Virus in System Restore

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

weagle89

Thread Starter
Joined
Jul 10, 2005
Messages
9
I have just bought a refurbished Dell Latitude laptop. Three days after the warranty expired (of course), we discovered a virus in System Restore files. We were told to reduce the space allotted for Sys Res and that would remove the virus. The problem is that the computer will not let us change the size allotted. When we uncheck "Disable System Restore" and go back to the screen where the size allotted is, that section is still "grayed out". If we go back to the "troubleshooting" page, the "disable..." box has rechecked itself. Anyone know what we can do?
 
Joined
Jun 18, 2004
Messages
206
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405


also i suggest that you run a hjt scan and post a log here so we can make sure you are not infected elsewhere
there is a link in my sig. below to download hjt.
 
Joined
Aug 1, 2003
Messages
51,988
You can disable SR in your services configuration, too.

Control Panel > Admin Tools > Services. Click the SR service and choose "Disable".

Another thing to try, run Disk Cleanup. When the final dialog box appears, click the tab at top for more options. Choose to remove all restore points except the last with the bottom button. If that still leaves the virus, create a new restore point and remove all but the last. That will leave you with all restore points removed except the one you just created.
 

weagle89

Thread Starter
Joined
Jul 10, 2005
Messages
9
Thank you both for your suggestions. Unfortunately, none of those worked. I do log in as administrator, but when I enable system restore, it doesn't "stay" enabled long enough to click back on the tab where the 'space usage' for the program is. This is ME, not XP, so the tabs are different. On XP, System Restore has its on tab, but on ME there are two separate tabs that affect System Restore: "performance" and "troubleshooting".

The laptop will not connect to the internet since it became infected, and I don't want to risk infecting my other computer by connecting "through" it. Thanks for any other help/advice you can give.
 

weagle89

Thread Starter
Joined
Jul 10, 2005
Messages
9
Here's the logfile>

Logfile of HijackThis v1.99.1
Scan saved at 4:59:29 PM, on 7/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTEL32.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKSRVR.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
C:\PROGRAM FILES\PC MIGHTYMAX\PCMM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WIRELESS LAN\WLAN CARDBUS UTILITY\WLAN_UI.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\SYSTEM\intel32.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MSKServerExe] C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKDETCT.EXE /startup
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - HKCU\..\RunOnce: [DelayShred] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SHREDDER 5\SHRED32.EXE" /q C:\_RESTORE\TEMP\A0002741.SH! C:\_RESTORE\TEMP\A0002744.SH! C:\_RESTORE\TEMP\A0002751.SH! C:\_RESTORE\TEMP\A0002746.SH! C:\_RESTORE\TEMP\A0002761.SH! C:\_RESTORE\TEMP\A0002779.SH! C:\_RESTORE\TEMP\A0004274.SH! C:\_RESTORE\TEMP\A0004271.SH! C:\_RESTORE\TEMP\A0004276.SH! C:\_RESTORE\TEMP\A0004279.SH! C:\_RESTORE\TEMP\SE.SH! C:\_RESTORE\TEMP\IDOG.SH!
O4 - Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
 

weagle89

Thread Starter
Joined
Jul 10, 2005
Messages
9
weagle89 said:
Here's the logfile>

Logfile of HijackThis v1.99.1
Scan saved at 4:59:29 PM, on 7/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTEL32.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKSRVR.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
C:\PROGRAM FILES\PC MIGHTYMAX\PCMM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WIRELESS LAN\WLAN CARDBUS UTILITY\WLAN_UI.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\SYSTEM\intel32.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MSKServerExe] C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKDETCT.EXE /startup
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - HKCU\..\RunOnce: [DelayShred] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SHREDDER 5\SHRED32.EXE" /q C:\_RESTORE\TEMP\A0002741.SH! C:\_RESTORE\TEMP\A0002744.SH! C:\_RESTORE\TEMP\A0002751.SH! C:\_RESTORE\TEMP\A0002746.SH! C:\_RESTORE\TEMP\A0002761.SH! C:\_RESTORE\TEMP\A0002779.SH! C:\_RESTORE\TEMP\A0004274.SH! C:\_RESTORE\TEMP\A0004271.SH! C:\_RESTORE\TEMP\A0004276.SH! C:\_RESTORE\TEMP\A0004279.SH! C:\_RESTORE\TEMP\SE.SH! C:\_RESTORE\TEMP\IDOG.SH!
O4 - Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Please take a look at the HJT log I posted and advise. THANKS!!!
Beth
 
Joined
Jun 18, 2004
Messages
206
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Close all programs and open HijackThis and do a scan. Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\SYSTEM\intel32.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\SHREDDER 5\SHRED32.EXE" /q C:\_RESTORE\TEMP\A0002741.SH! C:\_RESTORE\TEMP\A0002744.SH! C:\_RESTORE\TEMP\A0002751.SH! C:\_RESTORE\TEMP\A0002746.SH! C:\_RESTORE\TEMP\A0002761.SH! C:\_RESTORE\TEMP\A0002779.SH! C:\_RESTORE\TEMP\A0004274.SH! C:\_RESTORE\TEMP\A0004271.SH! C:\_RESTORE\TEMP\A0004276.SH! C:\_RESTORE\TEMP\A0004279.SH! C:\_RESTORE\TEMP\SE.SH! C:\_RESTORE\TEMP\IDOG.SH!
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe


Click on Fix Checked when finished and exit HijackThis.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\TEMP\se.dll
C:\WINDOWS\SYSTEM\intel32.exe
C:\Recycled\Q330995.exe


Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

Good Luck
 

weagle89

Thread Starter
Joined
Jul 10, 2005
Messages
9
THANK YOU! I am about half-way through the process. I finally have an internet connection on the laptop, so I don't have to download the cleanup programs to a floppy first. Will give complete update later today.

Beth
 

weagle89

Thread Starter
Joined
Jul 10, 2005
Messages
9
Computer won't run "about:buster" because the COMCTL32.OCX file is missing. I lost my internet connection with the installation of the CleanUp. I tried downloading the missing file to a floppy disk, but I don't know how to "put it into" the About folder. I have run all of the other "fixes".
The CWS found no infected files.
 

weagle89

Thread Starter
Joined
Jul 10, 2005
Messages
9
This is the scan after running all the fixes, except "about:Buster". (Couldn't do that one--see earlier post.) I have my internet connection back, and the red exclamation point icon has disappeared from my taskbar. Is it ok now? THANK YOU ALL for your help! I got more help here than from the mfg support site!
Beth


Logfile of HijackThis v1.99.1
Scan saved at 12:21:22 PM, on 7/19/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WIRELESS LAN\WLAN CARDBUS UTILITY\WLAN_UI.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - Startup: WLAN CardBus Utility.lnk = C:\Program Files\Wireless LAN\WLAN CardBus Utility\WLAN_UI.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
 
Joined
Jun 18, 2004
Messages
206
Your log is clean :) (y)


The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  6. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  10. Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein


Stallion74

you may set this thread as solved
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top