MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: I'm missing something...
December 14, 2019, 08:33:10 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 14, 2019, 08:33:10 AM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: I'm missing something...  (Read 1268 times)
Haxaw
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 19


Bookmark and Share

View Profile
« on: October 20, 2006, 09:11:19 PM »

I've got a nasty one...

In my attempts to clean my system of this adware I have rebooted into safe mode and run (in this order):

HiJackThis and remove all of the BHO's with the "(no name)" entries
SmitFraud.fix
CW Shredder
deleted "users32.exe" and "asgp32.dll"
Spybot Search & Destroy and deleted everything that it found
CleanUp!
Adaware (including the Vx2 add on) - it finds nothing so I take no action.

I then reboot and the adware is still there.  My frustration abounds!

Please help!

Here is my current HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:10:05 PM, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msmapi32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: ASGP32.ASGP - {AB268D16-3B58-482F-91EB-8D305534302F} - C:\WINDOWS\system32\asgp32.dll
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132321853109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} - https://mytbb.primus.ca/webportal/plugins/VMPlayer.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)




Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: October 21, 2006, 12:24:28 AM »

Hi..

Step 1: Download and install Ewido/AVG Anti-Spyware 7.5
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\ewido anti-spyware 4.0, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on ewdio in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here. Exit Ewido when done - DO NOT perform a scan yet.

Step 2: Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Step 3: Scan with Ewido as follows:
1. Launch Ewido, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\ewido anti-spyware 4.0\Reports\
6. Exit Ewido when done and submit the log report in your next response. .



Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {15ACE85C-0BB1-42d1-9E32-07EB0506675A} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1b68470c-2def-493b-8a4a-8e2d81be4ea5} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e246fae-8420-11d9-870d-000c2917de7f} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {746455fe-d059-47e7-af0e-140e03f5a447} - (no file)
O2 - BHO: (no name) - {7a7e6d97-b492-4884-9abb-c31281dcc4f2} - (no file)
O2 - BHO: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {9c5875b8-93f3-429d-ff34-660b206d897a} - (no file)
O2 - BHO: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: ASGP32.ASGP - {AB268D16-3B58-482F-91EB-8D305534302F} - C:\WINDOWS\system32\asgp32.dll
O2 - BHO: (no name) - {b212d577-05b7-4963-911e-4a8588160dfa} - (no file)
O2 - BHO: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {d1ac752e-883f-4ed8-8828-b618c3a72152} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - (no file)

Reboot......................

Post the Ewido and a new HJT log
Logged

An Australian Member of

EDDY
Haxaw
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 19


Bookmark and Share

View Profile
« Reply #2 on: October 21, 2006, 06:37:21 PM »

Hey Eddy,

Thanks again for your help.  Is there anything I could be doing to prevent this?  I'm bugging you all too often and this wasting both of our time...

Here are the logs:

Ewido report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   12:14:54 PM 21/10/2006

 + Scan result:   



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7070A8F9-08A4-CA47-0AB0-1EB9E4EE1F3B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5753791b-f607-48ca-814e-91c14d081f9e} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{860c2f6b-ca82-4282-9187-beccbb66f0af} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5875b8-93f3-429d-ff34-660b206d897a} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2595f37-48d0-46a1-9b51-478591a97764} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Soldier_is1 -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5753791B-F607-48CA-814E-91C14D081F9E} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{860C2F6B-CA82-4282-9187-BECCBB66F0AF} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5875B8-93F3-429D-FF34-660B206D897A} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B53455DB-5527-4041-AC41-F86E6947AA47} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a7e6d97-b492-4884-9abb-c31281dcc4f2} -> Adware.VipSearcher : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A7E6D97-B492-4884-9ABB-C31281DCC4F2} -> Adware.VipSearcher : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b68470c-2def-493b-8a4a-8e2d81be4ea5} -> Downloader.Delf : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cmuqxqxp.exe -> Downloader.Small.cjk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP147\A0014714.exe -> Downloader.Small.cwo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\imxxkfpw.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jowhsxeq.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ggkmdjrs.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yiarppce.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP154\A0016291.exe -> Downloader.Small.djg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cxvtilah.exe -> Downloader.Small.dkt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\grkkcccb.exe -> Downloader.Small.dkt : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15ACE85C-0BB1-42d1-9E32-07EB0506675A} -> Downloader.Small.nl : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15ACE85C-0BB1-42D1-9E32-07EB0506675A} -> Downloader.Small.nl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP171\A0018787.exe -> Downloader.Tibs.ic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP172\A0018851.exe -> Downloader.Tibs.ic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP162\A0016783.dll -> Downloader.VB.aan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vkqevsmb.exe -> Downloader.VB.aeq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\djfvhexv.exe -> Downloader.VB.ajp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dnfyprha.exe -> Downloader.VB.ajp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\avxspttu.exe -> Downloader.VB.anw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yykspbqc.exe -> Downloader.VB.anw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\aptbairk.cyv -> Hijacker.Small.js : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\HijackThis\backups\backup-20060611-211919-510.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP174\A0020026.exe -> Not-A-Virus.Hoax.Win32.Renos.fe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP184\A0021039.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP149\A0015263.exe -> Proxy.Lager.az : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP149\A0015492.exe -> Proxy.Lager.az : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP176\A0020463.exe -> Proxy.Lager.az : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP184\A0021019.exe -> Proxy.Lager.az : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP169\A0018525.exe -> Proxy.Lager.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP169\A0018527.exe -> Proxy.Lager.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP172\A0018876.exe -> Proxy.Lager.dj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP175\A0020087.exe -> Proxy.Lager.dj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP173\A0019313.exe -> Proxy.Lager.dk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\taskdir.exe_tobedeleted -> Proxy.Lager.dk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP176\A0020447.exe -> Proxy.Lager.dl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP184\A0021021.exe -> Proxy.Lager.dl : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b212d577-05b7-4963-911e-4a8588160dfa} -> Trojan.Delf.nj : Cleaned with backup (quarantined).
HKU\S-1-5-21-2884363644-3030499108-1228825059-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B212D577-05B7-4963-911E-4A8588160DFA} -> Trojan.Delf.nj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP149\A0015262.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP149\A0015491.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP162\A0016784.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP162\A0016786.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP162\A0016787.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mscayitx.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rtdrhzkt.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP171\A0018798.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP171\A0018811.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP172\A0018831.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP172\A0018850.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP172\A0018936.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP173\A0018957.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP173\A0019046.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP173\A0019057.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP173\A0019075.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP173\A0019167.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP173\A0019179.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP173\A0019193.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP175\A0020088.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP175\A0020097.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP175\A0020322.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP176\A0020337.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP176\A0020351.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP176\A0020379.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP176\A0020389.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP176\A0020417.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP176\A0020430.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP176\A0020442.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AF0E5A42-E1B0-4DA8-8F48-5D4ED8D389B6}\RP184\A0021020.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).


::Report end
Logged

 
Haxaw
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 19


Bookmark and Share

View Profile
« Reply #3 on: October 21, 2006, 06:38:15 PM »

Had to post HJT log separately:

Logfile of HijackThis v1.99.1
Scan saved at 2:22:12 PM, on 21/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Owner\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132321853109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC49479E-93A8-455E-959A-C49BE895D87C} - https://mytbb.primus.ca/webportal/plugins/VMPlayer.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: October 22, 2006, 12:11:54 AM »

Your log is fine.There is no malware in it...
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 04, 2018, 04:17:40 AM