Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fresh log file


  • This topic is locked This topic is locked
7 replies to this topic

#1 nokimos

nokimos

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 14 September 2005 - 10:04 AM

Hi again,
I followed the previous instructions given to me and am posting a new log here. I don't know if it affects this, but when i did a search for the winimsg.exe it turned up nothing....and the tool bar is still hanging around.

Logfile of HijackThis v1.99.1
Scan saved at 11:01:05 AM, on 9/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [logo cool store this] C:\Documents and Settings\All Users\Application Data\amen one logo cool\ARMY THIRD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slot...a-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/batt...x-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.com/applet-6.2.2.51/roul...e-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.5.42/chec...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.41/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.5.42/domi...o-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.5.28/supe...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.0.30/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.5.28/hear...s-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.1.34/pool...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.2.32/jigs...w-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.0.46/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.3.1.33/mahj...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.2.2.51/mlsl...s-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.5.28/free...l-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.3.3.27/peng...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.3.2.25/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.2.25/flin...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.2.5.42/pira...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.3.3.27/popp...a-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.5.42/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.29/popp...t-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/slot...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.2.1.41/spad...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.1.26/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.0.46/sque...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/swee...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.3.27/peak...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.1.26/jumb...e-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.3.27/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.2.25/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.3.2.32/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.21/worl...s-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb17.pogo.com/game/deluxe/insa...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2E48E74-32B0-497B-8CBD-202D5B0533D9}: NameServer = 207.61.64.103 209.167.105.10
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

BC AdBot (Login to Remove)

 


m

#2 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 15 September 2005 - 12:12 PM

Do NOT start another new topic.
Respond only in this thread by clicking the Posted Image button at the bottom of this page.



I still need to see these results that I asked for last time:

You had a previous lop infection.
Click here to download fl.zip to check for any remaining lop files.
Unzip then double click fl.bat to run it.
findlop.txt will open, you can close it for now.

Scan with hijackthis and post a fresh log.
Post the contents of findlop.txt at C:\findlop.txt
Posted Image

#3 nokimos

nokimos
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 17 September 2005 - 06:49 PM

Fresh scan.....hopefully done right this time.

Logfile of HijackThis v1.99.1
Scan saved at 7:46:59 PM, on 9/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [logo cool store this] C:\Documents and Settings\All Users\Application Data\amen one logo cool\ARMY THIRD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slot...a-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/batt...x-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.com/applet-6.2.2.51/roul...e-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.5.42/chec...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.41/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.5.42/domi...o-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.5.28/supe...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.0.30/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.5.28/hear...s-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.1.34/pool...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.2.32/jigs...w-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.0.46/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.3.1.33/mahj...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.2.2.51/mlsl...s-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.5.28/free...l-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.3.3.27/peng...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.3.2.25/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.2.25/flin...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.2.5.42/pira...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.3.3.27/popp...a-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.5.42/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.29/popp...t-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/slot...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.2.1.41/spad...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.1.26/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.0.46/sque...s-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.3.3.38/stax...x-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/swee...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.3.27/peak...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.1.26/jumb...e-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.3.27/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.2.25/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.3.2.32/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.21/worl...s-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb17.pogo.com/game/deluxe/insa...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2E48E74-32B0-497B-8CBD-202D5B0533D9}: NameServer = 207.61.64.103 209.167.105.10
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


Lop Notepad:
Volume in drive C has no label.
Volume Serial Number is F09B-4999

Directory of C:\Documents and Settings\All Users\Application Data

05/20/2005 04:39 PM <DIR> Adobe
08/28/2005 11:03 AM <DIR> amen one logo cool
09/16/2005 04:19 PM <DIR> AVG7
11/10/2004 05:22 PM <DIR> Grisoft
07/12/2005 06:33 PM <DIR> PopCap
06/20/2005 11:57 PM <DIR> QuickTime
09/10/2005 10:44 PM <DIR> Spybot - Search & Destroy
06/17/2005 04:00 PM <DIR> Trymedia
03/03/2005 05:14 PM <DIR> Viewpoint
09/06/2005 10:46 PM <DIR> Windows Genuine Advantage
0 File(s) 0 bytes
10 Dir(s) 23,829,270,528 bytes free
Volume in drive C has no label.
Volume Serial Number is F09B-4999

Directory of C:\Documents and Settings\Paula\Application Data

09/05/2005 09:44 PM <DIR> Adobe
04/08/2005 09:34 AM 871 AdobeDLM.log
08/31/2005 11:01 AM <DIR> AdobeUM
06/20/2005 11:56 PM <DIR> Apple Computer
01/05/2005 10:20 AM <DIR> AVG7
04/08/2005 09:34 AM 0 dm.ini
08/28/2005 11:03 AM <DIR> ERROR PART BORE
12/25/2004 11:13 AM <DIR> FotoWire
11/24/2004 09:48 AM <DIR> Help
11/10/2004 02:11 PM <DIR> Identities
09/06/2005 06:38 PM <DIR> knobnurb
09/06/2005 06:43 PM <DIR> Lavasoft
11/29/2004 05:10 PM <DIR> Macromedia
12/05/2004 01:34 PM <DIR> Mozilla
09/02/2005 10:36 PM <DIR> Real
12/10/2004 03:18 PM <DIR> Shareaza
12/05/2004 01:34 PM <DIR> Talkback
11/23/2004 03:01 PM <DIR> Template
03/03/2005 05:14 PM <DIR> Viewpoint
09/14/2005 07:28 PM 7,532 wklnhst.dat
3 File(s) 8,403 bytes
17 Dir(s) 23,829,270,528 bytes free
Volume in drive C has no label.
Volume Serial Number is F09B-4999

Directory of C:\Documents and Settings\Default User\Application Data

11/10/2004 08:27 AM <DIR> .
11/10/2004 08:27 AM <DIR> ..
11/10/2004 08:27 AM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 23,829,270,528 bytes free
Volume in drive C has no label.
Volume Serial Number is F09B-4999

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is F09B-4999

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'ACBEFC7D91896EF5.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\paula\applic~1\knobnurb\creative style close.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Paula'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 09/17/2005 19:00:00
NextRun: 09/17/2005 20:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/10/1998
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

#4 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 18 September 2005 - 12:28 PM

Fresh scan.....hopefully done right this time.

Yes, perfect. Continue to use the add reply button to keep all your posts in this thread.


You have a lop infection that has also created a task to run in task scheduler.
Let's remove the lop folders and delete the task.


Some files and folders may be hidden , change these settings to show them.
Open Windows Explorer & Go to Tools > Folder Options.
Click on the View tab
Place a checkmark at "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Uncheck "hide extensions for known file types"
click "Apply to all folders"
Click "Apply" then "OK"


Open notepad and copy and paste the contents of the quote box below to notepad.
In notepad click file, then save as
Name it remjob.bat , change the save as type to all files
Place it on your desktop, then double click remjob.bat to run it.
A command window will open and close quickly, which is normal.

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h ACBEFC7D91896EF5.job
del ACBEFC7D91896EF5.job


Scan with hijackthis and place a checkmark at this line:

O4 - HKLM\..\Run: [logo cool store this] C:\Documents and Settings\All Users\Application Data\amen one logo cool\ARMY THIRD.exe

Close all browsers and open windows, except hijackthis, and click fix checked.

Delete the following folders marked in bold:
C:\Documents and Settings\All Users\Application Data\amen one logo cool
C:\Documents and Settings\Paula\Application Data\ERROR PART BORE
C:\Documents and Settings\Paula\Application Data\knobnurb

Restart your system

Let's run findlop again.
Double click fl.bat to run it.
Post the contents of findlop.txt at C:\findlop.txt

Scan with hijackthis and post a fresh log.
Posted Image

#5 nokimos

nokimos
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 18 September 2005 - 02:03 PM

suggestions completed and new logs posted:

Logfile of HijackThis v1.99.1
Scan saved at 3:00:27 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slot...a-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.3.3.27/batt...x-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.com/applet-6.2.2.51/roul...e-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.5.42/chec...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.1.41/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.2.5.42/domi...o-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.5.28/supe...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.0.30/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.5.28/hear...s-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.1.34/pool...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.3.2.32/jigs...w-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.0.46/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.3.1.33/mahj...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.2.2.51/mlsl...s-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.34/paig...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.2.5.28/free...l-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.3.3.27/peng...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.3.2.25/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.2.25/flin...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.2.5.42/pira...d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.22/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.3.3.27/popp...a-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.5.42/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.1.1.29/popp...t-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.3.3.27/slot...z-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.2.1.41/spad...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.1.26/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.0.46/sque...s-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.3.3.38/stax...x-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.2.4.32/swee...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.3.27/peak...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.1.26/jumb...e-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.3.27/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.2.25/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.3.2.32/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.1.1.21/worl...s-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/grab/CLOAct...tallerProj1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb17.pogo.com/game/deluxe/insa...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2E48E74-32B0-497B-8CBD-202D5B0533D9}: NameServer = 207.61.64.103 209.167.105.10
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

Lop log:
Volume in drive C has no label.
Volume Serial Number is F09B-4999

Directory of C:\Documents and Settings\All Users\Application Data

05/20/2005 04:39 PM <DIR> Adobe
09/16/2005 04:19 PM <DIR> AVG7
11/10/2004 05:22 PM <DIR> Grisoft
07/12/2005 06:33 PM <DIR> PopCap
06/20/2005 11:57 PM <DIR> QuickTime
09/10/2005 10:44 PM <DIR> Spybot - Search & Destroy
06/17/2005 04:00 PM <DIR> Trymedia
03/03/2005 05:14 PM <DIR> Viewpoint
09/06/2005 10:46 PM <DIR> Windows Genuine Advantage
0 File(s) 0 bytes
9 Dir(s) 23,814,889,472 bytes free
Volume in drive C has no label.
Volume Serial Number is F09B-4999

Directory of C:\Documents and Settings\Paula\Application Data

09/05/2005 09:44 PM <DIR> Adobe
04/08/2005 09:34 AM 871 AdobeDLM.log
08/31/2005 11:01 AM <DIR> AdobeUM
06/20/2005 11:56 PM <DIR> Apple Computer
01/05/2005 10:20 AM <DIR> AVG7
04/08/2005 09:34 AM 0 dm.ini
12/25/2004 11:13 AM <DIR> FotoWire
11/24/2004 09:48 AM <DIR> Help
11/10/2004 02:11 PM <DIR> Identities
09/06/2005 06:43 PM <DIR> Lavasoft
11/29/2004 05:10 PM <DIR> Macromedia
12/05/2004 01:34 PM <DIR> Mozilla
09/02/2005 10:36 PM <DIR> Real
12/10/2004 03:18 PM <DIR> Shareaza
12/05/2004 01:34 PM <DIR> Talkback
11/23/2004 03:01 PM <DIR> Template
03/03/2005 05:14 PM <DIR> Viewpoint
09/14/2005 07:28 PM 7,532 wklnhst.dat
3 File(s) 8,403 bytes
15 Dir(s) 23,814,885,376 bytes free
Volume in drive C has no label.
Volume Serial Number is F09B-4999

Directory of C:\Documents and Settings\Default User\Application Data

11/10/2004 08:27 AM <DIR> .
11/10/2004 08:27 AM <DIR> ..
11/10/2004 08:27 AM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 23,814,881,280 bytes free
Volume in drive C has no label.
Volume Serial Number is F09B-4999

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is F09B-4999

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues

#6 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 18 September 2005 - 03:30 PM

Your log appears clean, no more lop.
Good job on the cleanup! :thumbsup:

How is your computer running now, any problems remaining?

Change back your hidden file settings:
Open Windows Explorer & Go to Tools > Folder Options.
Click on the View tab
Remove the checkmark at "Show hidden files and folders"
Check "Hide protected operating system files"
click "Apply to all folders"
Click "Apply" then "OK"


I use and recommend these free programs to help prevent malware from returning:

SpywareBlaster - Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.

Microsoft® Windows AntiSpyware (Beta)
Detects and removes known spyware from your system. Includes real time protection to monitor changes to your system and provides the option for you to allow or block the change.

IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer.

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
Posted Image

#7 nokimos

nokimos
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 20 September 2005 - 08:49 AM

Hi there!
My computer is running absolutely fabulously!!! Thanks you so much.........you work wonders!!!

I am looking into the links that you suggested....one last question....do you recommend using all those links? Or is it a pick and choose thing?

#8 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 20 September 2005 - 10:19 AM

I use all of the programs I listed, but of course that's up to you.

The microsoft antispyware will provide real time protection to compliment your antivirus.
It also has script blocking which some antivirus programs contain, but AVG free does not. ( I also run AVG free )

The other three I mentioned will help protect internet explorer from malicious sites and active x downloads.
They do not run in the background, but instead write information to the registry.
The browser will check that information before pages are allowed to load while surfing.


Glad we could help. :thumbsup:

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users