Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

xp invasion [RESOLVED]

Started by kgn , Aug 14 2005 08:57 AM

  • This topic is locked This topic is locked

#16
tampabelle
Posted 15 August 2005 - 08:39 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi kgn,

Can you run findLOP.bat again and post the resulting log here?? Also post a fresh HJT log

Need to ensure that nothing new has happened.
  • 0

Advertisements

#17
kgn
Posted 15 August 2005 - 08:53 AM

kgn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
hope this is wh[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A8461427918D92D3.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\kennea~1\applic~1\liveam~1\THAT NEW 4.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Ken Neale'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 08/15/2005 9:00:00
NextRun: 08/15/2005 11:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/14/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AA498E0B91963FF7.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\family\applic~1\liveam~1\THAT NEW 4.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'family'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 08/15/2005 9:00:00
NextRun: 08/15/2005 11:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/04/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AABB930C91800798.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\progra~1\liveam~1\THAT NEW 4.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Ken Neale'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/14/2004 21:59:59
NextRun: 08/15/2005 11:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/04/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


at you want
  • 0

#18
tampabelle
Posted 15 August 2005 - 08:54 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
The Hijack This log also please
  • 0

#19
kgn
Posted 15 August 2005 - 08:55 AM

kgn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
heres the HJ fileLogfile of HijackThis v1.99.1
Scan saved at 10:54:40 AM, on 8/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\downloaded files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vyuybhwng...mFE/Z09xjlB.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cgsl.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [LIU] C:\Program Files\Logitech\QuickCam\RUBICON.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LocksTheBaitCreative] C:\Documents and Settings\All Users\Application Data\BIB MIX LOCKS THE\Dent4.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

#20
tampabelle
Posted 15 August 2005 - 09:04 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Run Hijack This and click on scan. The following items need to be fixed -

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vyuybhwng...mFE/Z09xjlB.asp
O4 - HKLM\..\Run: [LocksTheBaitCreative] C:\Documents and Settings\All Users\Application Data\BIB MIX LOCKS THE\Dent4.exe


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).


Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

LIVEAMOKISO

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders -


c:\docume~1\kennea~1\applic~1\liveam~1
c:\docume~1\family\applic~1\liveam~1
c:\progra~1\liveam~1
C:\Documents and Settings\All Users\Application Data\BIB MIX LOCKS THE


Reboot the PC in Normal Mode.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#21
kgn
Posted 15 August 2005 - 09:32 AM

kgn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
here is the HJ log..panda workingLogfile of HijackThis v1.99.1
Scan saved at 11:31:45 AM, on 8/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\downloaded files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cgsl.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [LIU] C:\Program Files\Logitech\QuickCam\RUBICON.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

#22
kgn
Posted 15 August 2005 - 09:48 AM

kgn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi Tampabelle
There ia no liveamokiso to be found in add or remove programs in the control panel..what was that about settings and should be 3rd item?
  • 0

#23
kgn
Posted 15 August 2005 - 10:26 AM

kgn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
here is the latest HJT log ran after panda and panda to follow

Logfile of HijackThis v1.99.1
Scan saved at 12:24:12 PM, on 8/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\downloaded files\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cgsl.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [LIU] C:\Program Files\Logitech\QuickCam\RUBICON.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe



Edited the multiple HJT logs

Edited by tampabelle, 15 August 2005 - 10:46 AM.

  • 0

#24
tampabelle
Posted 15 August 2005 - 10:46 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Can you post the Panda scan report
  • 0

#25
kgn
Posted 15 August 2005 - 10:53 AM

kgn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
here it is
Incident Status Location

Adware:adware/savenow No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Documents and Settings\family\Application Data\stupid third balm\ENC SIGN.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\eolfcvge.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\fthumqlw.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\gram cdrom real setup.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\grpuadei.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\hcxmrhls.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\hjiexhkd.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\hpwgyurf.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\knbtipao.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\kogggmjr.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\ljadqfra.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\mawnrjwb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\rdtiqtmg.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\readme creative.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\THAT NEW 4.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\xxdyicei.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO\xzgnwtrq.exe
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\jayme\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-6e45c423.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\jayme\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-6e45c423.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\jayme\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-6e45c423.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\jayme\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-6e45c423.zip[Beyond.class]
Adware:Adware/Lop No disinfected C:\Documents and Settings\Ken Neale\Application Data\stupid third balm\WipeHole.exe
Adware:Adware/Lop No disinfected C:\Program Files\downloaded files\backups\backup-20050814-144926-555.dll
Adware:Adware/Lop No disinfected C:\Program Files\downloaded files\backups\backup-20050815-090241-936.dll
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc1.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\bibvjkdb.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\ddguaeil.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\ecnkgdvu.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\gram cdrom real setup.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\itbpxssn.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\nmzyfmmh.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\oprfbcbd.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\prhjbyiu.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\rdyqjyyy.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\THAT NEW 4.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\uiwpblxi.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\wburahlh.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\xwjhvzee.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\yauqimwh.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\yoiycjiv.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc2\zkkrofvk.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\bkdipbmh.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\ephaxuiv.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\glgytmrd.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\gram cdrom real setup.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\gxfvzmgt.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\jaejicdx.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\kfkehmmm.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\majzxvus.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\nelusvfa.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\pfuzymap.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\pygbeanh.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\readme creative.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\rzmheatk.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\sjawmcmx.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\THAT NEW 4.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\whnpgtol.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\xxohciuj.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc3\zzhucbwd.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc4\great part.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc4\Proc Funk.exe
Adware:Adware/Lop No disinfected C:\RECYCLER\S-1-5-21-1275210071-162531612-682003330-1003\Dc4\Win Iso.exe
Adware:Adware/Lop No disinfected C:\spy\backups\backup-20050711-110317-499.dll
  • 0

Advertisements

#26
tampabelle
Posted 15 August 2005 - 11:02 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi kgn,


Click on Start ----> Settings ----> Control panel. There will be an item called Java (with an icon resembling a coffee cup). Double click on it. This will open a new window. Click on the Update tab. Click on Update now.


Reboot the PC in Safe Mode.

Delete the following folders -

C:\Documents and Settings\family\Application Data\stupid third balm
C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO
C:\Documents and Settings\Ken Neale\Application Data\stupid third balm

In order to delete all these folders, you would need to log in as administratotr or you will have to

1) login as "family" and delete the folder C:\Documents and Settings\family\Application Data\stupid third balm

2) login as "Jayme" and delete the folder C:\Documents and Settings\jayme\Application Data\LIVEAMOKISO

3) login as "Ken Neale" and delete the folder C:\Documents and Settings\Ken Neale\Application Data\stupid third balm

Delete the following files -

C:\Program Files\downloaded files\backups\backup-20050814-144926-555.dll
C:\Program Files\downloaded files\backups\backup-20050815-090241-936.dll
C:\spy\backups\backup-20050711-110317-499.dll


Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log
  • 0

#27
kgn
Posted 15 August 2005 - 11:22 AM

kgn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:21:18 PM, on 8/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\downloaded files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cgsl.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [LIU] C:\Program Files\Logitech\QuickCam\RUBICON.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

here it is Thx
  • 0

#28
tampabelle
Posted 15 August 2005 - 01:17 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi kgn,

Your log looks fine. However, as a precaution, I want you to do the Panda scan again.

Post back the scan report please
  • 0

#29
kgn
Posted 15 August 2005 - 01:29 PM

kgn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
doing it now..
smiles
  • 0

#30
tampabelle
Posted 15 August 2005 - 01:52 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
ok
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP