1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HJT Log Not sure if something is wrong or not.

Discussion in 'Windows - Virus and spyware problems' started by Laura_e, Mar 4, 2007.

  1. Laura_e

    Laura_e Member

    Joined:
    Mar 25, 2005
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    My firewall keeps asking me to allow a Services & Controller Application. Application : Service.exe
    Source IP 85.255.116.146:DNS

    I am a bit wary of allowing this as it happened out of the blue, I had done no updates or anything.

    I have run AVG antivirus, Bitdefender, Adaware Lavasoft and Spybot but thought it may be best to do a Hijack this log in case something is running that shouldn't be.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:00:54 AM, on 5/03/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\tcpsvcs.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\locator.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Qualcomm\Eudora\Eudora.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\hijack this\HijackThis_v1.99.1.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iinet.net.au/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=165.228.131.12:8080
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123047995953
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{421E5732-7D50-4384-89E7-B0E5EA5687A1}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A5BA1D4-315C-42C3-A45C-11C55812FE30}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88FC309D-7BC3-4E22-B452-466C345E018D}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A3DABBB3-D447-4FDA-ADB2-43A924892CB3}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.196
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.196
    O20 - Winlogon Notify: ActiveSync - C:\WINNT\SYSTEM32\WcesWlgn.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    If this is a clean log should I just allow the Services & Controller Application?

    Regards
    Laura
     
  2. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    That IP is a bad one... you seem to have a WareOut infection.

    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:

    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    At the end of the fix, you may need to restart your computer again.

    Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
     
  3. Laura_e

    Laura_e Member

    Joined:
    Mar 25, 2005
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    16
    Hi
    Thanks for your help, it is much appreciated.

    Fixwareout Last edited 2/11/2007
    Post this report in the forums please
    ...
    »»»»»Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kdvmd.exe"

    »»»»» System restarted

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    »»»»» Misc files.
    ....
    »»»»» Checking for older varients.
    ....

    Search five digit cs, dm, kd, jb, other, files.
    The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



    Click browse, find the file then click submit.
    http://www.virustotal.com/flash/index_en.html
    Or http://virusscan.jotti.org/

    »»»»» Other
    C:\WINNT\Temp\kdvmd.ren 63432 14/07/03



    »»»»» Current runs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "Synchronization Manager"="mobsync.exe /logon"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»


    HJT LOG

    Logfile of HijackThis v1.99.1
    Scan saved at 1:48:18 PM, on 5/03/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\tcpsvcs.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\locator.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\hijack this\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iinet.net.au/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=165.228.131.12:8080
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123047995953
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{421E5732-7D50-4384-89E7-B0E5EA5687A1}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A5BA1D4-315C-42C3-A45C-11C55812FE30}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88FC309D-7BC3-4E22-B452-466C345E018D}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A3DABBB3-D447-4FDA-ADB2-43A924892CB3}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.196
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.196
    O20 - Winlogon Notify: ActiveSync - C:\WINNT\SYSTEM32\WcesWlgn.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

     
  4. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Run and scan with HijackThis and place checks beside the following:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{421E5732-7D50-4384-89E7-B0E5EA5687A1}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A5BA1D4-315C-42C3-A45C-11C55812FE30}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88FC309D-7BC3-4E22-B452-466C345E018D}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A3DABBB3-D447-4FDA-ADB2-43A924892CB3}: NameServer = 85.255.116.146,85.255.112.196
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.196
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.146 85.255.112.196


    Close all open browsers/windows and click the Fix button.

    Reboot and post a new HijackThis log please.
     
  5. Laura_e

    Laura_e Member

    Joined:
    Mar 25, 2005
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    16
    Hi
    This is the new log file.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:18:51 PM, on 5/03/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\tcpsvcs.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\locator.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\hijack this\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iinet.net.au/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=165.228.131.12:8080
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123047995953
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
    O20 - Winlogon Notify: ActiveSync - C:\WINNT\SYSTEM32\WcesWlgn.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

     
  6. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Looks good, Laura.

    How is your PC behaving?
     
  7. Laura_e

    Laura_e Member

    Joined:
    Mar 25, 2005
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    16
    The firewall alert asking to allow the services application hasn't come back up (I always denied it access) so hopefully things are all good.

    Is there something else that I should be using to protect from this sort of thing. I have:
    Ad-Aware
    Spyblaster
    Spybot
    AVG Antivirus
    Zonealarm

    I always keep these updated and run the scans a couple of times a week.

    Thank your for your help and patience in reading those log files!!

    Laura
     
  8. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    You're very welcome. Glad I could help.

    In addition to what you have installed... I'd suggest AVG Anti-Spyware. Its a very good program.

    You can download it from here:

    http://free.grisoft.com/softw/70free/setup/avgas-setup-7.5.0.50.exe

    Install it... update it... then do a full scan with it letting it clean whatever it finds.

    You should be good to go after that :)
     
  9. Laura_e

    Laura_e Member

    Joined:
    Mar 25, 2005
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    16
    Have downloaded it and run a scan...all came back clean. Once again thanks for your time.

    Laura
     

Share This Page