Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

another ad.firstadsolution.com problem

Started by LuciferSam , Dec 06 2006 01:01 PM

  • Please log in to reply

#1
LuciferSam
Posted 06 December 2006 - 01:01 PM

LuciferSam

    New Member

  • Member
  • Pip
  • 5 posts
Hi!

I'm hoping someone can help me with this ad.firstadsolution.com probelm, which many others seem to be having trouble with also.

I keep getting a pop-up everytime I open up a new broswer window, but I guess you guys know well enough what is going on, so I won't go into more depth about the nature of this problem. I've run pretty much all relevant anit-malware, spyware and virus programs that have been recommended, but the same problem seems to arrise despite my efforts.

Below is the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 20:58:12, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HTJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [oneliveroamlies] C:\Documents and Settings\All Users\Application Data\typeeqonelive\datefirst.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Amok okay] C:\DOCUME~1\MIKKOA~1\APPLIC~1\IDOLBI~1\Poll stupid.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164739406046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Thanks in advance!

BR,

Mikko
  • 0

Advertisements

#2
Noviciate
Posted 06 December 2006 - 04:27 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download Combofix by sUBs from here and save it to your Desktop.
  • Double click combo.exe to run it and follow the prompts.
  • When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.
  • Let me know how the PC is behaving.
Please Note:
  • Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
  • Disable Script Blocking if you have NAV installed as it will interfere with the normal working of this tool.
  • Trojan Hunter has been reported to detect this tool as Worm.Qiv.100 - please ignore this, it's a false-positive.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Findlop.zip by Metallica from here and save it to your Desktop.
You will need to extract the file(s).
To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

You should now see the contents of the findlop folder.
Double click findlop.bat to run it. A Notepad window entitled findlop.txt will open - copy and paste this into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run HJT:
  • Click Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

  • 0

#3
LuciferSam
Posted 07 December 2006 - 12:59 PM

LuciferSam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi,

and thanks for your assistance. Below are copies of the logs etc. you asked for.

Combofix:

Mikko Antila - 06-12-07 20:44:47.39 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-11-07 to 2006-12-07 ))))))))))))))))))))))))))))))))))


2006-12-06 20:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-06 19:58 <DIR> d-------- C:\Program Files\HTJ
2006-12-06 19:24 <DIR> d-------- C:\Program Files\RegCleaner
2006-12-06 19:12 <DIR> dr-h----- C:\Documents and Settings\Mikko Antila\Recent
2006-12-06 19:09 <DIR> d-------- C:\Program Files\CCleaner
2006-12-06 15:47 <DIR> d-------- C:\NoLopBackups
2006-12-06 13:24 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-06 13:24 <DIR> d-------- C:\Documents and Settings\Mikko Antila\Application Data\Lavasoft
2006-12-05 20:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-05 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-04 00:36 <DIR> d-------- C:\Program Files\PokerRoom.com
2006-12-03 15:27 <DIR> d-------- C:\Documents and Settings\Mikko Antila\.dwa_store
2006-11-29 17:15 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-28 19:02 <DIR> d-------- C:\Program Files\Norton Internet Security
2006-11-28 19:01 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-28 19:01 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-28 19:00 <DIR> d-------- C:\Program Files\Symantec
2006-11-28 19:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-27 21:01 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-11-27 21:01 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2006-11-27 20:35 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-11-27 20:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-27 20:35 <DIR> d-------- C:\Program Files\Xvid
2006-11-26 17:50 <DIR> d-------- C:\Documents and Settings\Mikko Antila\Application Data\NetPumper
2006-11-26 17:50 <DIR> d-------- C:\Documents and Settings\Mikko Antila\Application Data\Idol Bits Corn
2006-11-26 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\typeeqonelive
2006-11-24 17:09 <DIR> d-------- C:\Documents and Settings\Mikko Antila\Application Data\Azureus
2006-11-24 16:53 <DIR> d-------- C:\Documents and Settings\Mikko Antila\Application Data\BitTorrent
2006-11-18 02:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-18 02:01 <DIR> d-------- C:\70a091c8baadc5deab
2006-11-10 16:22 <DIR> d-------- C:\Program Files\Symantec Technical Support


