Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Another Aurora Problem


  • Please log in to reply

#1
ahayto

ahayto

    New Member

  • Member
  • Pip
  • 7 posts
Hi,

I have the Aurora virus (Im not sure what its actual name is) As well as this I cant open my Task Manager. Ive tried all the possible ways but nothing happens. Im guessing this could be to do with a virus also.

Any help would be greatly appreciated.

Adam

Logfile of HijackThis v1.99.1
Scan saved at 11:36:58, on 20/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\Wm24Pan.Exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system32\ogzeli.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\ssurf022.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O4 - HKLM\..\Run: [Wm24Pan] Wm24Pan.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE
O4 - HKLM\..\Run: [iTunesHelper] __C:\Program Files\iTunes\iTunesHelper.exe__
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\system32\netsync.exe
O4 - HKLM\..\Run: [Jammer2nd] C:\WINDOWS\Jammer2nd.exe
O4 - HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe
O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [bxpbmk] c:\windows\system32\ogzeli.exe
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\Run: [Z2q7RWJmP] audck32.exe
O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\Run: [Messenger] C:\PROGRA~1\LYCOSM~1\Messenger.exe runonboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
We'll have to take care of the Alcan worm first.
That's the one stopping you from using taskmanager, regedit and some more utilities.

First disable Spybot's Teatimer for the time it takes us to get you cleaned. It might hinder our efforts by guarding your settings.

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\Wm24Pan.Exe
c:\windows\system32\ogzeli.exe


*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After the reboot run HijackThis again. Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\ssurf022.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O4 - HKLM\..\Run: [Wm24Pan] Wm24Pan.Exe

O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE

O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\system32\netsync.exe
O4 - HKLM\..\Run: [Jammer2nd] C:\WINDOWS\Jammer2nd.exe
O4 - HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe
O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\msexploren.exe /i

O4 - HKLM\..\Run: [bxpbmk] c:\windows\system32\ogzeli.exe
O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\Run: [Z2q7RWJmP] audck32.exe
O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe

O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe

Reboot once more and post the resulting HijackThis log.
  • 0

#3
ahayto

ahayto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Nice one, thanks for replying so quickly,
I didnt delete the O4 - HKLM\..\Run: [Wm24Pan] Wm24Pan.Exe as this is the software for my external sound card...

Heres the new log:

Logfile of HijackThis v1.99.1
Scan saved at 16:02:46, on 20/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\Wm24Pan.Exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\windows\system32\epaesc.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [Wm24Pan] Wm24Pan.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iTunesHelper] __C:\Program Files\iTunes\iTunesHelper.exe__
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [tdgfdaw] c:\windows\system32\epaesc.exe
O4 - HKCU\..\Run: [Messenger] C:\PROGRA~1\LYCOSM~1\Messenger.exe runonboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Hmmm good thing you caught that.
The filename looks completely random and Google only generates one hit. Also in a HijackThis log
Do you have a name or a site where I can find more info?

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O4 - HKLM\..\Run: [tdgfdaw] c:\windows\system32\epaesc.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Regards,
  • 0

#5
ahayto

ahayto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok before I restart my comp, heres the link to the driver for wm24 pan...
http://www.esi-pro.com/download.php

Ill post the logs in a sec

cheers
  • 0

#6
ahayto

ahayto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I couldnt find this one so I didnt check it:
O4 - HKLM..Run [tdgfdaw] cwindowssystem32epaesc.exe

heres the logs:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 00:50:14, 21/05/2005
+ Report-Checksum: 528CECEF

+ Date of database: 20/05/2005
+ Version of scan engine: v3.0

+ Duration: 70 min
+ Scanned Files: 129486
+ Speed: 30.83 Files/Second
+ Infected files: 131
+ Removed files: 131
+ Files put in quarantine: 131
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\
H:\
I:\
J:\
K:\

+ Scan result:
C:\WINDOWS\system32\drivers\etc\HOSTS.bak -> Trojan.Qhost.av -> Cleaned with backup
C:\WINDOWS\system32\uninstaller.exe -> Spyware.WinAD.k -> Cleaned with backup
C:\WINDOWS\system32\ntplkgk.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\exul3.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\rtneg.dll -> Spyware.HotSearchBar.d -> Cleaned with backup
C:\WINDOWS\system32\thin-94-5-x-x.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\nsm3F.dll -> Spyware.Beginto.c -> Cleaned with backup
C:\WINDOWS\bafenqfkyvs.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Adam\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar.q -> Cleaned with backup
C:\Documents and Settings\Adam\Local Settings\Temp\qrsetupdir\Ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
C:\Documents and Settings\Adam\Local Settings\Temp\INV2.tmp -> Spyware.SafeSurfing.b -> Cleaned with backup
C:\Documents and Settings\Adam\Local Settings\Temp\INV1.tmp -> Spyware.SafeSurfing.b -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@cz8.clickzs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@cz3.clickzs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@cz6.clickzs[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@image.masterstats[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@c3.gostats[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter9.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@a[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@www.easypic[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@ehg-capitalgroup.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@c2.zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@S144839[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@S131596[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@www.star-adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@ehg-fastweb.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter2.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@sextracker[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter7.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter13.sextracker[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@xxxcounter[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@sexlist[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter3.sextracker[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@etype.adbureau[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@fcstats.bcentral[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@stats3.porntrack[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@ehg-dig.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@bilbo.counted[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter5.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter14.sextracker[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@dcs823bm8f9xjycc5zhlpa5uv_3x9d[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@dcszvdi9hoifwzj8z5nosjjah_6i9k[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@a[4].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@dcsx3ubt5frp17vrz5xs036pa_5j8u[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@www.popuptraffic[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter6.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter11.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@atdmt[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter8.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@doubleclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@bfast[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@ads.guardian.co[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@63161190[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@spylog[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[5].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@data.coremetrics[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter1.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@volcom[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter13.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@tradedoubler[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@cgi-bin[6].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter8.sextracker[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter4.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter14.sextracker[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter5.sextracker[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@hg1.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@cgi-bin[4].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter6.sextracker[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@servedby.netshelter[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter2.sextracker[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@as1.falkag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter7.sextracker[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@sexlist[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@counter3.sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@server.iad.liveperson[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@sextracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@servedby.advertising[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@mediaplex[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[4].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-7163a8c4.class -> TrojanDownloader.Small.WV -> Cleaned with backup
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-28c909f1-31dfce15.class -> Trojan.Nocheat -> Cleaned with backup
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ok.class-377e0ae3-748f141b.class -> Trojan.Nocheat -> Cleaned with backup
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-fb03fed-637d9eef.class -> Trojan.ClassLoader.Dummy.d -> Cleaned with backup
C:\Documents and Settings\Adam\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-718e098c-2e9e3a1a.class -> Trojan.ClassLoader.Dummy.d -> Cleaned with backup
C:\Program Files\Internet Explorer\svchost.exe -> TrojanSpy.Agent.dq -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F2987830-0D3D-42EB-93BA-7F992C\CBFCBB8A-D891-4251-8505-1B1969 -> Backdoor.Rbot.gq -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1DCEAF67-3549-4F98-AC48-CA4EE2\C8D3ACB8-E64C-4072-9DD3-85572D -> Spyware.PeopleOnPage -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1DCEAF67-3549-4F98-AC48-CA4EE2\1570DE6A-2F69-452C-AC94-A5015A -> Spyware.Apropos.e -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1DCEAF67-3549-4F98-AC48-CA4EE2\655B526F-00E9-44DB-B78B-006D9A -> Spyware.Apropos.f -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1DCEAF67-3549-4F98-AC48-CA4EE2\CC51900C-08B5-4C0A-AA4D-992FA3 -> Spyware.Apropos.f -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1DCEAF67-3549-4F98-AC48-CA4EE2\640F3051-FBC6-4D2F-95AD-125798 -> Spyware.Apropos.f -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CE8957CD-BFDB-41A2-893B-4C6CBF\655A8E12-3FF5-4C93-BDDE-B722A7 -> Spyware.TopMoxie -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CE8957CD-BFDB-41A2-893B-4C6CBF\743A9256-9048-4390-B9F2-365D40 -> Spyware.WebRebates.d -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CE8957CD-BFDB-41A2-893B-4C6CBF\CCDC7AF8-91C7-4889-A10A-D5F93C -> Spyware.WebRebates.d -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CE8957CD-BFDB-41A2-893B-4C6CBF\FC204F79-06D1-4950-89A4-17D95D -> Spyware.WebRebates.c -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2FF7EC0D-3760-4C7C-9031-C3A040\289D6BCF-8917-4AAA-8DE1-CC1817 -> Spyware.BargainBuddy -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2FF7EC0D-3760-4C7C-9031-C3A040\759B56A8-9A2A-4D74-8E52-4E9F1A -> Spyware.BargainBuddy.i -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2FF7EC0D-3760-4C7C-9031-C3A040\BC380F14-FB23-41F5-885C-AEEC71 -> Spyware.BargainBuddy.i -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2FF7EC0D-3760-4C7C-9031-C3A040\0A6EF9C9-6FC7-498A-B2FE-B5EB9B -> Spyware.BargainBuddy -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2FF7EC0D-3760-4C7C-9031-C3A040\D980B799-D081-435A-B979-DDE1DD -> Spyware.Bargainbuddy -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2FF7EC0D-3760-4C7C-9031-C3A040\EDFBD6B8-EC40-465E-9EC2-985FF1 -> Spyware.Bargainbuddy -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2FF7EC0D-3760-4C7C-9031-C3A040\8632BE59-87F7-4544-B30A-74819B -> Spyware.Bargainbuddy -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2FF7EC0D-3760-4C7C-9031-C3A040\A7EF62CF-F3E4-4916-ACAD-3126CD -> Spyware.Bargainbuddy -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4C9C5418-703E-4561-A3F8-783F78\29A75438-2605-4258-9FE0-E92CA7 -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\hijackthis\backups\backup-20050520-160017-957.dll -> Spyware.SafeSurfing.b1 -> Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 09:36:10, on 21/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Wm24Pan] Wm24Pan.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iTunesHelper] __C:\Program Files\iTunes\iTunesHelper.exe__
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKCU\..\Run: [Messenger] C:\PROGRA~1\LYCOSM~1\Messenger.exe runonboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
  • 0

#7
ahayto

ahayto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Just tried the task manager and happy to say its worked... also so far no aurora. Nice one. :tazz:

adam
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Log is clean too. Good job. :tazz:

Please do have a look at my site about removing and preventing spyware.

Also have a look here http://privacy.getne...cookiesadvanced (you had an awfull lot of spyware cookies.)

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP