hi, this is a hijactthis log of my pc. Every few minutes avg will come on and show a pop3 attempt. THing is non of my mail program is open. what should I Do?

kenny



Logfile of HijackThis v1.99.1
Scan saved at 18:17:24, on 13/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\STT\STT Trainer\Server\STT Server\STT_Service.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3com\Launcher.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Common Files\3Com\LanSupportService.exe
C:\Program Files\3com\WLAN Manager\AllWirelessLansService.exe
C:\PROGRA~1\3com\WLANMA~1\Activate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\emule\emule.exe
C:\Program Files\EditPlus 2\editplus.exe
C:\Program Files\xampp\xampp-control.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wwwfind.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wwwfind.biz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.wwwfind.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wwwfind.biz
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.wwwfind.biz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O1 - Hosts: trainingvision.hopto.org localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6BF76808-ED62-48B0-D122-165509DA2E4F} - C:\WINDOWS\System32\aizz.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: 3Com Launcher.lnk = C:\Program Files\3com\Launcher.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {626FE447-E830-4F76-A024-41A20EEECF1A} (RyzeAddrCtrl Class) - http://www.ryze.com/RyzeAddr.CAB
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://rimoto.dyndns.biz/home/SonySncRz30View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122261937703
O16 - DPF: {97AFC0D9-660E-4ACE-B025-46FD64AE335A} (EmailImport.EmailImportControl) - http://www.friendster.com/emailimport/ms/emailimport.cab
O16 - DPF: {9ED44BE4-B6C1-4FAA-865C-F8AA234D28A2} - http://www.advnt01.com/dialer/internazionale_ver5.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.cab
O16 - DPF: {CDCC6BE5-720B-488D-A953-047E0598D996} (UpMan Class) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AllWirelessLansService - Unknown owner - C:\Program Files\3com\WLAN Manager\AllWirelessLansService.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\filezillaftp\filezillaserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: LanSupportService - Unknown owner - C:\Program Files\Common Files\3Com\LanSupportService.exe
O23 - Service: MySql - Unknown owner - C:/Program Files/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: STT Server (Stt_Server) - Unknown owner - C:\Program Files\STT\STT Trainer\Server\STT Server\STT_Service.exe

Hello

http://forums.spybot.info/showthread.php?t=4968 :scratch:

oh...I forgot to mention it's a different pc. If you go throught the hijackthis. You will see it's a different pc as in this post

http://forums.spybot.info/showthread.php?t=4968


cheers,

Indeed that is why I asked. ;)

Here you are kenny, in the previous post you are nick.


kenny


nick

Someone will assist you as soon as available.

thank you

any help?

Lonny has answered you; however please do not bump your topic.
See:
If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

Hi

Start Hijackthis and place a check next to these items If there.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wwwfind.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wwwfind.biz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.wwwfind.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wwwfind.biz
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.wwwfind.biz
O2 - BHO: (no name) - {6BF76808-ED62-48B0-D122-165509DA2E4F} - C:\WINDOWS\System32\aizz.dll (file missing)
O16 - DPF: {9ED44BE4-B6C1-4FAA-865C-F8AA234D28A2} - http://www.advnt01.com/dialer/internazionale_ver5.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/p...er/install.cab
====================================
Hit fix checked and close Hijackthis.

Post a report from preferably two free online scans
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button

Computer Associates eTrust AV Web Scanner: http://www3.ca.com/virusinfo/virusscan.aspx
select all drives, scan, Try to cure/repair, if it cannot choose delete! If it cannot delete tell us the files names and locations.

hello, thanks for your help. This is the report from panda. CA virus scan couldn't work. I can't believe there's so many spyware in my pc when I use spy boy and adware dilengetly.




Incident Status Location

Spyware:spyware/betterinet Not disinfected c:\windows\inf\satmat.inf
Adware:adware/effectivebrandtoolbar Not disinfected c:\windows\games.exe
Adware:adware/twain-tech Not disinfected c:\windows\satmat.ini
Adware:adware/searchrelevancy Not disinfected c:\program files\SearchRelevant
Adware:adware/wupd Not disinfected c:\program files\Windows AdStatus
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\kok pin\Application Data\Mozilla\Firefox\Profiles\68iqzrjg.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\kok pin\Application Data\Mozilla\Firefox\Profiles\68iqzrjg.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\kok pin\Application Data\Mozilla\Firefox\Profiles\68iqzrjg.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\kok pin\Application Data\Mozilla\Firefox\Profiles\68iqzrjg.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\kok pin\Application Data\Mozilla\Firefox\Profiles\68iqzrjg.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\kok pin\Application Data\Mozilla\Firefox\Profiles\68iqzrjg.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\kok pin\Application Data\Mozilla\Firefox\Profiles\68iqzrjg.default\cookies.txt[.belnk.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\kok pin\Application Data\Mozilla\Firefox\Profiles\68iqzrjg.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\kok pin\Application Data\Mozilla\Firefox\Profiles\68iqzrjg.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\nn\Cookies\nn@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nn\Cookies\nn@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\nn\Cookies\nn@dist.belnk[2].txt
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\Program Files\Serv-U\ServUDaemon.exe
Adware:Adware/MediaTickets Not disinfected C:\TEMP\jazz cs\WinAmp 3.0\wa3installalpha667.exe
Security Risk:HackTool/Gendel.A Not disinfected C:\WINDOWS\gendel32.exe
Adware:Adware/Xtray Not disinfected C:\WINDOWS\Temp\xtrayinst1.exe

Manualy delete >
C:\WINDOWS\gendel32.exe
c:\windows\inf\satmat.inf
c:\windows\games.exe
c:\windows\satmat.ini
c:\program files\SearchRelevant
c:\program files\Windows AdStatus
C:\TEMP\ < delete contents
C:\WINDOWS\Temp\ < delete contents


If the problems persist try a differant online scan
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

TrendMicro™ HouseCall Java Scan

Please go HERE (http://www.trendmicro.com/hc_intro/default.asp) to run the Trend Micro™ HouseCall Scan.
Click Scan now. It's free!
Read and put a Check next to Yes I accept the terms of use.
Click the Launching HouseCall>> button.
If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
You may receive a Security Warning about the TrendMicro Java applet, click YES.
Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
Please be patient while it installs, updates, and scans your system.
Once the scan is complete, it will take you to the summary page.
Under Cleanup options, choose clean all detected infections automatically.
Click the Clean now>> button.
If anything was found you will prompted to run the scan again, you can just close the browser window.

thanks loony. trend micro did not detect any virus but advice me to updates some microsoft security patches to eradicate vulnerabilities. Which I did

bellow are the findings from kapersky. But no cure was done by kapersky.


Scan Statistics
Total number of scanned objects 145295
Number of viruses found 3
Number of infected objects 5
Number of suspicious objects 5
Duration of the scan process 03:23:47

Infected Object Name Virus Name Last Action
C:\Documents and Settings\kok pin\.housecall\Quarantine\Dummy.class-4d4c8dcf-1d62f273.class.bac_a03136 Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\kok pin\.housecall\Quarantine\Dummy.class-6b6ec430-7e97e2db.class.bac_a03136 Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\kok pin\Local Settings\Application Data\Identities\{1F6DF1A6-3D1C-455D-9557-D48AF0BC67D5}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Davao M. Ingeniously" ][Date Tue, 10 Jan 2006 22:13:49 -0600]/UNNAMED/forex.exe Infected: Backdoor.Win32.Small.jg skipped
C:\Documents and Settings\kok pin\Local Settings\Application Data\Identities\{1F6DF1A6-3D1C-455D-9557-D48AF0BC67D5}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Davao M. Ingeniously" ][Date Tue, 10 Jan 2006 22:13:49 -0600]/UNNAMED Infected: Backdoor.Win32.Small.jg skipped
C:\Documents and Settings\kok pin\Local Settings\Application Data\Identities\{1F6DF1A6-3D1C-455D-9557-D48AF0BC67D5}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\kok pin\Local Settings\Application Data\Identities\{1F6DF1A6-3D1C-455D-9557-D48AF0BC67D5}\Microsoft\Outlook Express\esolutions.dbx/[From suryex@gmail.com][Date Tue, 13 Dec 2005 09:33:10 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\kok pin\Local Settings\Application Data\Identities\{1F6DF1A6-3D1C-455D-9557-D48AF0BC67D5}\Microsoft\Outlook Express\esolutions.dbx/[From suryex@gmail.com][Date Tue, 13 Dec 2005 09:33:10 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\kok pin\Local Settings\Application Data\Identities\{1F6DF1A6-3D1C-455D-9557-D48AF0BC67D5}\Microsoft\Outlook Express\esolutions.dbx/[From weileong@kian.com][Date Thu, 15 Dec 2005 18:16:29 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\kok pin\Local Settings\Application Data\Identities\{1F6DF1A6-3D1C-455D-9557-D48AF0BC67D5}\Microsoft\Outlook Express\esolutions.dbx/[From weileong@kian.com][Date Thu, 15 Dec 2005 18:16:29 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\kok pin\Local Settings\Application Data\Identities\{1F6DF1A6-3D1C-455D-9557-D48AF0BC67D5}\Microsoft\Outlook Express\esolutions.dbx Mail MS Outlook 5: suspicious - 4 skipped

Open outlook express and delete all sent emails, and all deleted items
edit > "empty deleted items folder"

Are the symtoms you mentioned in the first post still happening ?

i still get avg pop3 mailing popups sending mails to some unknown mail server.

I already as instruction by you.

thanks a again loony.

Id like you to post here
http://forum.grisoft.cz/freeforum/index.php?0

Let me know when you do, ill keep an eye on it.
Also tell them of this thread

soaps, Hows it going ?

hi loony,

sorry i took so long. here's the link to my post at the avg forum

http://forum.grisoft.cz/freeforum/read.php?4,71141,backpage=,sv=


soaps

Good

I see they suggest its emule

hi,

I found this http://forum.emule-project.net/lofiversion/index.php/t104870.html and this http://www.emule-project.net/home/perl/help.cgi?l=1&rm=show_topic&topic_id=313#mail explaining why sometimes emule activates the avg pop3.

bellow is an excerpt.

Top
My Firewall reports attacks or why does eMule send mails?
Software firewalls analyse traffic by looking over which ports the traffic is send. Many ports are commonly used only by certain applications. Emails for example usually uses port 110 to receive mails and port 25 to send mails. Also trojans and other pest software uses specific ports.
Now all ports are freely configurable in eMule and some users are setting them to ports which are normally used by other applications. This can mean that firewalls report attacks or think that eMule sends mails only because eMule has a connection on a certain port.
If you use the official eMule version you can rest assured that it will not send any unwanted information. Also for the current version 0.46c no exploits are known.

Thanks for posting that, Hopefully it will come in handy for our other users.

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).