Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help me with this PLEASE!


  • This topic is locked This topic is locked
5 replies to this topic

#1 zzhingara

zzhingara

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 26 July 2004 - 02:58 PM

:thumbsup: :flowers: :trumpet: :inlove:
i don't know what to do!!!!!!!!!!!!!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\myCIO\VScan\McShield.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\myCIO\Agent\myAgtSvc.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\FILECO~1\EACCEL~1\EANTHO~3.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Common Files\Dpi\dpi.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programmi\Common files\updmgr\updmgr.exe
C:\WINDOWS\myCIO\Agent\myagttry.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm.../www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: XTSearchHook Class - {6E6DD93E-1FC3-4F43-8AFB-1B7B90C9D3EB} - C:\Programmi\Sqwire\s.dll (file missing)
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: pk>pk>>>>>@_>x> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
O1 - Hosts: >>>>>>>>>>>>>>>>>>>>>>>>>>>
O1 - Hosts: j;@`; ;
O1 - Hosts: pmfpmf`mfufffsf fffffffffffffffffffffffffffff
O1 - Hosts: fffffffffffffffffffffffffff
O1 - Hosts: xm)xm) )))))))))))))))))))))))))))))
O1 - Hosts: )))))))))))))))))))))))))))
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {57462977-4030-8DE6-8330-34355B1BCA22} - C:\PROGRA~1\BROWSE~1\audio okay.exe
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\DAVIE~1.DIO\DATIAP~1\IESERV~1\IEService.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmi\Hotbar\bin\4.4.2.0\HbHostIE.dll (file missing)
O3 - Toolbar: &Search Toolbar - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\Programmi\Sqwire\t.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\FILECO~1\EACCEL~1\EANTHO~3.EXE /b Startup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dpi] C:\Programmi\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] C:\Programmi\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programmi\File comuni\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [BYTE SIXTH] C:\PROGRA~1\DARTSO~1\Media Body Admin.exe
O4 - HKLM\..\Run: [winactive] C:\Programmi\Window Active\winactive.exe
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Programmi\Sqwire\uc.exe
O4 - HKLM\..\Run: [SQConfigChecker] C:\Programmi\Sqwire\cc.exe
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\DAVIE~1.DIO\IMPOST~1\Temp\appCF.tmp
O4 - HKLM\..\Run: [poke axis stupid cake] C:\Documents and Settings\All Users\Dati applicazioni\heck32pokeaxis\infodefault.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ClientMan1] C:\Program Files\ClientMan\mscman.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\DAVIE~1.DIO\DATIAP~1\IESERV~1\IEService.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://64.237.46.147/it/wmdsms69x.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://66.240.140.205/webline/x/wmdsms106x.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install010.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vscan.saspens.it/VS2/bin/myCioAgt.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {560F0128-CF3D-4368-BEE9-326FBC3270E1} (PhotosCtrlIT Class) - http://it.f1.pg.photos.yahoo.com/ocx/it/yexplorer1_9it.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/281b7032cb651369b620/...RdxIE601_it.cab
O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/italy/TemplateGallery/msotd.cab
O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://216.65.38.226/Download_Plugin.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) - http://usa-download.nocreditcard.com/downl...ccessXP1042.cab
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/en/oneclick/uninstbb.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7633.4108101852
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://www.spywarelabs.com/ads/1402030731/...r1402030731.exe
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tdko.com
O17 - HKLM\Software\..\Telephony: DomainName = tdko.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{156B3567-1DC3-4277-BCB9-121971B8DF98}: Domain = tdko.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{984D5100-0917-4CDD-BFB8-E54228B5AC92}: Domain = tdko.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5F33509-2846-4796-9287-346DA272454D}: Domain = tdko.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tdko.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{156B3567-1DC3-4277-BCB9-121971B8DF98}: Domain = tdko.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tdko.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{156B3567-1DC3-4277-BCB9-121971B8DF98}: Domain = tdko.com

BC AdBot (Login to Remove)

 


#2 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 26 July 2004 - 03:51 PM

Wow, you have a lot going on there. Please download and clean your computer with this free program called Adaware.

Download Adaware (get the free edition)
http://www.lavasoft.de/software/adaware/
(choose download from the lefthand menu)

Be sure to UPDATE BEFORE SCANNING FIRST!! That is a very important step and I have included easy directions.

After download and installing first, please update the program. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen.

Next, go to Settings (the gear icon at the top) and then *Scanning* and checkmark these items so they will be green:

Scan within archives
Scan my IE Favorites for banned URLS
Scan my hosts file

Then click *proceed* to save settings.

Click on *Tweak* next. And checkmark to make this green also:

Automatically try to unregister objects prior to deletion

Click on *proceed*

Next, from the main screen, click on *Start* (lower righthand corner) and put a dot in the box next to *use Custom scanning options*, then click *Next* to start your scan.


After the scan is complete, click the "Next" button. Checkmark any items found after scanning to remove (this will actually put them in quarantine and can recover from backup if any should not be removed). A quick way is to Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.

Reboot your PC after cleaning with Adaware and scan again. Repeat the process until no further items are found as bad.

After that, please scan again with HijackThis and post a fresh log please.

#3 zzhingara

zzhingara
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 27 July 2004 - 04:28 PM

i've just finished to clean my pc with adaware.....this is the NEW result!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\myCIO\Agent\myagttry.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\myCIO\VScan\McShield.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\myCIO\Agent\myAgtSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: pk>pk>>>>>@_>x> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
O1 - Hosts: >>>>>>>>>>>>>>>>>>>>>>>>>>>
O1 - Hosts: j;@`; ;
O1 - Hosts: pmfpmf`mfufffsf fffffffffffffffffffffffffffff
O1 - Hosts: fffffffffffffffffffffffffff
O1 - Hosts: xm)xm) )))))))))))))))))))))))))))))
O1 - Hosts: )))))))))))))))))))))))))))
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {57462977-4030-8DE6-8330-34355B1BCA22} - C:\PROGRA~1\BROWSE~1\audio okay.exe
O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\DAVIE~1.DIO\DATIAP~1\IESERV~1\IEService.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe
O4 - HKLM\..\Run: [BYTE SIXTH] C:\PROGRA~1\DARTSO~1\Media Body Admin.exe
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\DAVIE~1.DIO\IMPOST~1\Temp\appCF.tmp
O4 - HKLM\..\Run: [poke axis stupid cake] C:\Documents and Settings\All Users\Dati applicazioni\heck32pokeaxis\infodefault.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\DAVIE~1.DIO\DATIAP~1\IESERV~1\IEService.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://64.237.46.147/it/wmdsms69x.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://66.240.140.205/webline/x/wmdsms106x.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vscan.saspens.it/VS2/bin/myCioAgt.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {560F0128-CF3D-4368-BEE9-326FBC3270E1} (PhotosCtrlIT Class) - http://it.f1.pg.photos.yahoo.com/ocx/it/yexplorer1_9it.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/281b7032cb651369b620/...RdxIE601_it.cab
O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/italy/TemplateGallery/msotd.cab
O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7633.4108101852
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab


:thumbsup:

#4 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 27 July 2004 - 07:12 PM

Great we are making progress. Please go to Add/Remove programs in your control panel. Un-install P2P Networking

Scan with HijackThis again and put checks next to the following items. Make sure you have NO browser windows open and click "Fix Checked":

O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: pk>pk>>>>>@_>x> >>>>> > >>>>>>>>>>>>>>>>>>>>>>>
O1 - Hosts: >>> > >>>>>>>>>>>>>>>>>>>>>>>
O1 - Hosts: j;@`; ;
O1 - Hosts: pmfpmf`mfufffsf fffff f ffffffffffffff
fffffffff
O1 - Hosts: fff f ffffffffffffffff
fffffff
O1 - Hosts: xm)xm) ))))) ) ))))))))))))))
)))))))))
O1 - Hosts: ))) ) ))))))))))))))))
)))))))
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

Do you know what this program is?
O4 - HKLM\..\Run: [BYTE SIXTH] C:\PROGRA~1\DARTSO~1\Media Body Admin.exe

O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\DAVIE~1.DIO\IMPOST~1\Temp\appCF.tmp
O4 - HKLM\..\Run: [poke axis stupid cake] C:\Documents and Settings\All Users\Dati applicazioni\heck32pokeaxis\infodefault.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://64.237.46.147/it/wmdsms69x.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://66.240.140.205/webline/x/wmdsms106x.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/281b7032cb651369b620/...RdxIE601_it.cab
O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab

Boot into safe mode http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
and show hidden files and folders http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=

Delete these files.
C:\WINDOWS\susp.exe
C:\WINDOWS\System32\P2P Networking\
C:\PROGRA~1\DARTSO~1\Media Body Admin.exe
C:\DOCUME~1\DAVIE~1.DIO\IMPOST~1\Temp\appCF.tmp
C:\Documents and Settings\All Users\Dati applicazioni\heck32pokeaxis\infodefault.exe

Scan for Viruses and common trojans online and free at one (preferably two) of these sites.

Panda's Active Scan
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro (PC-Chillin) - Free on-line Scan
http://housecall.antivirus.com

RAV Antivirus Online Scan
http://www.ravantivirus.com/scan/

eTrust AV web scanner (Computer Associates)
http://www3.ca.com/virusinfo/virusscan.aspx

Please reboot after each scan. Also, please note what is found by the scans and if the items were cleaned of not. Please post the results of the scans.

Reboot, scan with Hijackthis again and post a fresh log please

Edited by ColdinCbus, 27 July 2004 - 07:16 PM.


#5 zzhingara

zzhingara
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 29 July 2004 - 05:03 PM

ok.....this is the result.....

