Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

TrojanDownloaderZlob

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

TrojanDownloaderZlob

Unread postby Ashen Shugar » June 11th, 2006, 12:16 pm

Hello! I have a major issue with Zlob, and I have been unable to remove it with Spyware Doctor although it does identify it, and none of the others worked either so here I am. It manifests in with the typical Virus Alert! Please download etc...

Kaspersky is reacting as well with
c:\windows\system32\acvgxw.dll
is potentially a dangerous program not virus Hoax.Win32.Renos.dj
explorer.exe[pid:1888]\acvgxw.dll
is potentially a dangerous program not virus Hoax.Win32.Renos.dj

but I am reluctant to use the delete option just like that.

Thanks a bunch!

Here's the H. log:

Logfile of HijackThis v1.99.1
Scan saved at 6:04:20 PM, on 6/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Utility\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
E:\Utility\Folding@Home\winFAH.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Utility\Folding@Home\FahCore_7a.exe
E:\Games\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\Utility\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\Utility\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Utility\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\Utility\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Utility\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8482069093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4566F71-7040-4DFF-8644-510422482F89}: NameServer = 194.106.162.2 194.106.162.10
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\System32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Utility\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Utility\Spyware Doctor\sdhelp.exe
O23 - Service: Yahoo Updater (Updater) - Unknown owner - C:\WINDOWS\System32\Messenger.exe" -netsvcs (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ashen Shugar
Active Member
 
Posts: 11
Joined: June 11th, 2006, 11:58 am
Advertisement
Register to Remove

Unread postby 'KotaGuy » June 11th, 2006, 8:19 pm

Hi Ashen!

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Ashen Shugar » June 12th, 2006, 6:04 am

Thank you for the quick reply! :) Yes, I had a feeling it was something like that with K so I didn't touch anything. Anyways, here it is:


SmitFraudFix v2.58

Scan done at 12:04:19.87, Mon 06/12/2006
Run from C:\Documents and Settings\Ana\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\acvgxw.dll FOUND !
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ana\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ana\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="acheweed"

[HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\System32\acvgxw.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\System32\acvgxw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Ashen Shugar
Active Member
 
Posts: 11
Joined: June 11th, 2006, 11:58 am

Unread postby amateur » June 13th, 2006, 1:49 pm

Hi AshenSugar,

Until 'KotaGuy gets back to you, you can go ahead and do the following:

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it

=====================================

Download and install Ewido Anti-Malware
During the installation, uncheck the following under Additional Options:
Install background guard
Install scan via context menu

Check for updates but do not run it yet.
Note: If you have problems with the updater, you can manually update Ewido.
Download ewido-signatures-full-current.exe from here and save to your Desktop.
All you need to do then is to double-click it, click Install and then when it has finished, Close.


======================================

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

===========================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

===========================================

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido and Reboot in Normal Mode.

===========================================

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

===========================================

Please post:
  • c:\rapport.txt
  • Ewido log
  • A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Ashen Shugar » June 13th, 2006, 4:02 pm

Whew! Just wanted to say no annoying pop up any more! Here are the logs:

c:\rapport.txt

SmitFraudFix v2.58

Scan done at 20:48:49.64, Tue 06/13/2006
Run from C:\Documents and Settings\Ana\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="acheweed"

[HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\System32\acvgxw.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\System32\acvgxw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\acvgxw.dll Deleted
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\acvgxw.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Ashen Shugar
Active Member
 
Posts: 11
Joined: June 11th, 2006, 11:58 am

Unread postby Ashen Shugar » June 13th, 2006, 4:05 pm

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:31:07 PM, 6/13/2006
+ Report-Checksum: AF16068B

+ Scan result:

:mozilla.21:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-1.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.401:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.692:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.728:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Ana\Application Data\Mozilla\Firefox\Profiles\ohvcu28v.default\cookies-2.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
C:\Program Files\Media-Codec -> Trojan.Small : Cleaned with backup
C:\Program Files\Media-Codec\uninst.exe -> Trojan.Small : Cleaned with backup
E:\My Documents\install\Games\gamehouse\Roller_Rush.exe -> Trojan.Ransom.a : Cleaned with backup
E:\Utility\Spyware Doctor\swdoctor.exe -> Trojan.Agent.sk : Cleaned with backup


::Report End
Ashen Shugar
Active Member
 
Posts: 11
Joined: June 11th, 2006, 11:58 am

Unread postby Ashen Shugar » June 13th, 2006, 4:08 pm

h log:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:44 PM, on 6/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
E:\Utility\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Utility\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
E:\Utility\Folding@Home\winFAH.exe
E:\Utility\Folding@Home\FahCore_7a.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Games\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program

Files\ICQToolbar\toolbaru.dll
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program

Files\DAP\DAPIEBar.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

E:\Utility\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

E:\Utility\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM

Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program

Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail

Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Utility\Kaspersky Lab\Kaspersky Anti-Virus Personal

Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk

Shared\acstart16.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy

Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program

Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

E:\Utility\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

E:\Utility\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -

http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupda ... 4848206909

3
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) -

http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4566F71-7040-4DFF-8644-510422482F89}: NameServer =

194.106.162.2 194.106.162.10
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk

Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - E:\Utility\ewido

anti-malware\ewidoctrl.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) -

C:\WINDOWS\System32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Utility\Kaspersky

Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -

E:\Utility\Spyware Doctor\sdhelp.exe
O23 - Service: Yahoo Updater (Updater) - Unknown owner - C:\WINDOWS\System32\Messenger.exe"

-netsvcs (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner -

C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ashen Shugar
Active Member
 
Posts: 11
Joined: June 11th, 2006, 11:58 am

Unread postby 'KotaGuy » June 13th, 2006, 4:41 pm

Thanks for the cover, amateur :)

Hi Ashen... sorry about the delay in a response from me... my modem blew up on me early yesterday morning... just got back online now.

Run and scan with HijackThis. Place a check beside the following:

O23 - Service: Yahoo Updater (Updater) - Unknown owner - C:\WINDOWS\System32\Messenger.exe" -netsvcs (file missing)

Close all open browsers and windows and click the Fix button. Then click the Config button. Then the Misc Tools button. Then the Delete an NT Service button. In the tesxt field type in Yahoo Updater and click ok.

Boot into Safe Mode. To do this:

1. Reboot your computer.
2. Tap the F8 button as your computer is booting to bring you to the Advanced Options Menu.
3. Select Safe Mode and press Enter.

Make sure no files will be hidden. To do this:

1. Click Start.
2. Open My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Click OK.

Search for and delete this file:

C:\WINDOWS\System32\Messenger.exe

Reboot Windows normally and post a new HJT log please.

I also noticed you have Download Accelerator Plus installed... is this the free version or paid for version?
Last edited by 'KotaGuy on June 13th, 2006, 5:16 pm, edited 1 time in total.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Ashen Shugar » June 13th, 2006, 5:16 pm

Hello, no problem! I have the same issues sometimes and amateur was really nice :)

Yes, free version, unfortunately. Should I get rid of it? I know there are issues with it.
Ashen Shugar
Active Member
 
Posts: 11
Joined: June 11th, 2006, 11:58 am

Unread postby 'KotaGuy » June 13th, 2006, 5:18 pm

I edited my reply above, Ashen... please follow those instructions.

If you have the free version of DAP... please uninstall it through Add/Remove Programs as well.

Thanks.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Ashen Shugar » June 13th, 2006, 5:50 pm

Okies, this is what happens:

- uninstalled DAP with no problem
- Messenger.exe is already deleted - thanks to Kaspersky and is currently only there in it's backup storage - I was reluctant to get rid of it even from there but if you say it;s ok I will
- I have problems with H.

- I followed your instructions, checked O23 - Service: Yahoo Updater (Updater).... and clicked on fix, that went ok but when I go to Config/Misc Tools and use the Delete an NT Service button I got this:

Service 'Yahoo Updater' was not found in the registry.
Make sure you entered the short name of the service., vbExe(something)

so I notice that the short name is the one in the () and typed just Updater and then I got a msg saying that it is in use and I should first use H to get rid of it (which is the first part of the process with H from what I understand). So I tried three times and no go, still getting this msg. Should I try safe mode?
Ashen Shugar
Active Member
 
Posts: 11
Joined: June 11th, 2006, 11:58 am

Unread postby 'KotaGuy » June 13th, 2006, 5:59 pm

OK... click Start>Run type in services.msc and hit Enter. Once the services list shows up... look for Yahoo Updater. Right click on it and choose Properties. Stop the service and change it Startup Type to Disabled.

You should then be able to proceed with the instructions to delete it using HJT's Delete an NT Service function.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Ashen Shugar » June 13th, 2006, 6:11 pm

Yes, that worked fine. It asked for confirmation and then for a restart.

This is the new h log:

Logfile of HijackThis v1.99.1
Scan saved at 12:10:53 AM, on 6/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
E:\Utility\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Utility\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
E:\Utility\Folding@Home\winFAH.exe
E:\Utility\Folding@Home\FahCore_7a.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Games\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\Utility\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\Utility\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Utility\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\Utility\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Utility\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8482069093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4566F71-7040-4DFF-8644-510422482F89}: NameServer = 194.106.162.2 194.106.162.10
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - E:\Utility\ewido anti-malware\ewidoctrl.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\System32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Utility\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Utility\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ashen Shugar
Active Member
 
Posts: 11
Joined: June 11th, 2006, 11:58 am

Unread postby 'KotaGuy » June 13th, 2006, 6:20 pm

Ok... looks better... just minor cleanup to do...

Run and scan with HiajckThis. Place a check beside the following:

O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll (file missing)

Close all open browsers and windows and click the Fix button.

Reboot and post a new HJT log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Ashen Shugar » June 13th, 2006, 6:33 pm

Done. And I don't know how to thank you for this really ...

h log:

Logfile of HijackThis v1.99.1
Scan saved at 12:32:06 AM, on 6/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
E:\Utility\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Utility\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
E:\Utility\Folding@Home\winFAH.exe
E:\Utility\Folding@Home\FahCore_7a.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\Utility\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\Utility\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Utility\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\Utility\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Utility\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8482069093
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4566F71-7040-4DFF-8644-510422482F89}: NameServer = 194.106.162.2 194.106.162.10
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - E:\Utility\ewido anti-malware\ewidoctrl.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\System32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Utility\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Utility\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ashen Shugar
Active Member
 
Posts: 11
Joined: June 11th, 2006, 11:58 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware