i surfed the net & now my pc has spyware pop ups,i copied the highjacker file for you to help me out [page 4/6]

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Sunday 7.9.2008 / 02:48

Search:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > i surfed the net & now my pc has spyware pop ups,i copied the highjacker file for you to help me out

Browse by topic

Forums

Start a new thread

i surfed the net & now my pc has spyware pop ups,i copied the highjacker file for you to help me out

Jump to:

Posted

Message

Page:	< Previous	1	2	3	4	5	6	Next >

Ltangel

Member

30. March 2008 @ 07:40

Link to this message

Go to the SDFix folder and see if there is a report.txt there and psot here for me to see.

Please also post me a fresh HijackThis log.

[ + quote]

Windows and system security is my priority.

This message has been edited since posting. Last time this message was edited on 30. March 2008 @ 07:41

engin123

Account closed as per user's own request

30. March 2008 @ 07:54

Link to this message

there is a folder sdfix & its got 5 different types of files in it one is a yellow ghost effect look alike & its called appa then you have the second square box looks like a microwave its called catchme.exe then you have the 3rd one ghosty look alike its called dummy.sys system file 1kb then the 4th one is sdfix_readme_online internet shortcut then the fith one is another microwave look alike this is called runthis.bat ms-dos batch file,there is also a report.txt which is just on the desk top itsself, i will send you that as well now

SmitFraudFix v2.309

Scan done at 10:41:17.25, 30/03/2008
Run from C:\Documents and Settings\EDDY\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d70e9b0f-aabc-4066-8176-c6de84d92fa1}"="bimaculate"

[HKEY_CLASSES_ROOT\CLSID\{d70e9b0f-aabc-4066-8176-c6de84d92fa1}\InProcServer32]
@="C:\WINDOWS\system32\kknwg.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d70e9b0f-aabc-4066-8176-c6de84d92fa1}\InProcServer32]
@="C:\WINDOWS\system32\kknwg.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\kknwg.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\kknwg.dll -> Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\375013\ Deleted
C:\DOCUME~1\EDDY\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\NetProject\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 62.30.112.39
DNS Server Search Order: 194.117.134.19

HKLM\SYSTEM\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer=62.30.112.39,194.117.134.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer=62.30.112.39,194.117.134.19
HKLM\SYSTEM\CS2\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer=62.30.112.39,194.117.134.19

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

[ + quote]

Ltangel

Member

30. March 2008 @ 08:22

Link to this message

Where is your HijackThis log?

[ + quote]

Windows and system security is my priority.

engin123

Account closed as per user's own request

30. March 2008 @ 08:41

Link to this message

here it is in plain black & white

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:26, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit

SmartDefrag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows

Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\In

ternet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper -

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath]

C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program

Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe"

/StartUp
O4 - HKLM\..\Run: [SM_IAN] C:\Program

Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program

Files\BillP Studios\WinPatrol\patrolpro.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program

Files\Windows Live\Messenger\msnmsgr.exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program

Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SpyShredder] C:\Program

Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS

Clock\dsclock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]

C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'Default

user')
O4 - Startup: MemInfo.lnk = C:\Program

Files\MemInfo\meminfo.exe
O4 - Startup: WordWeb.lnk = C:\Documents and

Settings\EDDY\My Documents\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel

-

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/30

00
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/

V5Controls/en/x86/client/wuweb_site.cab?1201727103

468
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/

V5Controls/en/x86/client/muweb_site.cab?1201727078

062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

(Java Runtime Environment 1.6.0) -

http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-wi

ndows-i586-jc.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-

4756-8479-1E90AA2806D3}: NameServer =

62.30.112.39,194.117.134.19
O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) -

Lavasoft - C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. -

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program

Files\Kontiki\KService.exe

--
End of file - 6276 bytes

[ + quote]

Ltangel

Member

30. March 2008 @ 08:50

Link to this message

That is really difficult to read. Please reopen HijackThis log in notepad and then go to Format and ensure that there isn't a tick beside "Word wrap". Post the HijackThis log again after doing that.

[ + quote]

Windows and system security is my priority.

engin123

Account closed as per user's own request

30. March 2008 @ 08:55

Link to this message

here you are,i even had to clean it with mr sheens very own furniture polish,?joking

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:54, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201727103468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201727078062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/j...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

--
End of file - 6276 bytes

[ + quote]

Ltangel

Member

30. March 2008 @ 09:12

Link to this message

Hey,

Please read the entire instructions before commencing and ask if you have anything you are unsure of. Please pay close attention to what logs I am asking for in your next reply.

1) Do a scan with SUPERAntiSpyware

Download and scan with SUPERAntiSpyware

[*]Double-click SUPERAntiSpyware.exe and use the default settings for installation.
[*]An icon will be created on your desktop. Double-click that icon to launch the program.
[*]If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

[*]Under "Configuration and Preferences", click the Preferences button.
[*]Click the Scanning Control tab.
[*]Under Scanner Options make sure the following are checked (leave all others unchecked):

[*]Close browsers before scanning.
[*]Scan for tracking cookies.
[*]Terminate memory threats before quarantining.

[*]Click the "Close" button to leave the control center screen.
[*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
[*]On the left, make sure you check C:\Fixed Drive.
[*]On the right, under "Complete Scan", choose Perform Complete Scan.
[*]Click "Next" to start the scan. Please be patient while it scans your computer.
[*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
[*]Make sure everything has a checkmark next to it and click "Next".
[*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
[*]If asked if you want to reboot, click "Yes".
[*]To retrieve the removal information after reboot, launch SUPERAntispyware again.

[*]Click Preferences, then click the Statistics/Logs tab.
[*]Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
[*]Please copy and paste the Scan Log results in your next reply.

[*]Click Close to exit the program.

--------------------------------------------------------------------------------

2) Do a scan with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select "Perform Quick Scan", then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

----------------------------------------------------------------------

In your next reply (please include the following):

Fresh HijackThis log
SUPERAntispyware scan log
MalwareBytes' Anti-Malware Scan log
Tell me how your computer is doing

Go!

~Ltangel~

[ + quote]

Windows and system security is my priority.

engin123

Account closed as per user's own request

30. March 2008 @ 10:18

Link to this message

im at the stage where iv'e ticked the 3 items that you wanted me to tick,aka checked,but when i go to the next part where it says in red close browsers yes iv'e done that but the other two lines in red say scan for tracking cookies & the 3rd line in red saying terminate memory threats before quarentining how do you do that in the preferences section you have 7 buttons you can click

on to do different things & you have another two buttons down bellow that says manage allowed items & manage exclusive folders but how tracking cookies & the 3rd line in red saying terminate memory threats before quarentining how do you do that in the preferences section

[ + quote]

Ltangel

Member

30. March 2008 @ 10:24

Link to this message

It's under Scanning Control>Scanner Options, look carefully.

[ + quote]

Windows and system security is my priority.

Ltangel

Member

30. March 2008 @ 10:49

Link to this message

Time for me to go to bed again, just post all the logs I've asked you to post when you are done, I'll have a look tomorrow. :)

~Ltangel~

[ + quote]

Windows and system security is my priority.

engin123

Account closed as per user's own request

30. March 2008 @ 11:12

Link to this message

well heres the log print you wanted from the superantispyware,
what i would also like you to answer me bruce is would i have to delete them when we finish or can i please keep them,the items all that you have made me put onto my system they all are frre aint they bruce,

i want to keep them if i ever get this problem again,& if i ever can get you to help me again in the future at least i would have all of the items of software on my desk top,

do you also have a link to the best freeware sight where everything to do with pcs are all there,

not no trial versions or buying versions please my pc gets a cold when they come on
good night my brother,i will log back on with you uk time from 6am,god bless you your family & your friends

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/30/2008 at 03:49 PM

Application Version : 4.0.1154

Core Rules Database Version : 3427
Trace Rules Database Version: 1419

Scan type : Complete Scan
Total Scan Time : 00:19:32

Memory items scanned : 419
Memory threats detected : 0
Registry items scanned : 6201
Registry threats detected : 31
File items scanned : 23673
File threats detected : 75

Adware.Tracking Cookie
C:\Documents and Settings\EDDY\Cookies\eddy@2643378[2].txt
C:\Documents and Settings\EDDY\Cookies\eddy@secure.advancedcleaner[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@server.iad.liveperson[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@tracking.summitmedia.co[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@advancedcleaner[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@indexstats[2].txt
C:\Documents and Settings\EDDY\Cookies\eddy@msnportal.112.2o7[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@adlegend[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@ad1.emediate[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@overture[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@statse.webtrendslive[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@rdr.hitmngr[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@revsci[2].txt
C:\Documents and Settings\EDDY\Cookies\eddy@antispykit[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@indextools[2].txt
C:\Documents and Settings\EDDY\Cookies\eddy@tracker.fullcontactzone[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@www.virusheat[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@www.malwarecore[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@counter.hitslink[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@setanta.112.2o7[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@winanonymous[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@ads.pointroll[2].txt

Malware.SpyShredder
HKU\S-1-5-21-1659004503-813497703-682003330-1003\Software\SpyShredder
HKU\S-1-5-21-1659004503-813497703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run#SpyShredder [ C:\Program Files\SpyShredder\SpyShredder.exe ]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047604.EXE

Rogue.ErrorFighter
HKLM\Software\ugac
HKLM\Software\ugac#DomainName

Rogue.AntiSpyKit
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\byjegmgjS
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\cmnFMzkOEwg
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Control
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\gjsvniDt
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\HXAoo
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\InprocServer32
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\InprocServer32#ThreadingModel
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\InprocServer32#InprocServer32
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\MiscStatus
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\MiscStatus\1
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\nDuqNvLitg
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\ProgID
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Programmable
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\ToolboxBitmap32
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\TypeLib
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Version
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\VersionIndependentProgID
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\wotqycejlzDwp

Malware.LocusSoftware Inc/WinSpyControl
C:\Documents and Settings\EDDY\Application Data\WinSpyControl\Logs\threats.log
C:\Documents and Settings\EDDY\Application Data\WinSpyControl\Logs\update.log
C:\Documents and Settings\EDDY\Application Data\WinSpyControl\Logs
C:\Documents and Settings\EDDY\Application Data\WinSpyControl
C:\WinSpyControl\AVQuar
C:\WINDOWS\..\WinSpyControl

Rogue.WinPCDoctor
C:\Program Files\Common Files\WinPCDoctor

Rogue.VirusHeat
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\EDDY\LOCALS~1\TEMP\BR13D1.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046932.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046971.EXE

Rogue.WinPCDoctor-Installer
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\EDDY\LOCALS~1\TEMP\NI.UGDC_0001_N122M2603\SETUP.EXE
C:\DOCUMENTS AND SETTINGS\EDDY\APPLICATION DATA\INSTALLER_EN[1].EXE

Rogue.AdvancedCleaner
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\EDDY\LOCALS~1\TEMP\UADC_0001_D10M0502\INSTALLER.EXE

Rogue.NetProject-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046892.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046914.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046927.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046948.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP105\A0047325.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP105\A0047423.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP106\A0047442.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047493.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047503.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047990.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0048193.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0048238.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0049238.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP109\A0049247.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP110\A0049541.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP110\A0049830.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP111\A0049881.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0050152.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0051140.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP117\A0051187.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP117\A0051197.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP118\A0051210.EXE

Malware.VirusRanger
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046953.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046961.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046963.EXE

Rogue.StorageProtector/Trace
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046972.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046973.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP48\A0012299.EXE

Malware.MalwareStopper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046976.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046977.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046978.DLL

Rogue.AVSystemCare/Component
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP113\A0049930.EXE

Trojan.Unclassified/Rogue-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP113\A0049931.EXE

Rogue.LocusSoftware-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP113\A0049932.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0050158.EXE

Adware.E404 Helper/Variant-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP114\A0049941.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP114\A0049942.DLL

Trojan.FakeAlert-Gen/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP118\A0051395.DLL

Adware.Jraun/WinEssential
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP31\A0005308.EXE

[ + quote]

engin123

Account closed as per user's own request

30. March 2008 @ 11:32

Link to this message

im enjoying this so much im getting the first plain out for you to teach me to be a profeeor in the science of the mind of a pc,joking,just to let you know here is your log from malwarebytes'anti-malware

Malwarebytes' Anti-Malware 1.09
Database version: 568

Scan type: Quick Scan
Objects scanned: 30086
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinAnonymous (Rogue.WinAnonymous) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8113b5de-f7eb-4154-a311-497fb80d8bd0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\SecurePCCleaner (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\Abbr (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\prod_code (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\rs.dat (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_12 PM_578.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_16 PM_875.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings\ScanResults.pie (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.

[ + quote]

engin123

Account closed as per user's own request

30. March 2008 @ 11:45

Link to this message

heres the last log is itthe same log you will know once you read it now,thank you i think maybe by monday we might be able to complete it all then on the small remanding issues i you can just help me with them that would be great,as im no longer talking to my so called friend who did't want to help me with the pc nomore i don't have anyone left to help me out,plus im house bound most of the times being the fact that im disabled & have acute memory loss & learning difficulties,thank you for being patient with me,we have done so well,is there two logs mabe its the same one i just sent it to you twice

Malwarebytes' Anti-Malware 1.09
Database version: 568

Scan type: Quick Scan
Objects scanned: 30086
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinAnonymous (Rogue.WinAnonymous) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8113b5de-f7eb-4154-a311-497fb80d8bd0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\SecurePCCleaner (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\Abbr (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\prod_code (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\rs.dat (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_12 PM_578.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_16 PM_875.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings\ScanResults.pie (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.

[ + quote]

engin123

Account closed as per user's own request

31. March 2008 @ 02:52

Link to this message

im ready bruce if you are,have you got all the details that you ned if so lets start from where we left off to you i should now be saying good afternoon

[ + quote]

engin123

Account closed as per user's own request

31. March 2008 @ 03:04

Link to this message

im ready bruce if you are,have you got all the details that you ned if so lets start from where we left off to you i should now be saying good afternoon also avg is doing a scan now saying i threat trojan horse downloader.Generic7.CRX,ITS SCANNING NOW,& WHEN I MOVE FROM PAGE TO PAGE ON AFTERDAWN.COM,MY EXPLORER 7 IS MAKING a squeeky sound,from any page that sound is coming on

[ + quote]

engin123

Account closed as per user's own request

31. March 2008 @ 03:58

Link to this message

hi bruce the avg has finished its scan & it has treated the trojan now there is o errors,googdie goodie,but only when im on atfterdawn.com im getting this whistling sound its anoying me,i hope you are ok i have not heard from you yet which is not like you,you usually first thing send me a reply to be repling to my messages that you wanted the results,by the fact that i thought that iv'e sent you all the infomation,maybe you are working today or busy,all then i can do is patiently wait until you reply im home all day,im going out after 4pm uk,thats after your bed time so i should here from you long before then i hope,until i fix this problem i cant use my pc to download & do what i usually do,i did download a codecs video audio k-lite codecs pack full from your web site,& i downloaded a boxing streming setup for streming boxing fights live for free from all around the world called how to box,this is there web site link http://how-to-box.com/boxing/content/how-to-box-tv

[ + quote]

Ltangel

Member

31. March 2008 @ 04:14

Link to this message

Hey,

I just got back from school, sorry for the late reply. Sorry to hear about your health condition, please take care of you health, as it is the most important thing in your life. No worries, I'll help you fix your problem. :)

Besides the squeaky sound on IE7, are there any problems with your computer?

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Go!

~Ltangel~

[ + quote]

Windows and system security is my priority.

engin123

Account closed as per user's own request

31. March 2008 @ 04:21

Link to this message

i don't understand what am i supose to do now,i thought you would be giving me information now on what to do now,if you give up on me now then how would i know what to do,by reading your message it sounded to me as if you saw a message & you just reply saying hi then bye,i wont be able to use my pc then if we cant finish off what we have started even on the reboot its slow it shouldn't be is it still in safe mode the back ground is all blue,my plcture i had on there before is not on my desktop,

& i wanted help with the whisterling sound when ever im going from page to page on your site,at the end i just would have asked you to send me a list so that in future i can try to combat it myself,

i don't think i can but thats why i wanted you to be as patient as me,i told you already that my so called friend has let me down big time so i have no one left to help me,if you are giving up on me have i done something to afend you if so please tell me,haven;t i got that already on my system,

its just that like in marriages & friendships people just give up on each other to quickly & for the silliest of things so i feel that way to because its happened to me ,i always say if it wasn't for bad luck i wouldn't have any luck at all

[ + quote]

Ltangel

Member

31. March 2008 @ 04:24

Link to this message

I never say I'm giving up on you. You said your computer has a squeaky sound, that's why I ask you to download Deckard's system scan and let me see what's wrong with your computer.

Also, please tell me if there are any other problems you are having with your computer, so I can help you in a better way.

[ + quote]

Windows and system security is my priority.

engin123

Account closed as per user's own request

31. March 2008 @ 04:27

Link to this message

this is the main txt -notepad i don't know about the second one

Deckard's System Scanner v20071014.68
Run by EDDY on 2008-03-31 09:27:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as EDDY.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:03, on 31/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\EDDY\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\EDDY.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201727103468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201727078062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/j...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

--
End of file - 6465 bytes

-- Files created between 2008-02-29 and 2008-03-31 -----------------------------

2008-03-31 07:17:37 0 d-------- C:\Program Files\SopCast
2008-03-31 03:22:01 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-03-31 03:21:59 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-03-31 03:21:59 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-31 03:21:59 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-31 03:21:58 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-31 03:21:58 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-31 03:21:58 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 03:21:57 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-31 03:21:56 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-30 16:24:00 0 d-------- C:\Documents and Settings\EDDY\Application Data\Malwarebytes
2008-03-30 16:23:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-30 16:23:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-30


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.