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-07 20:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-07 20:34 -------- d-------- C:\Documents and Settings\Mikko Antila\Application Data\Skype
2006-12-06 20:26 -------- d-------- C:\Program Files\WinZip
2006-12-06 20:22 -------- d-------- C:\Program Files\Messenger
2006-12-06 20:21 -------- d-------- C:\Program Files\iTunes
2006-12-06 20:21 -------- d-------- C:\Program Files\Internet Explorer
2006-12-06 20:19 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-12-04 10:06 -------- d-------- C:\Program Files\HoldemPoker
2006-11-28 20:19 -------- d-------- C:\Program Files\backups
2006-11-28 19:02 -------- d-------- C:\Program Files\Common Files
2006-11-10 16:10 -------- d-------- C:\Program Files\Java
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 12:25 5198 --a------ C:\Program Files\ZeQuinT.nfo
2006-10-30 23:23 -------- d---s---- C:\Documents and Settings\Mikko Antila\Application Data\Microsoft
2006-10-30 23:07 -------- d-------- C:\Program Files\MSN Messenger
2006-10-30 23:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-30 22:55 -------- d-------- C:\Program Files\Microsoft Works
2006-10-30 22:51 -------- d-------- C:\Program Files\QuickTime
2006-10-30 22:50 -------- d-------- C:\Program Files\Easy Internet signup
2006-10-30 21:53 -------- d-------- C:\Program Files\iolo
2006-10-30 15:37 -------- d-------- C:\Documents and Settings\Mikko Antila\Application Data\Mozilla
2006-10-25 10:53 -------- d-------- C:\Program Files\WinTrade
2006-10-25 10:50 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-25 09:41 -------- d-------- C:\Documents and Settings\Mikko Antila\Application Data\Help
2006-10-25 09:36 0 -rahs---- C:\MSDOS.SYS
2006-10-25 09:36 0 -rahs---- C:\IO.SYS
2006-10-25 09:35 -------- d-------- C:\Program Files\sanakirja
2006-10-25 09:34 -------- d-------- C:\Program Files\WinRAR
2006-10-23 20:59 -------- d-------- C:\Program Files\Acro Software
2006-10-23 20:58 -------- d-------- C:\Program Files\GPLGS
2006-10-13 14:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-13 07:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Amok okay"="C:\\DOCUME~1\\MIKKOA~1\\APPLIC~1\\IDOLBI~1\\Poll stupid.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"oneliveroamlies"="C:\\Documents and Settings\\All Users\\Application Data\\typeeqonelive\\datefirst.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Mikko Antila.job

Completion time: 06-12-07 20:45:27.01
C:\ComboFix.txt ... 06-12-07 20:45

Fresh HTJ log:

Logfile of HijackThis v1.99.1
Scan saved at 20:56:48, on 07/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HTJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [oneliveroamlies] C:\Documents and Settings\All Users\Application Data\typeeqonelive\datefirst.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Amok okay] C:\DOCUME~1\MIKKOA~1\APPLIC~1\IDOLBI~1\Poll stupid.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164739406046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


..the findlop log:

Mikko Antila - 06-12-07 20:44:47.39 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-11-07 to 2006-12-07 ))))))))))))))))))))))))))))))))))


2006-12-06 20:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-06 19:58 <DIR> d-------- C:\Program Files\HTJ
2006-12-06 19:24 <DIR> d-------- C:\Program Files\RegCleaner
2006-12-06 19:12 <DIR> dr-h----- C:\Documents and Settings\Mikko Antila\Recent
2006-12-06 19:09 <DIR> d-------- C:\Program Files\CCleaner
2006-12-06 15:47 <DIR> d-------- C:\NoLopBackups
2006-12-06 13:24 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-06 13:24 <DIR> d-------- C:\Documents and Settings\Mikko Antila\Application Data\Lavasoft
2006-12-05 20:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-05 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-04 00:36 <DIR> d-------- C:\Program Files\PokerRoom.com
2006-12-03 15:27 <DIR> d-------- C:\Documents and Settings\Mikko Antila\.dwa_store
2006-11-29 17:15 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-28 19:02 <DIR> d-------- C:\Program Files\Norton Internet Security
2006-11-28 19:01 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-28 19:01 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-28 19:00 <DIR> d-------- C:\Program Files\Symantec
2006-11-28 19:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-27 21:01 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-11-27 21:01 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2006-11-27 20:35 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-11-27 20:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-27 20:35 <DIR> d-------- C:\Program Files\Xvid
2006-11-26 17:50 <DIR> d-------- C:\Documents and Settings\Mikko Antila\Application Data\NetPumper
2006-11-26 17:50 <DIR> d-------- C:\Documents and Settings\Mikko Antila\Application Data\Idol Bits Corn
2006-11-26 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\typeeqonelive
2006-11-24 17:09 <DIR> d-------- C:\Documents and Settings\Mikko Antila\Application Data\Azureus
2006-11-24 16:53 <DIR> d-------- C:\Documents and Settings\Mikko Antila\Application Data\BitTorrent
2006-11-18 02:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-18 02:01 <DIR> d-------- C:\70a091c8baadc5deab
2006-11-10 16:22 <DIR> d-------- C:\Program Files\Symantec Technical Support


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-07 20:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-07 20:34 -------- d-------- C:\Documents and Settings\Mikko Antila\Application Data\Skype
2006-12-06 20:26 -------- d-------- C:\Program Files\WinZip
2006-12-06 20:22 -------- d-------- C:\Program Files\Messenger
2006-12-06 20:21 -------- d-------- C:\Program Files\iTunes
2006-12-06 20:21 -------- d-------- C:\Program Files\Internet Explorer
2006-12-06 20:19 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-12-04 10:06 -------- d-------- C:\Program Files\HoldemPoker
2006-11-28 20:19 -------- d-------- C:\Program Files\backups
2006-11-28 19:02 -------- d-------- C:\Program Files\Common Files
2006-11-10 16:10 -------- d-------- C:\Program Files\Java
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 12:25 5198 --a------ C:\Program Files\ZeQuinT.nfo
2006-10-30 23:23 -------- d---s---- C:\Documents and Settings\Mikko Antila\Application Data\Microsoft
2006-10-30 23:07 -------- d-------- C:\Program Files\MSN Messenger
2006-10-30 23:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-30 22:55 -------- d-------- C:\Program Files\Microsoft Works
2006-10-30 22:51 -------- d-------- C:\Program Files\QuickTime
2006-10-30 22:50 -------- d-------- C:\Program Files\Easy Internet signup
2006-10-30 21:53 -------- d-------- C:\Program Files\iolo
2006-10-30 15:37 -------- d-------- C:\Documents and Settings\Mikko Antila\Application Data\Mozilla
2006-10-25 10:53 -------- d-------- C:\Program Files\WinTrade
2006-10-25 10:50 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-25 09:41 -------- d-------- C:\Documents and Settings\Mikko Antila\Application Data\Help
2006-10-25 09:36 0 -rahs---- C:\MSDOS.SYS
2006-10-25 09:36 0 -rahs---- C:\IO.SYS
2006-10-25 09:35 -------- d-------- C:\Program Files\sanakirja
2006-10-25 09:34 -------- d-------- C:\Program Files\WinRAR
2006-10-23 20:59 -------- d-------- C:\Program Files\Acro Software
2006-10-23 20:58 -------- d-------- C:\Program Files\GPLGS
2006-10-13 14:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-13 07:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Amok okay"="C:\\DOCUME~1\\MIKKOA~1\\APPLIC~1\\IDOLBI~1\\Poll stupid.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"oneliveroamlies"="C:\\Documents and Settings\\All Users\\Application Data\\typeeqonelive\\datefirst.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Mikko Antila.job

Completion time: 06-12-07 20:45:27.01
C:\ComboFix.txt ... 06-12-07 20:45



...and finally HTJ uninstall list:

Ad-Aware SE Personal
Adobe Reader 7.0.8
Adobe Shockwave Player
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
Codec Pack - All In 1 6.0.3.0
Conexant AC-Link Audio
CutePDF Writer 2.6
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows XP (KB896256)
HP Help and Support
HP Software Update
HP User Guides 0008
HP Wireless Assistant 1.01 C1
InterVideo WinDVD
iolo technologies' System Mechanic
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 9
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office XP Professional ja FrontPage
Microsoft Works
Mozilla Firefox (2.0)
MSN
MSRedist
MSXML 4.0 SP2 (KB927978)
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Panda ActiveScan
PokerRoom.com (remove only)
Quick Launch Buttons 5.20 D2
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Skype 2.5
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SPBBC
Spybot - Search & Destroy 1.4
Symantec Script Blocking Installer
Symantec Technical Support Web Controls
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinRAR archiver
WinTrade
WinZip
Xvid 1.1.2 final uninstall


Thanks again!

br,

Mikko
  • 0

#4
LuciferSam
Posted 07 December 2006 - 01:23 PM

LuciferSam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Forgot to mention in previous post that the popups still occure, so nothing seems to have changed yet.

Mikko
  • 0

#5
Noviciate
Posted 07 December 2006 - 02:13 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
The Findlop log you posted very much resembles the Combofix log - not sure what you did, but will you run Findlop again and let me have the log.
  • 0

#6
LuciferSam
Posted 07 December 2006 - 02:23 PM

LuciferSam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry about that, must have messed something up before.

This should be it:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Norton AntiVirus - Scan my computer - Mikko Antila.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe'
Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'Mikko Antila'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 12/08/2006 20:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 11/28/2006
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
  • 0

#7
Noviciate
Posted 07 December 2006 - 02:37 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of AVG Anti-Spyware 7.5 from here and save it to your Desktop.
If you already have this program installed, skip to Updating AVG Anti-Spyware: below.

* Please note that this program was formerly known as Ewido anti-spyware 4.0.
Taken from the Ewido website -

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5. AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

Double click the avgas-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.
  • Updating AVG Anti-Spyware:

    By default AVG A-S is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:
  • Click the Update icon at the top and under "Manual Update" - click the Start update button.
  • Either AVG A-S will update or inform you that no update was available.
  • If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed AVG A-S, double click avgas-signatures-full-current.exe to update it.

    Disabling the Resident Shield:
  • By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
    (When the PC has been cleaned you can activate the shield again, if you wish.)
  • Click the Shield icon at the top and under "Resident shield is..." - click active.
  • This should now change to inactive.

    Changing Recommended Actions
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under "How to act?" click Recommended actions and select "Quarantine" from the menu.
You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG A-S will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.

2) You will need to know how to boot into Safe Mode.
Instructions can be found here.

3) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

4) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [oneliveroamlies] C:\Documents and Settings\All Users\Application Data\typeeqonelive\datefirst.exe
O4 - HKCU\..\Run: [Amok okay] C:\DOCUME~1\MIKKOA~1\APPLIC~1\IDOLBI~1\Poll stupid.exe

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

2) Boot into Safe Mode.

3) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

4) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

5) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

6) Ensure that ALL open Windows / Programs / Folders are closed and then run AVG Anti-Spyware.
  • If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
  • Click "Complete System Scan"
  • While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
  • When the scan has completed, any threats that AVG A-S has detected will be displayed.
  • Click the Apply all actions button at the bottom.
  • When AVG A-S has finished, it will display the message "All actions have been applied".

    Saving a report:
  • Click the Save Report button at the bottom left and the "Reports" window will open.
  • The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder.
  • You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
    Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.
Close AVG Anti-Spyware.

7) Remove any/all of the following files/folders that you can find:

Folders

C:\Documents and Settings\All Users\Application Data\typeeqonelive
C:\DOCUME~1\MIKKOA~1\APPLIC~1\IDOLBI~1

* The tilde(~) in either a file or folder name indicates that this name is longer than six characters and these have been replaced by the tilde for brevity. E.G. C:\PROGRA~1 = C:\Program Files
The first file, or folder, that uses these particular six letters gets the suffix ~1, the next ~2 and so on.
You will need to locate and delete the folder that has this file in it: Poll stupid.exe.
If AVG A-S gets to the file first, which it may, don't worry about the folder unless you can positively identify it - you don't want to remove a legitimate one!

As an example:
To delete C:\WINDOWS\system32\foldertogo
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on foldertogo and from the menu that appears, click on 'Delete'

8) Boot into Normal Mode.

Post a new HJT log, the AVG log AND a description of how your PC is running.
  • 0

#8
LuciferSam
Posted 07 December 2006 - 05:56 PM

LuciferSam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi again!

Wow, everything seems to be ok. At least for now.

Thank-you very much - appreciate it a lot!

BR,

Mikko

below are the HTJ and the AVG Anti-Spyware - Scan Report:

Logfile of HijackThis v1.99.1
Scan saved at 01:51:22, on 08/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HTJ\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164739406046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn....easeInstall.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 01:28:29 08/12/2006

+ Scan result:



:mozilla.82:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mikko Antila\Cookies\mikko [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.124:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.90:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mikko Antila\Cookies\mikko antila@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.49:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mikko Antila\Cookies\mikko antila@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.28:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.29:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.30:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.31:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.99:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Mikko Antila\Cookies\mikko antila@lop[1].txt -> TrackingCookie.Lop : Cleaned.
:mozilla.125:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Mikko Antila\Cookies\mikko antila@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.40:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.41:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.42:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.43:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.50:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.51:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.22:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.23:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.24:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.25:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Mikko Antila\Cookies\mikko [email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.101:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.115:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.116:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.117:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.118:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.58:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.59:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.60:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Mikko Antila\Cookies\mikko antila@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.11:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.12:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.13:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Mikko Antila\Cookies\mikko [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.44:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.45:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.46:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.47:C:\Documents and Settings\Mikko Antila\Application Data\Mozilla\Firefox\Profiles\waoo4fdr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
  • 0

#9
Noviciate
Posted 08 December 2006 - 01:13 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Update your anti-virus program,
Disable System Restore,
Boot into Safe Mode,
Scan your computer for viruses.
When you get the all clear, reboot into Normal Mode.
Re-enable System Restore,
Create a Restore Point.
This will give a clean Restore Point should you need it in the future.
A tutorial for System Restore is available here.

The reason for waiting is that if removing the malware has caused a problem, which it occasionally does, you can put your PC back to how it was before the fix. This will re-install the malware, but an infected PC is better than an expensive paperweight!

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.

If you have the time, pay a vist to Malware Complaints and register a complaint about the malware that has infected you - in your case it was a LOP infection. If enough people take the time, it could make a difference.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You are running an old version of Sun Java which needs updating:
  • Go here and click on the Download button to the right of Java Runtime Environment (JRE) 5.0 Update 10.
  • Accept the license agreement by clicking the radio button.
  • Under Windows Platform - J2SE™ Runtime Enviroment 5.0 Update 10, click the Windows Offline Installation, Multi-language link.
  • Go to Add/Remove Programs and remove any entries that refer to Java 2 Runtime Enviroment and then reboot your PC.
  • Navigate to and delete the following folder, if it exists: C:\Program Files\Java.
  • Finally double click the installation file that you downloaded earlier.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP