Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Incredifind, Known Bad Sites, Sexvideo Pro Dialer, Etc.


  • This topic is locked This topic is locked
21 replies to this topic

#1 CeeQueue

CeeQueue

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 06 August 2007 - 12:17 AM

Please forgive me if I haven't done this right. I'm new to this whole thing.

I ran Spybot Search & Destroy and fixed everything it found. Spydoctor (free version) is still showing many, many infections, including the ones mentioned in the subject. I've tried to run AdAware repeatedly, but though it runs for over an hour, nothing seems to be happening and now I get an error message every time I try to scan.

I ran HijackThis and have copied my logfile below. I would really appreciate any advice or suggestions. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 1:17:15 AM, on 8/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
L:\WINNT\System32\smss.exe
L:\WINNT\system32\csrss.exe
L:\WINNT\system32\winlogon.exe
L:\WINNT\system32\services.exe
L:\WINNT\system32\lsass.exe
L:\WINNT\system32\svchost.exe
L:\WINNT\system32\spoolsv.exe
L:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
L:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
L:\WINNT\Explorer.EXE
L:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
L:\WINNT\System32\svchost.exe
L:\WINNT\system32\regsvc.exe
L:\WINNT\system32\MSTask.exe
L:\Program Files\Bell\Access Manager\app\TangoService.exe
L:\WINNT\System32\WBEM\WinMgmt.exe
L:\WINNT\system32\svchost.exe
L:\WINNT\system32\S3apphk.exe
L:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
L:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
L:\PROGRA~1\Grisoft\AVG7\avgcc.exe
L:\Program Files\Google\Gmail Notifier\gnotify.exe
L:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
L:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
L:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
L:\Program Files\Microsoft Office\Office\FINDFAST.EXE
L:\Program Files\Microsoft Office\Office\OSA.EXE
L:\Program Files\LimeWire\LimeWire.exe
L:\PROGRA~1\Bell\ACCESS~1\app\TangoManager.exe
L:\WINNT\system32\wuauclt.exe
L:\Program Files\Spyware Doctor\svcntaux.exe
L:\Program Files\Spyware Doctor\swdsvc.exe
L:\Program Files\Spyware Doctor\SDTrayApp.exe
L:\WINNT\explorer.exe
L:\Documents and Settings\Cheryl Quinn\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=L:\WINNT\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - L:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - l:\program files\google\googletoolbar3.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - L:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - l:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [CreateCD50] "L:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "L:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] L:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] L:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "L:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDTray] "L:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] L:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Access Manager.lnk = L:\Program Files\Bell\Access Manager\app\TangoManager.exe
O4 - Startup: LimeWire On Startup.lnk = L:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = L:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = L:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = L:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = L:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - L:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - L:\WINNT\web\related.htm
O12 - Plugin for .spop: L:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159825303940
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159825287867
O17 - HKLM\System\CCS\Services\Tcpip\..\{03194526-FB44-426A-84C4-A8C9FC04660F}: NameServer = 207.164.234.193 206.47.244.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{03194526-FB44-426A-84C4-A8C9FC04660F}: NameServer = 207.164.234.193 206.47.244.54
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - L:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - L:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - L:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - L:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - L:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - L:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - L:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - L:\WINNT\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:03 PM

Posted 17 August 2007 - 11:03 AM

Hi CeeQueue

Please post then spyware doctor report here :thumbsup:
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 CeeQueue

CeeQueue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 17 August 2007 - 08:23 PM

I've tried every way I can think of to figure out how to create a report from Spyware Doctor, but there doesn't seem to be a function to do that. Perhaps I would need to have a premium version or something??

I did make a screen copy of the results page and uploaded it. I hope that will be okay.

http://i189.photobucket.com/albums/z14/Cee...ydoc_report.jpg (in case the attachment doesn't work for some reason).

Thanks SO much for any help you can provide.

Attached Files



#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:03 PM

Posted 18 August 2007 - 03:54 AM

Hi

Those seems to be just cookies.

Let's do this next:

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.

For Internet Explorer 7
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete... under Browsing History.
  • Next to Temporary Internet Files, click Delete files, and then click OK.
  • Next to Cookies, click Delete cookies, and then click OK.
  • Next to History, click Delete history, and then click OK.
  • Click the Close button.
  • Click OK.
For Internet Explorer 4.x - 6.x
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
For Netscape 4.x and Up
  • Click Edit from the Netscape menubar.
  • Click Preferences... from the Edit menu.
  • Expand the Advanced menu by clicking the triangle sign.
  • Click Cache.
  • Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
  • Click Edit from the Mozilla menubar.
  • Click Preferences... from the Edit menu.
  • Expand the Advanced menu by clicking the plus sign.
  • Click Cache.
  • Click the Clear Cache button.
For Opera
  • Click File from the Opera menubar.
  • Click Preferences... from the File menu.
  • Click the History and Cache menu.
  • Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
  • Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Unselect Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Please post:
  • AVG Anti-Spyware log
  • A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 CeeQueue

CeeQueue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 18 August 2007 - 12:06 PM

I've been at this for over two hours now and haven't gotten past the first set of instructions! I've downloaded and installed AVG Anti-Spyware from the site given, but cannot get it to launch. I had the automatic launch box checked, but it didn't open. When I click on the icon on my desktop, the hourglass shows for a few seconds and then disappears and nothing happens. I downloaded it again, but the new file won't install. It opens the install wizard and then nothing happens. The status bar moves to one bar, but the details window remains empty. I then tried to uninstall the program thinking it might not reinstall if it recognizes a new copy there, but my uninstaller does the same thing as the installer -- it moves to one bar of progress showing and no activity in the details window.

I'm about to tear my hair out! Is it possible one of these malware programs has been set to prevent AVG or other anti-spyware programs from installing and/or running? I even had trouble doing a regular Microsoft update, but eventually got it to run. Ironically, it said one of the updates was a malicious program remover, but I can't find where to access this to run it.

I've rebooted my system 4 times now, as well.

I would greatly appreciate anything you can suggest to get past this apparent brick wall.

CQ

#6 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:03 PM

Posted 18 August 2007 - 12:09 PM

Hi

Well let's check it out:

* Download GMER from
here:
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#7 CeeQueue

CeeQueue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 18 August 2007 - 12:13 PM

WOW! That was a fast reply. I'll give it a try. Thanks SO much.

CQ

#8 CeeQueue

CeeQueue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 18 August 2007 - 12:34 PM

Here it is (worked fine):

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-18 13:39:45
Windows 5.0.2195 Service Pack 4


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

? srescan.sys The system cannot find the file specified.
.text NTDLL.DLL!NtCreateSection 77F88328 1 Byte [ E9 ]
.text NTDLL.DLL!NtCreateSection + 2 77F8832A 3 Bytes JMP CC867D39

---- User code sections - GMER 1.0.13 ----

.text L:\DOCUME~1\CHERYL~1\LOCALS~1\Temp\7zO11.tmp\gmer.exe[1496] ntdll.dll!NtCreateSection 77F88328 1 Byte [ E9 ]
.text L:\DOCUME~1\CHERYL~1\LOCALS~1\Temp\7zO11.tmp\gmer.exe[1496] ntdll.dll!NtCreateSection + 2 77F8832A 3 Bytes JMP CC867D39

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EDC5F950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EDC5FAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EDC5FE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EDC5FFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EDC5F950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EDC5FE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EDC5FFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EDC5FAC0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EDC5F950] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EDC5FFD0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EDC5FE70] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EDC6CFB0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EDC58570] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EDC584C0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EDC58670] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EDC581D0] \SystemRoot\System32\vsdatant.sys

---- User IAT/EAT - GMER 1.0.13 ----

IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA] [23021346] L:\WINNT\AppPatch\AcLayers.DLL
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] L:\WINNT\AppPatch\AcLayers.DLL
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] L:\WINNT\AppPatch\AcLayers.DLL
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [732E78DE] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [23021346] L:\WINNT\AppPatch\AcLayers.DLL
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [230214FD] L:\WINNT\AppPatch\AcLayers.DLL
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] L:\WINNT\AppPatch\AcLayers.DLL
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] L:\WINNT\AppPatch\AcLayers.DLL
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW] [230214FD] L:\WINNT\AppPatch\AcLayers.DLL
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\WININET.DLL [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\WININET.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [732E771E] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [732E78DE] L:\WINNT\system32\shim.dll
IAT L:\WINNT\Explorer.EXE[724] @ L:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] L:\WINNT\system32\shim.dll

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [EE524404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [EE110BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [EE110BC0] ikfileflt.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EDC6C8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EDC6C8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EDC6C8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EDC6C8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EDC6C8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EDC6C8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EDC6C8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EDC6C8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EDC6C8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [EDC6C8A0] vsdatant.sys

---- EOF - GMER 1.0.13 ----

#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:03 PM

Posted 18 August 2007 - 12:35 PM

Hi

That's clean

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
Microsoft MVP Consumer Security
Posted Image

Posted Image

#10 CeeQueue

CeeQueue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 18 August 2007 - 03:07 PM

Thanks again so much for your help. Here's the fresh HijackThis report, followed by the Kaspersky report:

Logfile of HijackThis v1.99.1
Scan saved at 4:10:39 PM, on 8/18/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
L:\WINNT\System32\smss.exe
L:\WINNT\system32\winlogon.exe
L:\WINNT\system32\services.exe
L:\WINNT\system32\lsass.exe
L:\WINNT\system32\svchost.exe
L:\WINNT\system32\spoolsv.exe
L:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
L:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
L:\WINNT\Explorer.EXE
L:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
L:\WINNT\System32\svchost.exe
L:\WINNT\system32\regsvc.exe
L:\WINNT\system32\MSTask.exe
L:\Program Files\Bell\Access Manager\app\TangoService.exe
L:\WINNT\System32\WBEM\WinMgmt.exe
L:\WINNT\system32\svchost.exe
L:\WINNT\system32\S3apphk.exe
L:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
L:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
L:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
L:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
L:\Program Files\Microsoft Office\Office\FINDFAST.EXE
L:\Program Files\Microsoft Office\Office\OSA.EXE
L:\PROGRA~1\Bell\ACCESS~1\app\TangoManager.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
L:\WINNT\system32\ZoneLabs\vsmon.exe
L:\Program Files\Grisoft\AVG7\avgcc.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
L:\Program Files\Google\Gmail Notifier\gnotify.exe
L:\WINNT\system32\notepad.exe
L:\Documents and Settings\Cheryl Quinn\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=L:\WINNT\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - L:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - l:\program files\google\googletoolbar3.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - L:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - l:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [CreateCD50] "L:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "L:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] L:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] L:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "L:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] L:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Access Manager.lnk = L:\Program Files\Bell\Access Manager\app\TangoManager.exe
O4 - Startup: LimeWire On Startup.lnk = L:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = L:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = L:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = L:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = L:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - L:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - L:\WINNT\web\related.htm
O12 - Plugin for .spop: L:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159825303940
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159825287867
O17 - HKLM\System\CCS\Services\Tcpip\..\{03194526-FB44-426A-84C4-A8C9FC04660F}: NameServer = 207.164.234.193 206.47.244.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{03194526-FB44-426A-84C4-A8C9FC04660F}: NameServer = 207.164.234.193 206.47.244.54
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - L:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - L:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - L:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - L:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - L:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - L:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - L:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - L:\WINNT\system32\ZoneLabs\vsmon.exe

______________________________________________________________________________________________

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 18, 2007 4:09:34 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/08/2007
Kaspersky Anti-Virus database records: 384925
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan Statistics:
Total number of scanned objects: 100313
Number of viruses found: 3
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 02:02:57

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Application Data\Identities\{7FC61440-FA6E-11D2-B059-CBA303AF4468}\Microsoft\Outlook Express\Deleted Items.dbx/[From "goldusa" <goldusa@email.msn.com>][Date Wed, 26 Apr 2000 17:58:07 -0500]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
C:\WINDOWS\Application Data\Identities\{7FC61440-FA6E-11D2-B059-CBA303AF4468}\Microsoft\Outlook Express\Deleted Items.dbx/[From "goldusa" <goldusa@email.msn.com>][Date Wed, 26 Apr 2000 17:58:07 -0500]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\WINDOWS\Application Data\Identities\{7FC61440-FA6E-11D2-B059-CBA303AF4468}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 2 skipped
I:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\41QR4TM7\fsc2k[1].htm Infected: Trojan-Downloader.JS.Cobase.a skipped
L:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
L:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
L:\Documents and Settings\Cheryl Quinn\Cookies\index.dat Object is locked skipped
L:\Documents and Settings\Cheryl Quinn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
L:\Documents and Settings\Cheryl Quinn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
L:\Documents and Settings\Cheryl Quinn\Local Settings\History\History.IE5\index.dat Object is locked skipped
L:\Documents and Settings\Cheryl Quinn\Local Settings\Temp\MotiveVNC\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
L:\Documents and Settings\Cheryl Quinn\Local Settings\Temp\~DF7DFA.tmp Object is locked skipped
L:\Documents and Settings\Cheryl Quinn\Local Settings\Temp\~DFE92A.tmp Object is locked skipped
L:\Documents and Settings\Cheryl Quinn\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
L:\Documents and Settings\Cheryl Quinn\NTUSER.DAT Object is locked skipped
L:\Documents and Settings\Cheryl Quinn\ntuser.dat.LOG Object is locked skipped
L:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped
L:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped
L:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
L:\WINNT\CSC\00000001 Object is locked skipped
L:\WINNT\Debug\ipsecpa.log Object is locked skipped
L:\WINNT\Debug\oakley.log Object is locked skipped
L:\WINNT\Debug\PASSWD.LOG Object is locked skipped
L:\WINNT\Internet Logs\DESKTOP.ldb Object is locked skipped
L:\WINNT\Internet Logs\IAMDB.RDB Object is locked skipped
L:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
L:\WINNT\SchedLgU.Txt Object is locked skipped
L:\WINNT\SoftwareDistribution\EventCache\{8E0315B1-C6F4-465D-A4B3-2645E3498B61}.bin Object is locked skipped
L:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
L:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
L:\WINNT\system32\config\default Object is locked skipped
L:\WINNT\system32\config\default.LOG Object is locked skipped
L:\WINNT\system32\config\SAM Object is locked skipped
L:\WINNT\system32\config\SAM.LOG Object is locked skipped
L:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
L:\WINNT\system32\config\SECURITY Object is locked skipped
L:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
L:\WINNT\system32\config\software Object is locked skipped
L:\WINNT\system32\config\software.LOG Object is locked skipped
L:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
L:\WINNT\system32\config\system Object is locked skipped
L:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
L:\WINNT\system32\spool\PRINTERS\00008.SPL Object is locked skipped
L:\WINNT\TangoManager.log Object is locked skipped
L:\WINNT\Temp\ZLT00189.TMP Object is locked skipped
L:\WINNT\Temp\ZLT00190.TMP Object is locked skipped
L:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

#11 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:03 PM

Posted 19 August 2007 - 03:57 AM

Hi

Empty Deleted items in Outlook

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Empty this folder:

I:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\

Please download ATF Cleaner by Atribune and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Still problems?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#12 CeeQueue

CeeQueue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 19 August 2007 - 11:45 AM

Thank you SO much. I ran a Spybot scan and it shows absolutely no threats on my system. I've posted a fresh HijackThis log below.

The only thing now is that AVG Anti-Spyware still doesn't open, can't be uninstalled or reinstalled without hanging. When I try to close the uninstall program after it has been stuck at one status bar for more than 10 minutes, I get a 'debugging' error message (i.e. it can't be closed because it's being debugged).

Should I contact Grissoft for help with that?

Other than that, everything seems to be running faster and the boot-up and shut-down delays have improved a great deal. I really appreciate your help.

Oh, one other thing...when I came back to Bleeping Computer to post this, the look of the site has changed dramatically! There are no frames around the posting area anymore -- they're just listed without the coloured backgrounds and keylines around the forum topics. Did one of the changes I made cause this?

CQ


Logfile of HijackThis v1.99.1
Scan saved at 12:25:37 PM, on 8/19/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
L:\WINNT\System32\smss.exe
L:\WINNT\system32\winlogon.exe
L:\WINNT\system32\services.exe
L:\WINNT\system32\lsass.exe
L:\WINNT\system32\svchost.exe
L:\WINNT\system32\ZoneLabs\vsmon.exe
L:\WINNT\system32\spoolsv.exe
L:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
L:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
L:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
L:\WINNT\System32\svchost.exe
L:\WINNT\Explorer.EXE
L:\WINNT\system32\regsvc.exe
L:\WINNT\system32\MSTask.exe
L:\Program Files\Bell\Access Manager\app\TangoService.exe
L:\WINNT\System32\WBEM\WinMgmt.exe
L:\WINNT\system32\svchost.exe
L:\WINNT\system32\S3apphk.exe
L:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
L:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
L:\PROGRA~1\Grisoft\AVG7\avgcc.exe
L:\Program Files\Google\Gmail Notifier\gnotify.exe
L:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
L:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
L:\Program Files\Microsoft Office\Office\FINDFAST.EXE
L:\Program Files\Microsoft Office\Office\OSA.EXE
L:\PROGRA~1\Bell\ACCESS~1\app\TangoManager.exe
L:\Program Files\Mozilla Firefox\firefox.exe
L:\WINNT\explorer.exe
L:\Documents and Settings\Cheryl Quinn\Desktop\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=L:\WINNT\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - L:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - l:\program files\google\googletoolbar3.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - L:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - L:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - l:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [CreateCD50] "L:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "L:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] L:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] L:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "L:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] L:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Access Manager.lnk = L:\Program Files\Bell\Access Manager\app\TangoManager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = L:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = L:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = L:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = L:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - L:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - L:\WINNT\web\related.htm
O12 - Plugin for .spop: L:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159825303940
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159825287867
O17 - HKLM\System\CCS\Services\Tcpip\..\{03194526-FB44-426A-84C4-A8C9FC04660F}: NameServer = 207.164.234.193 206.47.244.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{03194526-FB44-426A-84C4-A8C9FC04660F}: NameServer = 207.164.234.193 206.47.244.54
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - L:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - L:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - L:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - L:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - L:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - L:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - L:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - L:\WINNT\system32\ZoneLabs\vsmon.exe

#13 CeeQueue

CeeQueue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 19 August 2007 - 11:56 AM

After posting my comment above about the interface looking different on this site, I found that my Gmail won't load properly either. I get an error message that it's taking too long to load and I have the option of using a basic html view instead (which works). I tried again in IE6 and everything is fine there, so it must be something with my Firefox browser. Have you had this happen before with anyone? Should I contact them about the problem?

Thanks again,

CQ

#14 CeeQueue

CeeQueue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 19 August 2007 - 04:57 PM

I figured out that I needed to clear my cache on Firefox and now it's working fine. This site and my Gmail both look as they did before. So it's only the AVG problem I'm still having with the Anti-Spyware program that I downloaded yesterday that won't launch, uninstall or reinstall.

Thanks again.

CQ

#15 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:03 PM

Posted 20 August 2007 - 12:59 AM

Hi

So you can't uninstall it via add/remove programs?
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users