HOUSECALL:

2 infected files
BKDR RULEDOR.C non cleanable C:\windows\system32\ClrSchP012.dll
TROJ SWIZZOR.AD non cleanable C:\Media Body Admin.exe

RAVANTIVIRUS:

Scan started at 29/07/2004 21.24.55

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\davie.DIOMEDIPC\Impostazioni locali\Temp\twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\Documents and Settings\Pap\Impostazioni locali\Dati applicazioni\Microsoft\Internet Explorer\V0.15.dat - Trojan:Win32/Dialui.A -> Infected
C:\Programmi\backup-20040728-220010-695.dll - TrojanDownloader:Win32/Smfin.A -> Infected
C:\Programmi\Dart soap mix\weeujtmx.exe - TrojanDownloader:Win32/Swizzor.AE -> Infected
C:\WINDOWS\smfin32.exe - TrojanDownloader:Win32/Small.NE -> Infected
C:\WINDOWS\Downloaded Program Files\wmdsms69x.exe - Trojan:Win32/Dialer.A -> Infected
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\wmdsms69x.exe - Trojan:Win32/Dialer.A -> Infected
C:\WINDOWS\system32\ClrSchP012.dll - Backdoor:Win32/Ruledor.C -> Infected
C:\WINDOWS\system32\MSView.exe - PWS:Win32/Bispy -> Suspicious

Scanned
============================
Objects: 61204
Directories: 5239
Archives: 966
Size(Kb): 1467823
Infected files: 8

Found
============================
Viruses found: 7
Suspicious files: 1
Disinfected files: 0
Mail files: 1591


ETRUST AV WEB SCANNER

Scan Results: Scan Completed. 76632 files scanned. No viruses found.


and this is the new HijackThis

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\myCIO\VScan\McShield.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\myCIO\Agent\myAgtSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\myCIO\Agent\myagttry.exe
C:\WINDOWS\System32\dslagent.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm.../www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.irocciyxgqtydwgnqzggdd.com/l7mH...AtCDVLXCJQ.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {57462977-4030-8DE6-8330-34355B1BCA22} - C:\PROGRA~1\BROWSE~1\REFCLOCK.exe
O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\DAVIE~1.DIO\DATIAP~1\IESERV~1\IEService.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe
O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe
O4 - HKLM\..\Run: [BYTE SIXTH] C:\PROGRA~1\DARTSO~1\Media Body Admin.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~1\Toolbar\winnet.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\FILECO~1\EACCEL~1\EANTHO~1.EXE /b Startup
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [poke axis stupid cake] C:\Documents and Settings\All Users\Dati applicazioni\heck32pokeaxis\trayclose.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\DAVIE~1.DIO\DATIAP~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [media_manager] C:\Program Files\ebkrdr\mediaman.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vscan.saspens.it/VS2/bin/myCioAgt.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {560F0128-CF3D-4368-BEE9-326FBC3270E1} (PhotosCtrlIT Class) - http://it.f1.pg.photos.yahoo.com/ocx/it/yexplorer1_9it.cab
O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/italy/TemplateGallery/msotd.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7633.4108101852
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab


:thumbsup: a new problem.....when i start my pc...with RUNDLL
C:\progr~1\newdot~1\newdot~1.dll

ok.... :flowers:

#6 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 29 July 2004 - 08:29 PM

Interesting, You have more stuff on there than you did the last time.

1. Click on Start.
2. Select Settings.
3. Click on Control Panel.
4. Double-click on the Add/Remove Programs icon.
5. Select the New.net Application.
6. Click on the Add/Remove button.
7. Once the program has uninstalled, click on the OK button.

Boot into safe mode http://service1.symantec.com/SUPPORT/tsgen...999101916343139 and show hidden files and folders. http://service1.symantec.com/SUPPORT/tsgen...002092715262339

Scan with HijackThis and put checks next the the following entries. Make sure you have no browser windows open and you are not connected to the internet. Click "Fix Checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm.../www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.irocciyxgqtydwgnqzggdd.com/l7mH...AtCDVLXCJQ.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {57462977-4030-8DE6-8330-34355B1BCA22} - C:\PROGRA~1\BROWSE~1\REFCLOCK.exe
O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\DAVIE~1.DIO\DATIAP~1\IESERV~1\IEService.dll
O4 - HKLM\..\Run: [BYTE SIXTH] C:\PROGRA~1\DARTSO~1\Media Body Admin.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~1\Toolbar\winnet.exe
O4 - HKLM\..\Run: [poke axis stupid cake] C:\Documents and Settings\All Users\Dati applicazioni\heck32pokeaxis\trayclose.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\DAVIE~1.DIO\DATIAP~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [media_manager] C:\Program Files\ebkrdr\mediaman.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab

Delete
C:\Program Files\CommonName\ <-- folder
C:\Program Files\ezula\ <-- folder
C:\Program Files\ebkrdr\ <-- folder
C:\Documents and Settings\All Users\Dati applicazioni\heck32pokeaxis\ <-- folder
C:\Programmi\Dart soap mix\ <-- folder
C:\DOCUME~1\DAVIE~1.DIO\DATIAP~1\IESERV~1\IEService.exe
C:\windows\system32\ClrSchP012.dll
C:\Media Body Admin.exe
C:\WINDOWS\Downloaded Program Files\wmdsms69x.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\wmdsms69x.exe

While still in safe mode run Adaware scan per my instructions above.

Reboot and scan again with HijackThis. Make sure you post the entire log. This includes the very TOP that tells me what version of HijackThis and your operating system.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users