| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 67781 | 2006-04-05 14:07:00 | Spyware Quake problem- Hijack this log posted | Sick Puppy (6959) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 444283 | 2006-04-05 14:07:00 | :annoyed: :blush: :rolleyes: Ooh, I feel like such a newbie! I have somehow managed to get spyware quake on my machine- crashed out of Internet explorer with no warning and had two new icons appear on my desktop as well as an annoying flashing icon on my toolbar . (Mozilla for me now, methinks . . . !) Did a search on this forum and found a recent thread with the same problem, but figured that rather than hijack (no pun intended) the thread with my Hijack this! log, I would start a new thread and put my log in seperately . Darn it, I only updated everything on Friday! Computer Specs are Asus A6VM laptop, 1 . 73Ghz pentium M 740, 512MB Memory, 80GB HDD, Microsoft XP with SP2 pre loaded . Log is: Logfile of HijackThis v1 . 99 . 1 Scan saved at 00:42:59, on 06/04/2006 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Ahead\InCD\InCDsrv . exe C:\Program Files\Intel\Wireless\Bin\EvtEng . exe C:\Program Files\Intel\Wireless\Bin\S24EvMon . exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\ATKKBService . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe C:\Program Files\Common Files\LightScribe\LSSrvc . exe C:\WINDOWS\system32\nvsvc32 . exe C:\Program Files\Intel\Wireless\Bin\OProtSvc . exe C:\Program Files\Intel\Wireless\Bin\RegSrvc . exe C:\Program Files\ASUS\NB Probe\SPM\spmgr . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\UStorSrv . exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig . exe C:\WINDOWS\system32\ZONELABS\vsmon . exe C:\WINDOWS\ATK0100\HControl . exe C:\WINDOWS\RTHDCPL . EXE C:\Program Files\ASUS\Power4 Gear\BatteryLife . exe C:\Program Files\ASUS\NB Probe\NBProbe . exe C:\Program Files\ASUS\Wireless Console\wcourier . exe C:\Program Files\Synaptics\SynTP\SynTPLpr . exe C:\Program Files\Synaptics\SynTP\SynTPEnh . exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk . exe C:\Program Files\Intel\Wireless\Bin\EOUWiz . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe C:\Program Files\Ahead\InCD\InCD . exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ . exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe C:\Program Files\QuickTime\qttask . exe C:\Program Files\ASUS\Asus ChkMail\ChkMail . exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1 . exe C:\Program Files\WinZip\WZQKPICK . EXE C:\WINDOWS\ATK0100\ATKOSD . exe C:\WINDOWS\system32\mssearchnet . exe C:\WINDOWS\system32\nvctrl . exe C:\WINDOWS\system32\rundll32 . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\WINDOWS\system32\wuauclt . exe C:\Program Files\WinRAR\WinRAR . exe C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\Rar$EX09 . 765\Hi jackThis . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www . asus . com O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp711F . tmp O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar . dll O4 - HKLM\ . . \Run: [HControl] C:\WINDOWS\ATK0100\HControl . exe O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [RTHDCPL] RTHDCPL . EXE O4 - HKLM\ . . \Run: [Alcmtr] ALCMTR . EXE O4 - HKLM\ . . \Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU . exe O4 - HKLM\ . . \Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife . exe 1 O4 - HKLM\ . . \Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe . exe O4 - HKLM\ . . \Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier . exe O4 - HKLM\ . . \Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr . exe O4 - HKLM\ . . \Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh . exe O4 - HKLM\ . . \Run: [Zshutdown] c:\sysprep\patch\sysprep . cmd O4 - HKLM\ . . \Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc . exe O4 - HKLM\ . . \Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk . exe /tf Intel PROSet/Wireless O4 - HKLM\ . . \Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz . exe O4 - HKLM\ . . \Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe /STARTUP O4 - HKLM\ . . \Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck . exe O4 - HKLM\ . . \Run: [InCD] C:\Program Files\Ahead\InCD\InCD . exe O4 - HKLM\ . . \Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ . exe" O4 - HKLM\ . . \Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime O4 - Global Startup: ASUS ChkMail . lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail . exe O4 - Global Startup: Bluetooth Manager . lnk = ? O4 - Global Startup: WinZip Quick Pick . lnk = C:\Program Files\WinZip\WZQKPICK . EXE O4 - Global Startup: Adobe Reader Speed Launch . lnk = C:\Program Files\Adobe\Acrobat 7 . 0\Reader\reader_sl . exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR . DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O14 - IERESET . INF: START_PAGE_URL=http://www . asus . com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1143181161062" target="_blank">update . microsoft . com O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - . zonelabs . com/bin/promotions/spywaredetector/ICSScanner37610 . cab" target="_blank">download . zonelabs . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{3B8ACF0B-A47F-45B6-8EAE-40B21C91D474}: NameServer = 203 . 97 . 33 . 14 203 . 97 . 37 . 14 O17 - HKLM\System\CS1\Services\Tcpip\ . . \{3B8ACF0B-A47F-45B6-8EAE-40B21C91D474}: NameServer = 203 . 97 . 33 . 14 203 . 97 . 37 . 14 O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify . dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC . - C:\WINDOWS\ATKKBService . exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv . exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv . exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc . exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32 . exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc . exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc . exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon . exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr . exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv . exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon . exe Any help that can be given would be much appreciated- thank you! |
Sick Puppy (6959) | ||
| 444284 | 2006-04-05 18:26:00 | Here's a short list of the bad stuff you should remove . Reboot into safe mode and run HJT again, and click on these entries and remove them: C:\WINDOWS\system32\mssearchnet . exe C:\WINDOWS\system32\nvctrl . exe O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp711F . tmp O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar . dll These are trojans and trojan support stuff . . . get rid of them! You have a couple of questionables here also . . run the repair and post a new HJT scan again . . . . . |
SurferJoe46 (51) | ||
| 444285 | 2006-04-05 21:11:00 | Boot into safe mode, run hijackthis again tick these entries and tick fix checked. C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\system32\nvctrl.exe O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp711F.tmp O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll These dont have to run on startup. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE Then reboot. |
Speedy Gonzales (78) | ||
| 444286 | 2006-04-06 01:28:00 | Thanks Surfer Joe & Speedy, darn you guys are fast! :) I'll have a crack at them tonight and post the log ASAFP. | Sick Puppy (6959) | ||
| 444287 | 2006-04-06 01:36:00 | I usually wait for Sir Speedy to get these calls...but I waited a while and figgered he was on vacation or something so I thought I'd get the ball rolling.... | SurferJoe46 (51) | ||
| 444288 | 2006-04-06 01:45:00 | Hi Sick Puppy Many files from this infection get left behind.This is the best way to make sure they all get removed. Download smitRem.exe from noahdfear.geekstogo.com and save the file to your desktop. Doubleclick on the file and it will extract to it's own folder. Next, download the trial version of Ewido Security Suite from www.ewido.net and install it. When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu". Launch Ewido, (there should be an icon on your desktop, doubleclick it). The program will now go to the main screen. You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido. ewido manual updates (www.ewido.net). Do not run a scan yet. When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts) Open the smitRem folder and then doubleclick RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Run Ewido. Click on scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present. Reboot back into Windows and disable your antivirus program and go here www.bitdefender.com and run an online scan with BitDefender. When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. Save the scan log and post it here along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log. You may have to make a couple of posts to do this. |
Pancake (6359) | ||
| 444289 | 2006-04-06 09:31:00 | Okay, having a crack at this now- wish me luck! (and darn that bloody pop up thing is annoying!) Incidentally, I haven't been into hijack this enough to now how to so I may as well ask now- Speedy, when you say these things don't need to run on startup, what do I do to remove them? The same as the other programs? I mean, wouldnt the parent programs simply reinstall them whenever they are used/ updated (e.g. Nero, QuickTime, etc). Thanks Pancake for the additional info- will the downloading of these programs be affected by the virus on my PC already being there? |
Sick Puppy (6959) | ||
| 444290 | 2006-04-06 12:34:00 | Okay, :help: I went into Safemode and reran the scan- I don't think I have done it right . The two files in the C: Drive referred to were not in the list to be 'fix checked', so I deleted them from Explorer and then the recycle bin . As for the entries that begin with '02' and '03', I ticked these and they do not appear to be in the scan below . However, the 02 one (the only one in the scan) had a different number at the end- would I be right in assuming that the malware randomly changes this, or have I majorly screwed things up? Thing is, the flashing icon is still in the tool bar, the SpywareQuake icon is still on my desktop and the SpywareQuake program is is swimming I dont know where- I did an Explorer check, but could not find anything resemblng it- not exactly a big surprise I know- let's face it, if I could find the bugg*rs I would delete them, wouldn't I? :) So, here's the log- what have I missed, and what do I need to do now? Thanks y'all! Logfile of HijackThis v1 . 99 . 1 Scan saved at 23:08:41, on 06/04/2006 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Ahead\InCD\InCDsrv . exe C:\Program Files\Intel\Wireless\Bin\EvtEng . exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc . exe C:\Program Files\Intel\Wireless\Bin\S24EvMon . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\ATKKBService . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe C:\WINDOWS\ATK0100\HControl . exe C:\Program Files\Common Files\LightScribe\LSSrvc . exe C:\WINDOWS\RTHDCPL . EXE C:\Program Files\ASUS\ASUS Live Update\ALU . exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig . exe C:\Program Files\ASUS\Power4 Gear\BatteryLife . exe C:\Program Files\ASUS\NB Probe\NBProbe . exe C:\Program Files\ASUS\Wireless Console\wcourier . exe C:\Program Files\Synaptics\SynTP\SynTPLpr . exe C:\Program Files\Synaptics\SynTP\SynTPEnh . exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk . exe C:\WINDOWS\system32\nvsvc32 . exe C:\Program Files\Intel\Wireless\Bin\EOUWiz . exe C:\Program Files\Intel\Wireless\Bin\OProtSvc . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe C:\Program Files\Intel\Wireless\Bin\RegSrvc . exe C:\Program Files\Ahead\InCD\InCD . exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ . exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe C:\Program Files\QuickTime\qttask . exe C:\Program Files\ASUS\NB Probe\SPM\spmgr . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\UStorSrv . exe C:\Program Files\ASUS\Asus ChkMail\ChkMail . exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1 . exe C:\Program Files\WinZip\WZQKPICK . EXE C:\WINDOWS\system32\ZONELABS\vsmon . exe C:\WINDOWS\ATK0100\ATKOSD . exe C:\Program Files\HJT\HijackThis . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www . asus . com O4 - HKLM\ . . \Run: [HControl] C:\WINDOWS\ATK0100\HControl . exe O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [RTHDCPL] RTHDCPL . EXE O4 - HKLM\ . . \Run: [Alcmtr] ALCMTR . EXE O4 - HKLM\ . . \Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU . exe O4 - HKLM\ . . \Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife . exe 1 O4 - HKLM\ . . \Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe . exe O4 - HKLM\ . . \Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier . exe O4 - HKLM\ . . \Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr . exe O4 - HKLM\ . . \Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh . exe O4 - HKLM\ . . \Run: [Zshutdown] c:\sysprep\patch\sysprep . cmd O4 - HKLM\ . . \Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc . exe O4 - HKLM\ . . \Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk . exe /tf Intel PROSet/Wireless O4 - HKLM\ . . \Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz . exe O4 - HKLM\ . . \Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe /STARTUP O4 - HKLM\ . . \Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck . exe O4 - HKLM\ . . \Run: [InCD] C:\Program Files\Ahead\InCD\InCD . exe O4 - HKLM\ . . \Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ . exe" O4 - HKLM\ . . \Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient . exe O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime O4 - HKLM\ . . \Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake . exe /h O4 - Global Startup: ASUS ChkMail . lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail . exe O4 - Global Startup: Bluetooth Manager . lnk = ? O4 - Global Startup: WinZip Quick Pick . lnk = C:\Program Files\WinZip\WZQKPICK . EXE O4 - Global Startup: Adobe Reader Speed Launch . lnk = C:\Program Files\Adobe\Acrobat 7 . 0\Reader\reader_sl . exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR . DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O14 - IERESET . INF: START_PAGE_URL=http://www . asus . com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1143181161062" target="_blank">update . microsoft . com O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - . zonelabs . com/bin/promotions/spywaredetector/ICSScanner37610 . cab" target="_blank">download . zonelabs . com O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify . dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC . - C:\WINDOWS\ATKKBService . exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv . exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv . exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc . exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32 . exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc . exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc . exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon . exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr . exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv . exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon . exe |
Sick Puppy (6959) | ||
| 444291 | 2006-04-06 18:39:00 | If you are desperate to find out what is the content and result of your HJT log, you can check it up at this site: www.hijackthis.de | Renmoo (66) | ||
| 444292 | 2006-04-07 02:43:00 | Sick Puppy.Who's advice are you working with to clean your log ?. | Pancake (6359) | ||
| 1 2 3 | |||||