Options

Help needed - Downloader.Agent.GPZ (sporder.dll)

Unknown
edited November 2006 in Spyware & Virus Removal
I was doing a virus scan with my anti-virus and that came up. (Downloader.Agent.GPZ) I haven't had much luck finding information on it. Does anyone have tips for removal?

It says the path is:

C:\WINDOWS\Downloaded program files\sporder.dll and the file is sporder.dll

Comments

  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2006
    Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
    Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

    ==

    Please go to Jotti's or at virustotal and have this file scanned. Post the results back here.

    C:\WINDOWS\Downloaded program files\sporder.dll
  • Farferello
    edited November 2006
    Hi, I did the HJT and then scanned the log at virustotal.

    AVG Quarantined the virus that it found previously so I don't know if that changed things, but on scanning with both panda activescan and kaspersky, it said it found some other spyware/viruses that nothing else seemed to pick up.

    Anyway, this is my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:29:54, on 01/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Iomega HotBurn\Autolaunch.exe
    C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\qttask.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Vampsi\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: - {B288FF08-BF6F-4E1E-991B-02CB5B873F23} - C:\WINDOWS\lbbho.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
    O15 - Trusted Zone: http://www.battleon.com
    O15 - Trusted Zone: http://www.dragonfable.com
    O15 - Trusted Zone: http://www.myfileshack.com
    O15 - Trusted Zone: http://www.myfileshack.com
    O15 - Trusted Zone: http://www.pandasoftware.com
    O15 - Trusted Zone: http://www.subeta.org
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76284DAB-9320-4741-A9A3-42DBDAB84A6A}: NameServer = 212.139.132.21 212.139.132.20
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe


    And this is the result of the scan from virustotal:

    AntiVir 7.2.0.34 10.31.2006 no virus found
    Authentium 4.93.8 10.31.2006 no virus found
    Avast 4.7.892.0 10.31.2006 no virus found
    AVG 386 11.01.2006 no virus found
    BitDefender 7.2 11.01.2006 no virus found
    CAT-QuickHeal 8.00 11.01.2006 no virus found
    ClamAV devel-20060426 11.01.2006 no virus found
    DrWeb 4.33 11.01.2006 no virus found
    eTrust-InoculateIT 23.73.42 11.01.2006 no virus found
    eTrust-Vet 30.3.3172 11.01.2006 no virus found
    Ewido 4.0 11.01.2006 no virus found
    Fortinet 2.82.0.0 11.01.2006 no virus found
    F-Prot 3.16f 10.31.2006 no virus found
    F-Prot4 4.2.1.29 10.31.2006 no virus found
    Ikarus 0.2.65.0 11.01.2006 no virus found
    Kaspersky 4.0.2.24 11.01.2006 no virus found
    McAfee 4885 10.31.2006 no virus found
    Microsoft 1.1609 11.01.2006 no virus found
    NOD32v2 1.1847 11.01.2006 no virus found
    Norman 5.80.02 11.01.2006 no virus found
    Panda 9.0.0.4 11.01.2006 no virus found
    Sophos 4.10.0 10.26.2006 no virus found
    TheHacker 6.0.1.109 10.30.2006 no virus found
    UNA 1.83 10.31.2006 no virus found
    VBA32 3.11.1 10.31.2006 no virus found
    VirusBuster 4.3.15:9 11.01.2006 no virus found
  • Farferello
    edited November 2006
    My Panda Active scan and Kaspersky scan log if needed.

