteup.112.2o7[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@searchportal.information[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@www.myaffiliateprogram[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Jarrod\Cookies\jarrod@yadro[2].txt



----------------------------------------------------------------------------------------

And here is my HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 12:20:59 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG511 Smart Wizard.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124667965658
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------------------------------------------------------------------


Thanks for the help.

Jarrod

#4 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 18 February 2006 - 02:05 PM

Download CCleaner and install it.

Start Ccleaner. click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right).

Then reboot your computer and tell me how your computer is running!

#5 Jarrod

Jarrod
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 20 February 2006 - 02:26 PM

The computer is running pretty good after cleaning all that stuff off. I'm starting to believe my "system memory has changed" is a hardware problem. Every other time I reboots my computer I'll show 128MB or 256MB. I've tested the memory and run a diagnostic on the motherboard and both passed. I'm guessing it's probably one of the RAM slots on the board.

Thanks for your help cleaning off the spyware!!

Jarrod

#6 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 20 February 2006 - 05:17 PM

You're welcome :thumbsup:

This log looks clean!
  • Don't forget to re-hide all files and folders. To re-hide all files and folders:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading deselect "Show hidden files and folders".
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

    Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

    Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

    This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts.

    Please post back if you are still having any problems....





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users