Jump to content


Photo

toolbar


  • Please log in to reply
8 replies to this topic

#1 lalenia

lalenia

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 05 October 2006 - 12:18 PM

When I connect to the internet I get this message to install a toolbar, I have run adaware but can`t get rid of it. http:web.links4all.biz and asks me if I want to install Toolbar888 publisher YAWSA LLC.I have downloaded hijack this but need further help as I am not sure which things I can delete with safety.
Thanks so much!

#2 spike-nz

spike-nz

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 3092 posts

Posted 05 October 2006 - 03:03 PM

Hi lalenia,

In order for the malware experts to assist you, please post scan-logs from both Ad-Aware and HijackThis, as set out in my post here: Unable to remove spywares Boran.g et Smitfraud-C (the 2nd post in the thread)

Once you have posted the logs, please do not "bump" your thread (by adding further posts), as the logs are read from oldest to newest. It may take a little while before an expert subscribes to your post, so your patience would be appreciated :)

Regards,

Spike

#3 lalenia

lalenia

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 05 October 2006 - 04:07 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:02:58, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\Lal\Bureaublad\Yinstall.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Common Files\{320D180E-0578-2067-0614-050315050020}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\DOCUME~1\Lal\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows APCI Verifier] dhcpserv.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Lal\Bureaublad\Yinstall.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\RunServices: [Windows APCI Verifier] dhcpserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

I added the other log onto this for adaware but it gave me an error message! zill try and send it again, THKS

#4 lalenia

lalenia

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 05 October 2006 - 04:09 PM

this is adaware it is huge!
avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on donderdag 5 oktober 2006 14:41:59
* VPS: 0640-3, 05/10/2006
*

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloader.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloader.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DeskMateTahni.zip\ac3_0010.exe [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DeskMateTahni.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\drsmartload1.exe [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SystemDoctor.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip\$_2341233.TMP [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip\ibm00003.exe [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig2.zip\$_2341234.TMP [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\UCmore.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\Y29DN3VH\Installer[1].exe [L] Win32:Lookme-gen [Adw] (0)
While moving file to chest, error occurred: Virus chest server is not running. RPC communication failed.
File was successfully renamed/moved...
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ac3_0010[1].exe [L] Win32:Small-BIW [Trj] (0)
File was successfully renamed/moved...
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\O34JU107\MTE3NDI6ODoxNg[1].exe [L] Win32:Trojano-2873 [Trj] (0)
File was successfully renamed/moved...
C:\Documents and Settings\Lal\passchk.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\pagefile.sys.vir [L] Win32:Sinowal-L [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].2.vir\[UPX] [L] Win32:Trojano-P [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\wqjbtp.exe.vir [L] Win32:Trojan-gen. {Other} (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\A0018849.exe.vir [L] Win32:Trojan-gen. {Other} (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNgnew.exe.vir [L] Win32:Trojano-2873 [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\warebundlenewer.exe.vir [L] Win32:Lookme-gen [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\Installer[1].exe.vir [L] Win32:Lookme-gen [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\ac3_0010[1].exe.vir [L] Win32:Small-BIW [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\UCMTSAIE.DLL.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\IUCMORE.DLL.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)
C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNg[1].exe.vir [L] Win32:Trojano-2873 [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\server2.exe.vir [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\UCMTSAIE.DLL.2.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\IUCMORE.DLL.2.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp [E] Archive is password protected. (42056)
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP197\A0017788.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP197\A0018801.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018970.exe [L] Win32:Small-BIW [Trj] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018983.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\FOUND.001\FILE0012.CHK\FILE0012 [E] GZIP archive is corrupted. (42129)
Infected files: 31
Total files: 121103
Total folders: 2528
Total size: 8,1 GB

*
* Task stopped: donderdag 5 oktober 2006 15:52:14
* Run-time was 1 hour(s), 10 minute(s), 15 second(s)
Thanks, hope you receive it ok!

#5 lalenia

lalenia

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 10 October 2006 - 07:00 PM

Hi Spike,
I am still waiting for a reply from my previos post dated the 5th October. Or maybe someone else will be able to help me.
Thanks

#6 spike-nz

spike-nz

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 3092 posts

Posted 11 October 2006 - 12:04 AM

Hi lalenia,

Once you have posted the logs, please do not "bump" your thread (by adding further posts), as the logs are read from oldest to newest. It may take a little while before an expert subscribes to your post, so your patience would be appreciated

The experts were almost up to your posting-date - now you have sent yourself to the end of the queue, by posting again - sorry :unsure:

Regards,

Spike

#7 jonhunt2000

jonhunt2000

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 November 2006 - 06:24 AM

Hi lalenia, The experts were almost up to your posting-date - now you have sent yourself to the end of the queue, by posting again - sorry ;)

Regards,

Spike


Note by Admin: Insults removed. This poster is on Moderator Preview indefinitely

Last ned CCleaner, og kjr en rens.

Oppdater AVG-antispyware

Kjr HJT og fjern:
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\bjoffe\winstall.exe

Srg for at du ser skjulte filer og mapper (kontrollpanel->Mappealternativer->Vis->"Vis skjulte filer og mapper"

Restart i sikker modus (tapp f8 under oppstart)

I utforsker sletter du fila (i bold)
C:\Documents and Settings\bjoffe\winstall.exe

Kjr en full scan med AVG

Restart i normal modus og post en ny HJT

Edited by LS CalamityJane, 05 December 2006 - 01:05 AM.


#8 spike-nz

spike-nz

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 3092 posts

Posted 28 November 2006 - 03:38 AM

Admin Note: Quote of insult removed

I regret that you feel so strongly about the wording of my post.

Blunt though it was (and yes, I admit that I could have softened the wording), it was the literal truth for the over-stretched resources of the forum at that time. To speed-up their assistance once an expert log-reader had subscribed to their topic, I asked posters to submit both Ad-Aware and HijackThis logs.

I also clearly requested that the Topics not be "bumped", as logs were read from oldest to newest. I also knew (from previous "behind-the-scenes" attempts to get "bumped" posts re-instated to their previous posting-date) that the "oldest to newest" policy of the forum was being strictly enforced.

Not being trained in reading logs myself, I gave lalenia an honest response.

Spike

Edited by LS CalamityJane, 05 December 2006 - 01:06 AM.


#9 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 05 December 2006 - 01:07 AM

Due to lack of response by the original poster, I am closing this thread.

If the original poster still needs assistance, please send me a private message and I will be happy to re-open it.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users