    Panda Active:


    Incident Status Location

    Adware:adware/superbar Not disinfected c:\program files\_SUPERBAR
    Adware:adware/powerscan Not disinfected Windows Registry
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.xiti.com/]
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[www.myaffiliateprogram.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.realmedia.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.burstnet.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.bravenet.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.revenue.net/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[searchportal.information.com/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.toplist.cz/]
    Spyware:Cookie/Inet-Traffic Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.inet-traffic.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cookies.txt[.go.com/]


    Kaspersky:

    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, November 01, 2006 2:26:57 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 1/11/2006
    Kaspersky Anti-Virus database records: 237116

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 50406
    Number of viruses found: 2
    Number of infected objects: 5 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 01:08:32

    Infected Object Name / Virus Name / Last Action
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\I386\SVCHOST.EX_/svchost.exe Infected: Backdoor.Win32.Rbot.bnb skipped
    C:\WINDOWS\I386\SVCHOST.EX_ CAB: infected - 1 skipped
    C:\WINDOWS\$NtServicePackUninstall$\svchost.exe Infected: Backdoor.Win32.Rbot.bnb skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{C021B599-6D03-4062-878D-FAEC3EBD34C6}.bin Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-05062006-130318.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Vampsi\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Vampsi\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\Temp\~DF9CDB.tmp Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\Temp\~DF9CDE.tmp Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6105740B-B395-4375-B0C6-B94FB34499FC} Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Vampsi\Local Settings\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Vampsi\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\history.dat Object is locked skipped
    C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\parent.lock Object is locked skipped
    C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\cert8.db Object is locked skipped
    C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\4ona4l95.Yuushi\key3.db Object is locked skipped
    C:\Documents and Settings\Vampsi\Application Data\AVG7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\Vampsi\DoctorWeb\Quarantine\A0022446.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\info.dat Object is locked skipped
    C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\Tab.dat Object is locked skipped
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    C:\System Volume Information\_restore{D738A4B7-FDD5-49FA-BA27-C5774188DAB7}\RP332\change.log Object is locked skipped

    Scan process completed.
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2006
    Can you upload these files to Jotti's and post the results;

    C:\WINDOWS\I386\SVCHOST.EX_/svchost.exe
    C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

    ==

    Scan with HijackThis and then place a check next to all the following, if present:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: - {B288FF08-BF6F-4E1E-991B-02CB5B873F23} - C:\WINDOWS\lbbho.dll (file missing)


    Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

    ===============

    Download CCleaner and install, then run it.
    1. Uncheck "Cookies" under "Internet Explorer".
    2. Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
    3. Close when finished.

    ====

    Uninstall Ewido and then download the latest version. Instructions following;

    Download and install AVG antispyware tool
    • Close all other Applications Select language click Ok
    • Click I Agree
    • Click next
    • Click Install
    • Click Finish
    • Wait and AVG antispyware will open to the main screen automatically.
    • Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
    • This is very important to get updates
    • When updating has finished. Close AVG antispyware.
    If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
    • Next, please reboot your computer in Safe Mode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
    • Select the first option, to run Windows in Safe Mode hit enter.
    • For additional help in booting into Safe Mode, see the following site: HERE

      You MUST manage to get into Safe Mode for the fix to work.
    Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!
    • Open AVG antispyware.
    • Click on scanner at top of AVG antispyware sceen.
    • Click on Settings.
    • Under How to Act click on Recommended Action and choose Quarantine.
    • Under How to scan all boxes should be selected.
    • Under Possibly unwanted software all boxes should be selected.
    • On right side under Reports: click on Automatically generate report after every scan.
    • Under What to scan select scan every file.
    • Click On scan Tab.
    • Click on Complete system scan.
    • Let the program scan the machine It can take awhile give it time.
    • When scan has finished at bottom of screen click Apply all Actions.
    • Click Save report
    • Click Save Report as (Save as window's screen should pop up.)
    • Click desktop.
    • Click Save.
    • Exit AVG antispyware.
    Reboot back to normal mode.
    Post the log here.
  • Farferello
    edited November 2006
    Can you upload these files to Jotti's and post the results;

    C:\WINDOWS\I386\SVCHOST.EX_/svchost.exe

    Hi, I'm not sure if I did this right. I could get to the SVCHOST.EX_ bit but couldn't figure out how to get to the /svchost.exe bit on the first, but this was the log from Jotti.

