Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Don't you love IE pop-ups? Haha, log here help appreciated.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby eab03e » October 28th, 2007, 5:08 pm

HiJack THis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:17 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eric\Desktop\NoLop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] I:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [cornwave] C:\DOCUME~1\Eric\APPLIC~1\CLOSET~1\Defy beep dent.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7846 bytes
eab03e
Regular Member
 
Posts: 22
Joined: October 24th, 2007, 8:02 pm
Advertisement
Register to Remove

Unread postby eab03e » October 28th, 2007, 5:11 pm

NoLop log:

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Eric\Desktop
[10/28/2007]
[2:09:04 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intel
C:\Documents and Settings\Default User\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Intertrust
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Intel
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Kodak -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Support.com
C:\Documents and Settings\All Users\Application Data\Sandlot Games
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Macromedia
C:\Documents and Settings\Networkservice\Application Data\Azureus
C:\Documents and Settings\Networkservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Intel
C:\Documents and Settings\Eric\Application Data\Intertrust
C:\Documents and Settings\Eric\Application Data\Symantec
C:\Documents and Settings\Eric\Application Data\Intel
C:\Documents and Settings\Eric\Application Data\Identities
C:\Documents and Settings\Eric\Application Data\Microsoft
C:\Documents and Settings\Eric\Application Data\Adobe
C:\Documents and Settings\Eric\Application Data\Macromedia
C:\Documents and Settings\Eric\Application Data\Mozilla
C:\Documents and Settings\Eric\Application Data\Lavasoft
C:\Documents and Settings\Eric\Application Data\Apple Computer
C:\Documents and Settings\Eric\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Eric\Application Data\Sun
C:\Documents and Settings\Eric\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Eric\Application Data\Azureus
C:\Documents and Settings\Eric\Application Data\Aim -- EMPTY Directory
C:\Documents and Settings\Eric\Application Data\Securom
C:\Documents and Settings\Eric\Application Data\Cyberlink
C:\Documents and Settings\Eric\Application Data\Leadertech
C:\Documents and Settings\Eric\Application Data\Real
C:\Documents and Settings\Eric\Application Data\Ahead
C:\Documents and Settings\Eric\Application Data\Acccore
C:\Documents and Settings\Eric\Application Data\Google
C:\Documents and Settings\Eric\Application Data\Talkback
C:\Documents and Settings\Eric\Application Data\.bittorrent
C:\Documents and Settings\Eric\Application Data\Utorrent
C:\Documents and Settings\Eric\Application Data\Ipodder
C:\Documents and Settings\Eric\Application Data\Toshiba
C:\Documents and Settings\Eric\Application Data\Avg7
C:\Documents and Settings\Eric\Application Data\Ssh
C:\Documents and Settings\Eric\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Eric\Application Data\Vlc
C:\Documents and Settings\Eric\Application Data\Dvdcss
C:\Documents and Settings\Eric\Application Data\Close Third -- EMPTY Directory
eab03e
Regular Member
 
Posts: 22
Joined: October 24th, 2007, 8:02 pm

Unread postby chryssi2001 » October 29th, 2007, 11:14 am

Hello eab03e,

Let's try to remove the infected folders once again.
-----------------------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O4 - HKCU\..\Run: [cornwave] C:\DOCUME~1\Eric\APPLIC~1\CLOSET~1\Defy beep dent.exe


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
-----------------------------------------------------------
Download OTMoveIt by OldTimer to your Desktop.
  • Double click OTMoveIt.exe to launch it.
  • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
C:\DOCUMENTS AND SETTINGS\Eric\APPLICATION DATA\CLOSETHIRD
C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave
C:\Documents and Settings\Eric\Application Data\Close Third

  • Click the Move It button.
  • The list will be processed and the results will appear in the right hand pane.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • When finished click Exit to exit the program.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
  • Post the log back here please.

-----------------------------------------------------------
Run NoLop again.
Run HijackThis again.
Post back both reports and OTMoveIt report.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby eab03e » October 29th, 2007, 2:16 pm

File/Folder C:\DOCUMENTS AND SETTINGS\Eric\APPLICATION DATA\CLOSETHIRD not found.
C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol moved successfully.
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave moved successfully.
C:\Documents and Settings\Eric\Application Data\Close Third moved successfully.

Created on 10/29/2007 11:15:56
eab03e
Regular Member
 
Posts: 22
Joined: October 24th, 2007, 8:02 pm

Unread postby eab03e » October 29th, 2007, 2:16 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:36 AM, on 10/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eric\Desktop\NoLop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] I:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7704 bytes
eab03e
Regular Member
 
Posts: 22
Joined: October 24th, 2007, 8:02 pm

Unread postby eab03e » October 29th, 2007, 2:18 pm

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Eric\Desktop
[10/29/2007]
[11:17:30 AM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intel
C:\Documents and Settings\Default User\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Intertrust
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Intel
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Kodak -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Support.com
C:\Documents and Settings\All Users\Application Data\Sandlot Games
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Macromedia
C:\Documents and Settings\Networkservice\Application Data\Azureus
C:\Documents and Settings\Networkservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Intel
C:\Documents and Settings\Eric\Application Data\Intertrust
C:\Documents and Settings\Eric\Application Data\Symantec
C:\Documents and Settings\Eric\Application Data\Intel
C:\Documents and Settings\Eric\Application Data\Identities
C:\Documents and Settings\Eric\Application Data\Microsoft
C:\Documents and Settings\Eric\Application Data\Adobe
C:\Documents and Settings\Eric\Application Data\Macromedia
C:\Documents and Settings\Eric\Application Data\Mozilla
C:\Documents and Settings\Eric\Application Data\Lavasoft
C:\Documents and Settings\Eric\Application Data\Apple Computer
C:\Documents and Settings\Eric\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Eric\Application Data\Sun
C:\Documents and Settings\Eric\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Eric\Application Data\Azureus
C:\Documents and Settings\Eric\Application Data\Aim -- EMPTY Directory
C:\Documents and Settings\Eric\Application Data\Securom
C:\Documents and Settings\Eric\Application Data\Cyberlink
C:\Documents and Settings\Eric\Application Data\Leadertech
C:\Documents and Settings\Eric\Application Data\Real
C:\Documents and Settings\Eric\Application Data\Ahead
C:\Documents and Settings\Eric\Application Data\Acccore
C:\Documents and Settings\Eric\Application Data\Google
C:\Documents and Settings\Eric\Application Data\Talkback
C:\Documents and Settings\Eric\Application Data\.bittorrent
C:\Documents and Settings\Eric\Application Data\Utorrent
C:\Documents and Settings\Eric\Application Data\Ipodder
C:\Documents and Settings\Eric\Application Data\Toshiba
C:\Documents and Settings\Eric\Application Data\Avg7
C:\Documents and Settings\Eric\Application Data\Ssh
C:\Documents and Settings\Eric\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Eric\Application Data\Vlc
C:\Documents and Settings\Eric\Application Data\Dvdcss
eab03e
Regular Member
 
Posts: 22
Joined: October 24th, 2007, 8:02 pm

Unread postby chryssi2001 » October 30th, 2007, 2:00 am

Hello eab03e,

We got them this time. :)
-------------------------------------------------
Please download ATF cleaner
Make sure that all browser windows are closed.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
-------------------------------------------------
AVG Anti-Spyware - 1st Part
Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.
If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
Do not run a scan yet.
-------------------------------------------------
Print out these instructions or save them into a notepad on your desktop, because you will not have internet access while in Safe Mode.

Go in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

AVG Anti-Spyware - 2nd Part

  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit. Confirm by clicking Yes.
  • Reboot in normal mode and copy the report back to this topic.

-------------------------------------------------
Run HijackThis again.
-------------------------------------------------
Post back:
AVG Anti-Spyware report.
A new HijackThis log.
How is the pc behaving now? Any problems or pop-ups?
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby eab03e » October 31st, 2007, 4:26 pm

great, am downloading avg now, will post back everything tomorrow. thanks again!!
eab03e
Regular Member
 
Posts: 22
Joined: October 24th, 2007, 8:02 pm

Unread postby chryssi2001 » November 1st, 2007, 1:58 am

Ok i'll be here. :)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby chryssi2001 » November 4th, 2007, 4:30 am

Hello eab03e,

Are you still with me? Please post back the report asked.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby eab03e » November 4th, 2007, 3:07 pm

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:51:20 AM 11/4/2007

+ Scan result:



:mozilla.126:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.55:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.91:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.94:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.95:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.96:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.97:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.98:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.78:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.79:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.80:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.81:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.82:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.83:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.171:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.172:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.173:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.174:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.175:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.152:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.176:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.177:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.178:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.179:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.180:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.181:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.182:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.183:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.184:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.185:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.186:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.187:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.188:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.56:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.44:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@adopt.euroclick[3].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.102:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.103:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.104:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.105:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.106:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.107:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.108:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.140:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.141:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.142:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.143:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.144:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.145:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.146:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.147:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.148:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@ivwbox[2].txt -> TrackingCookie.Ivwbox : No action taken.
:mozilla.218:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.219:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.220:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@www.lop[2].txt -> TrackingCookie.Lop : No action taken.
:mozilla.45:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.46:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.47:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.48:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.49:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.50:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.51:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.52:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.53:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.287:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.201:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.202:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.203:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.298:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.299:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.300:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.301:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.302:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.303:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@h.starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@try.starware[2].txt -> TrackingCookie.Starware : No action taken.
:mozilla.129:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.204:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.205:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.206:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.207:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.208:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
:mozilla.252:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.189:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@web-stat[2].txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.199:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.57:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.58:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.30:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.31:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.32:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.33:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.34:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.35:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.36:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.37:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.38:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.39:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Eric\Cookies\eric@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.250:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\1xixxsdh.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
D:\singles\01 Track 1, street.wma -> Trojan.Wimad.a : No action taken.


::Report end
eab03e
Regular Member
 
Posts: 22
Joined: October 24th, 2007, 8:02 pm

Unread postby eab03e » November 4th, 2007, 3:08 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:21 AM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] I:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8027 bytes
eab03e
Regular Member
 
Posts: 22
Joined: October 24th, 2007, 8:02 pm

Unread postby eab03e » November 4th, 2007, 3:09 pm

computer is behaving much better, not getting any pop ups really! thanks!!
eab03e
Regular Member
 
Posts: 22
Joined: October 24th, 2007, 8:02 pm

Unread postby chryssi2001 » November 5th, 2007, 1:54 am

Hello eab03e,

It seems you didn't use ATF cleaner before doing AVG Anti-Spyware scan.
--------------------------------------------------
Before we proceed, please tell me what is Drive D: on your pc? Is it an external drive?

D:\singles

Do you recognise the above folder in your D drive? Did you create it?
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby eab03e » November 5th, 2007, 2:32 am

the singles section of the d drive was created by me
eab03e
Regular Member
 
Posts: 22
Joined: October 24th, 2007, 8:02 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware