Here the logs...thank you Howard for the info.
View attachment hijackthis.log
View attachment Report-Scan-20061230-045438.txt
View attachment hijackthis.log
View attachment Report-Scan-20061230-045438.txt
Hijack This Log
- Thread starter dyeitgreen
- Start date
- Status
You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.
I need to know what you wish to do before proceeding.
This thread is for the use of dyeitgreen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I need to know what you wish to do before proceeding.
This thread is for the use of dyeitgreen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
just clean
First of all you need to delete all the quarantined entries in AVG antispyware.
Secondly, it looks as if norton has been gotten at and i strongly advise you remove it.
If you decide to remove norton crapware then here are some instructions.
Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - https://www.techspot.com/vb/topic57112.html
Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.
Once you have done that, post a new HJT log and we will deal with the remaining malware!!!!
This thread is for the use of dyeitgreen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Secondly, it looks as if norton has been gotten at and i strongly advise you remove it.
If you decide to remove norton crapware then here are some instructions.
Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - https://www.techspot.com/vb/topic57112.html
Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.
Once you have done that, post a new HJT log and we will deal with the remaining malware!!!!
This thread is for the use of dyeitgreen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
New log!
Sorry for the delay, here is the new log!
Sorry for the delay, here is the new log!
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Delete all files in AVG Antispyware quarantine.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Microsoft authenticate service (MsaSvc)<Disable the service name and/or the name in brackets.
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
msasvc.exe
icgbsn.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
O4 - HKLM\..\Run: [ofjyv] C:\WINDOWS\icgbsn.exe
O4 - HKLM\..\Run: [Workflow] F:\installs\Workflow.exe
O4 - HKLM\..\Run: [BellSouthReportingAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\msasvc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\icgbsn.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard :wave: :wave:
This thread is for the use of dyeitgreen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Delete all files in AVG Antispyware quarantine.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Microsoft authenticate service (MsaSvc)<Disable the service name and/or the name in brackets.
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
msasvc.exe
icgbsn.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
O4 - HKLM\..\Run: [ofjyv] C:\WINDOWS\icgbsn.exe
O4 - HKLM\..\Run: [Workflow] F:\installs\Workflow.exe
O4 - HKLM\..\Run: [BellSouthReportingAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\msasvc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\icgbsn.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard :wave: :wave:
This thread is for the use of dyeitgreen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
here you go!
The latest log.
The latest log.
howard_hopkinso
Posts: 21,238 +17
Your HJT log is now clean.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of dyeitgreen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of dyeitgreen only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Thanks for all the help!
- Status
Similar threads
Latest posts
-
These credit cards feature OLEDs that light up upon payment- Uncle Al replied
-
Amazon denies reports it started a business just to spy on rivals- nitebird replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