    File: SVCHOST.EX_
    Status:
    OK
    MD5 e5d0529c255156df6ba180360dff27dc
    Packers detected:
    -
    Scanner results
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing

    And then on the C:\WINDOWS\$NtServicePackUninstall$\svchost.exe bit asked:

    File: svchost.exe
    Status:
    OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 0f7d9c87b0ce1fa520473119752c6f79
    Packers detected:
    -
    Scanner results
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing


    I then did the Hijackthis fixing and the CCleaner bit before uninstalling/reinstalling the program. I then went into safe mode but on loading I got an error.

    MCI command handling window - winlog.exe - Application error.

    The exception Integer division by zero (0x0000094) occured in the application at location 0x01363e3b.

    Click cancel to debug
    Abort to terminate program.

    I tried clicking cancel but that just made my computer reboot so on the next time I just left the screen there as I did the scan.

    AVG Anti-Spyware - Scan Report



    + Created at: 23:53:08 01/11/2006



    + Scan result:







    :mozilla.179:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.2o7 : Cleaned.

    :mozilla.86:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.87:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.88:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.91:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

    :mozilla.171:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Advertising : Cleaned.

    :mozilla.172:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Advertising : Cleaned.

    :mozilla.173:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Advertising : Cleaned.

    :mozilla.82:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

    :mozilla.178:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Bfast : Cleaned.

    :mozilla.73:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

    :mozilla.78:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

    :mozilla.79:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

    :mozilla.80:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

    :mozilla.81:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

    :mozilla.97:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Com : Cleaned.

    :mozilla.115:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

    :mozilla.47:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

    :mozilla.157:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Falkag : Cleaned.

    :mozilla.158:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Falkag : Cleaned.

    :mozilla.159:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Falkag : Cleaned.

    :mozilla.160:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Falkag : Cleaned.

    :mozilla.161:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Falkag : Cleaned.

    :mozilla.162:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Falkag : Cleaned.

    :mozilla.69:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

    :mozilla.70:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

    :mozilla.71:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

    :mozilla.72:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

    :mozilla.149:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

    :mozilla.63:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

    :mozilla.64:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

    :mozilla.65:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

    :mozilla.66:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

    :mozilla.67:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

    :mozilla.68:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

    :mozilla.141:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

    :mozilla.174:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

    :mozilla.175:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

    :mozilla.176:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

    :mozilla.177:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

    :mozilla.58:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

    :mozilla.59:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

    :mozilla.43:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

    :mozilla.44:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

    :mozilla.45:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

    :mozilla.46:C:\Documents and Settings\Vampsi\Application Data\Mozilla\Firefox\Profiles\nlw22fjb.Dorkcest\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.





    ::Report end
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2006
    I think you may be getting some false positives from your previous scans regarding those files.
    Can you please post a new hijackthis log.
  • Farferello
    edited November 2006
    Hi sure. Recent scan below:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:17:11, on 02/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Iomega HotBurn\Autolaunch.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\qttask.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Documents and Settings\Vampsi\My Documents\My Music\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
    O15 - Trusted Zone: http://www.battleon.com
    O15 - Trusted Zone: http://www.dragonfable.com
    O15 - Trusted Zone: http://www.myfileshack.com
    O15 - Trusted Zone: http://www.myfileshack.com
    O15 - Trusted Zone: http://www.pandasoftware.com
    O15 - Trusted Zone: http://www.subeta.org
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{76284DAB-9320-4741-A9A3-42DBDAB84A6A}: NameServer = 212.139.132.21 212.139.132.20
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2006
    Your log looks clean. How are things on your end?
  • Farferello
    edited November 2006
    Well I'm not getting any alerts or anything, but it seems to have been fixed to easy. Hmm.

    Thank you for your help though.
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2006
    Post back if you do have any more problems :).
Sign In or Register to comment.