Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another Case of the w32.Myzor.FK@yf [RESOLVED]

Started by heyage13 , Oct 30 2006 10:01 AM

  • This topic is locked This topic is locked

#1
heyage13
Posted 30 October 2006 - 10:01 AM

heyage13

    Member

  • Member
  • PipPipPip
  • 132 posts
Seems like i've been infected with this virus somehow. I've already took the initiative to look at previous posts with the same virus in order to try and save you guys some time, however nothing seems to have workled.

Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:00:49 AM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\adriano\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...X78YSSWi06uvvA=
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30052A89-02DA-1033-0918-000928190001}\MyToolBar.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://campagna18.sp...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...8b3e6671c0f0c1f
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


Thnak you very much.
  • 0

Advertisements

#2
stonangel
Posted 30 October 2006 - 10:49 AM

stonangel

    Visiting Staff

  • Visiting Consultant
  • 429 posts
Welcome to Geeks to Go, heyage13.

* Please install an antivirus program from here:
Run a full scan. Let it quarantine/delete anything it finds. Let us know if there is anything that it reports but can not remove.

* Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#3
heyage13
Posted 30 October 2006 - 03:15 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
ok well thanks for the help so far...I Used Avasti to do a system scan and found some infections and deleted them.

Also ran smitfraud fix...heres the log file:


SmitFraudFix v2.117

Scan done at 16:14:20.77, Mon 10/30/2006
Run from C:\Documents and Settings\adriano\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\adriano


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\adriano\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\adriano\FAVORI~1

C:\DOCUME~1\adriano\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Safety Bar\ FOUND !
C:\Program Files\SpyQuake2.com\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Thnaks again
  • 0

#4
stonangel
Posted 30 October 2006 - 03:40 PM

stonangel

    Visiting Staff

  • Visiting Consultant
  • 429 posts
Hi heyage13,

* You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

* First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

* Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

* Reboot in Safe mode,

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the C:\rapport.txt, the AVG Anti-Spyware report scan and a new hijackthis log, please.

  • 0

#5
heyage13
Posted 30 October 2006 - 05:52 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Alrighty then...did everything you told me to do...and appreciate it all very much.

Here's the AVG Log:

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:35:37 PM 10/30/2006

+ Scan result:



C:\Program Files\Bouncer -> Adware.Bouncer : Cleaned with backup (quarantined).
C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Starware316\bin\Starware316.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{30052A89-02DA-1033-0918-000928190001}\MyToolBar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{80052A89-02DA-1033-0918-000928190001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{80052A89-02DA-1033-0918-000928190001}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Alexandra\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Error during cleaning.
C:\Documents and Settings\Alexandra\Start Menu\Programs\SpyQuake2.com -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\Alexandra\Start Menu\Programs\SpyQuake2.com\SpyQuake2.com 2.3 Website.lnk -> Adware.SpywareQuake : Error during cleaning.
C:\Documents and Settings\Alexandra\Start Menu\Programs\SpyQuake2.com\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Error during cleaning.
C:\Documents and Settings\Alexandra\Start Menu\Programs\SpyQuake2.com\Uninstall SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Error during cleaning.
C:\Documents and Settings\Alexandra\Start Menu\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Error during cleaning.
C:\System Volume Information\_restore{3AA00141-704C-42A4-812D-FA75039125D9}\RP280\A0040181.exe -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\EbayKeyword -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\EbayKeyword\EbayKeywordOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\EbayKeyword\EbayKeywordOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\EbaySearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\EbaySearch\EbaySearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\EbaySearch\EbaySearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Horoscopes -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Horoscopes\HoroscopesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Horoscopes\HoroscopesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\JokeSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\JokeSearch\JokeSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Pranks -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Pranks\PranksOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Pranks\PranksOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SearchMatch\searchMatchPages -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SearchMatch\searchMatchPages\_C1340214062241.html -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\αппα\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DC6_check -> Adware.Systemdoctor : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Companion Wizard\compwiz.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcp71.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\WinAntiVirus Pro 2006\msvcr71.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3AA00141-704C-42A4-812D-FA75039125D9}\RP279\A0040091.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3AA00141-704C-42A4-812D-FA75039125D9}\RP279\A0040092.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3AA00141-704C-42A4-812D-FA75039125D9}\RP280\A0040155.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3AA00141-704C-42A4-812D-FA75039125D9}\RP280\A0040156.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvrof.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\adriano\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[21].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[95].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\adriano\Cookies\adriano@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[9].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[85].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[24].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[4].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[19].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[23].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\adriano\Cookies\adriano@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[8].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[36].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[39].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[30].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\adriano\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[62].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[63].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[79].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[58].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[52].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\adriano\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\adriano\Cookies\adriano@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[16].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[25].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\αппα\Local Settings\Temp\Cookies\a__a@a[54].txt -> TrackingCookie.Zedo : Cleaned.


::Report end



Here's the Rapport Log made byu SmitfraudFix:

SmitFraudFix v2.117

Scan done at 17:35:19.58, Mon 10/30/2006
Run from C:\Documents and Settings\adriano\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\isnotify.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Safety Bar\ Deleted
C:\Program Files\SpyQuake2.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


And last but not least here my new Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:50:56 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\adriano\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...X78YSSWi06uvvA=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30052A89-02DA-1033-0918-000928190001}\MyToolBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://campagna18.sp...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...8b3e6671c0f0c1f
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe



There's everything ...hopefully all the malware is gone.

Thnaks again for the help
  • 0

#6
stonangel
Posted 31 October 2006 - 03:21 AM

stonangel

    Visiting Staff

  • Visiting Consultant
  • 429 posts
Hi heyage13,

Looks better :whistling:

* Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
* Please re-open HijackThis and scan. Check the below entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...X78YSSWi06uvvA=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30052A89-02DA-1033-0918-000928190001}\MyToolBar.dll (file missing)

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...8b3e6671c0f0c1f

Close any open windows except for HijackThis then click on Fix checked. Close the program.

* Restart your computer, reset your home page, post back a new hijackthis log for review and tell us how the computer is running now, please.

* What is this program: VSAdd-in for please?
  • 0

#7
heyage13
Posted 31 October 2006 - 10:27 AM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Alright well i havent updated my java just yet...ill do that after im done this reply.
My computer is running much smoother...no pop-ups or flashing spyware detected stuff going on.

As for the VS Add-In program, I couldnt bvegint o tell you what it is.

However, heres the new hijackthis log after fixing what u told me to:

Logfile of HijackThis v1.99.1
Scan saved at 11:23:25 AM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30052A89-02DA-1033-0918-000928190001}\MyToolBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://campagna18.sp...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#8
stonangel
Posted 31 October 2006 - 10:42 AM

stonangel

    Visiting Staff

  • Visiting Consultant
  • 429 posts
Hi heyage13,

* Please Go to Start> Control Panel> Add or Remove Programs and uninstall the following if listed:

VSAdd-in

Reboot afterwards.

* Please re-open HijackThis and scan. Check the below entries:

R3 - Default URLSearchHook is missing
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30052A89-02DA-1033-0918-000928190001}\MyToolBar.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll

Close any open windows except for HijackThis then click on Fix checked.

* Delete the following folder if still present:

C:\Program Files\VSAdd-in

* Restart in Normal mode and post back a new hijackthis log for review, please.
  • 0

#9
heyage13
Posted 31 October 2006 - 01:38 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
alright took out the VS-Addin program and removed the folder from Program Files

Here's the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:37:37 PM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\RunOnce: [Starware316Uninstall] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\A~NSISu_.exe" REBOOT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://campagna18.sp...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#10
stonangel
Posted 31 October 2006 - 01:45 PM

stonangel

    Visiting Staff

  • Visiting Consultant
  • 429 posts
Hi heyage13,

* Could you please post back a hijackthis log in Normal mode, please?
  • 0

Advertisements

#11
heyage13
Posted 31 October 2006 - 03:05 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Here's the new log when run in normal mode:

Logfile of HijackThis v1.99.1
Scan saved at 4:04:14 PM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\adriano\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://campagna18.sp...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#12
stonangel
Posted 31 October 2006 - 04:15 PM

stonangel

    Visiting Staff

  • Visiting Consultant
  • 429 posts
Hi heyage13,

* Please re-open HijackThis and scan. Check the below entry:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Close any open windows except for HijackThis then click on Fix checked. Reboot afterwards.

* Update your Java (see my post #6) and post back a last hijackthis log for review, please.
  • 0

#13
heyage13
Posted 31 October 2006 - 04:35 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
heres the new log after installing the new java runtime and fixing the RO lin e i n hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 5:34:24 PM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\adriano\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://campagna18.sp...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#14
stonangel
Posted 31 October 2006 - 04:36 PM

stonangel

    Visiting Staff

  • Visiting Consultant
  • 429 posts
Seems to be fine. How the computer is running now, please?
  • 0

#15
heyage13
Posted 31 October 2006 - 06:28 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
perfect...thank you very much for all the help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP