Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Log.. Plz Help


  • This topic is locked This topic is locked
8 replies to this topic

#1 ozkar

ozkar

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 24 September 2006 - 10:01 PM

Hi...

I just installed windows yesterday again.... and all of a sudden while i was installing the programs i get this message from Pc-illin Internet Security 2006:

Real-time Protection
Real-time Protection has detected a virus, spyware, or other security risk, and performed the action specified.

.
Action taken: Denied Access.
.
Incident name: C:\WINDOWS\system32\WinSecure.exe
Detection name: SPYW_ARDAMAX.G

I've ran scans with Pc-illin, Spybot S&D, Ad Aware SE Professional, yet it doesn't show anything about winsecure.exe

I've tried the secure shredder from Spybot S&D and Giant Antispyware, yet apparently it hasn't helped either.. I've erased the files for it comes accompanied with Winsecure.001; Winsecure.003; Winsecure.004; Winsecure.006 and Winsecure.007

But still everytime i turn on the computer it appears again and the pc-illin message appears and its getting annoying... I downloaded the program Hijackthis in order to make a log so someone can help me but although i haven't erased Winsecure, hijack this doesn't show it in the log..

Other thing.. I also get a popup about a firewall.exe. I don't know if that's a bad thing or if its a windows firewal thing so help there is also appreciated... Anyways here's the log i get... As i said before for some reason it doesn't detect the winsecure.exe

Logfile of HijackThis v1.99.1
Scan saved at 9:59:11 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\MediaKey\Versato.exe
C:\Program Files\MediaKey\MePlayer.exe
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\MediaKey\MailChk.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\instaladores\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Firewall.exe] C:\WINDOWS\system32\Firewall.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:56 AM

Posted 26 September 2006 - 12:29 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 ozkar

ozkar
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 27 September 2006 - 02:14 PM

Hey thanks a lot for the help... I did the Panda's Active Scan and it at least identified 2 of the files concerning Winsecure... Although not the Winsecure.exe...

Anyways here's the report:


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.com.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.bfast.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ozcar\Application Data\Mozilla\Firefox\Profiles\st0900bl.default\cookies.txt[server.iad.liveperson.net/hc/80147932]
Potentially unwanted tool:Application/Ardamax Not disinfected C:\WINDOWS\system32\WinSecure.003
Potentially unwanted tool:Application/Ardamax Not disinfected C:\WINDOWS\system32\WinSecure.004
Adware:Adware/Veevo Not disinfected D:\instaladores\kdap223h.exe[kdp107.dll]


And here's the new Hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 2:10:00 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\MediaKey\Versato.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MediaKey\MePlayer.exe
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\MediaKey\MailChk.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\SuperAdBlocker\SAdBlock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\VLC\vlc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\instaladores\HijackThis.exe

O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\SABBHO.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\sabtb.dll (file missing)
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKCU\..\Run: [SuperAdBlocker] D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\SAdBlock.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SABWinLogon - D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\SABWINLO.DLL (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\SABSVC.EXE (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:56 AM

Posted 27 September 2006 - 05:33 PM

Ok, let's knock it out. :thumbsup:

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\SABBHO.dll (file missing)
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\sabtb.dll (file missing)



===============


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\system32\WinSecure.exe
    C:\WINDOWS\system32\WinSecure.003
    C:\WINDOWS\system32\WinSecure.004
    D:\instaladores\kdap223h.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
==============



Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.
Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 ozkar

ozkar
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 29 September 2006 - 09:42 PM

Ok... i did everything you did and apparently the Winsecure thing is gone.... Although when i ran the scan with Counterspy some of the winsecure related files like Winsecure.001 appeared on the Killbox folder... But it hasn't bothered me anymore... So on that part thanks a lot...

Here's the details from the Counterspy scan.... I've got one question... I put ignore on the msn plus thing and the download accelerator thing... Was that ok.. or should've i removed what i said??

So here's the details... its long due to msn plus live and dap stuff it found so this will be separated in 2 posts..

Spyware Scan Details
Start Date: 9/29/2006 8:36:13 PM
End Date: 9/29/2006 9:01:52 PM
Total Time: 25 mins 39 secs

Detected spyware

Messenger Plus! Adware Bundler more information...
Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com.
Status: Ignored

Infected files detected
c:\program files\messenger plus! live\msgpluslive.dll
c:\program files\messenger plus! live\detoured.dll
c:\program files\messenger plus! live\msgplusliveres.dll
c:\program files\messenger plus! live\events style sheet.xsl
c:\program files\messenger plus! live\lame_enc.dll
c:\program files\messenger plus! live\libsndfile.dll
c:\program files\messenger plus! live\log viewer.exe
c:\program files\messenger plus! live\mpscripts.dll
c:\program files\messenger plus! live\mptools.exe
c:\program files\messenger plus! live\uninstall.exe
c:\program files\messenger plus! live\languages\lng_catalan.ini
c:\program files\messenger plus! live\languages\lng_chinesesimplified.ini
c:\program files\messenger plus! live\languages\lng_chinesetraditional.ini
c:\program files\messenger plus! live\languages\lng_danish.ini
c:\program files\messenger plus! live\languages\lng_default.ini
c:\program files\messenger plus! live\languages\lng_dutch.ini
c:\program files\messenger plus! live\languages\lng_estonian.ini
c:\program files\messenger plus! live\languages\lng_finnish.ini
c:\program files\messenger plus! live\languages\lng_french.ini
c:\program files\messenger plus! live\languages\lng_german.ini
c:\program files\messenger plus! live\languages\lng_hungarian.ini
c:\program files\messenger plus! live\languages\lng_italian.ini
c:\program files\messenger plus! live\languages\lng_japanese.ini
c:\program files\messenger plus! live\languages\lng_korean.ini
c:\program files\messenger plus! live\languages\lng_norwegian.ini
c:\program files\messenger plus! live\languages\lng_portuguese.ini
c:\program files\messenger plus! live\languages\lng_spanish.ini
c:\program files\messenger plus! live\languages\lng_thai.ini


WHAT CONTINUED HERE WAS REAAAALY LONG FOR IT REFERRED TO CHATLOGS AND IMAGES SO IT WOULDN'T HAVE FITTED IN ONE POST... but if you want me to post it all i will.. it would be like 3 posts in that case...

Download Accelerator Plus Low Risk Adware more information...
Details: Download Accelerator Plus (DAP) is an advertising-supported download manager program from SpeedBit.com.
Status: Ignored

Infected files detected
c:\program files\dap\dapie.dll
c:\program files\dap\dapns.dll
c:\program files\dap\dapiebar.dll
c:\program files\dap\restartapp.exe
c:\program files\dap\dapres.dll
c:\program files\dap\dapm_context_games.dll
c:\program files\dap\dapres32.dll
c:\program files\dap\cabex.dll
c:\program files\dap\dapop.dll
c:\program files\dap\dapupd.exe
c:\program files\dap\dapm_amdc.dll
c:\program files\dap\dapm_ftp.dll
c:\program files\dap\dapbho.dll
c:\program files\dap\dap.exe
C:\Program Files\DAP\Skins\dap\DAP.uis

Infected registry entries detected
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\&download with &dap
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\&download with &dap contexts 34
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\&download with &dap C:\Program Files\DAP\dapextie.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP C:\Program Files\DAP\dapextie2.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP contexts 243
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers application/x-speedbit-daf
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers application/x-speedbit-dal
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers application/x-speedbit-das
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Viewers application/x-speedbit-skin
HKEY_CLASSES_ROOT\clsid\{5bfa1daf-5edc-11d2-959e-00c00c02da5e}
HKEY_CLASSES_ROOT\clsid\{5bfa1daf-5edc-11d2-959e-00c00c02da5e}\InprocServer32 C:\Program Files\DAP\DAPIE.DLL
HKEY_CLASSES_ROOT\clsid\{5bfa1daf-5edc-11d2-959e-00c00c02da5e}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{5bfa1daf-5edc-11d2-959e-00c00c02da5e}\ProgID DAPIE.DownloadAcceleratorIE.1
HKEY_CLASSES_ROOT\clsid\{5bfa1daf-5edc-11d2-959e-00c00c02da5e}\TypeLib {5BFA1DA1-5EDC-11D2-959E-00C00C02DA5E}
HKEY_CLASSES_ROOT\clsid\{5bfa1daf-5edc-11d2-959e-00c00c02da5e}\VersionIndependentProgID DAPIE.DownloadAcceleratorIE
HKEY_CLASSES_ROOT\clsid\{5bfa1daf-5edc-11d2-959e-00c00c02da5e} DownloadAcceleratorIE Class
HKEY_CLASSES_ROOT\clsid\{8110aea1-ad5b-4b90-883f-04a9a33b106e}
HKEY_CLASSES_ROOT\clsid\{8110aea1-ad5b-4b90-883f-04a9a33b106e}\InprocServer32 C:\Program Files\DAP\DAPIE.DLL
HKEY_CLASSES_ROOT\clsid\{8110aea1-ad5b-4b90-883f-04a9a33b106e}\InprocServer32 ThreadingModel both
HKEY_CLASSES_ROOT\clsid\{8110aea1-ad5b-4b90-883f-04a9a33b106e}\ProgID Dapie.Catcher.1
HKEY_CLASSES_ROOT\clsid\{8110aea1-ad5b-4b90-883f-04a9a33b106e}\VersionIndependentProgID Dapie.Catcher
HKEY_CLASSES_ROOT\clsid\{8110aea1-ad5b-4b90-883f-04a9a33b106e} Catcher Class
HKEY_CLASSES_ROOT\clsid\{9738b9e6-8afa-11d2-959e-444553540002}
HKEY_CLASSES_ROOT\clsid\{9738b9e6-8afa-11d2-959e-444553540002}\InProcServer32 C:\Program Files\DAP\DAPNS.DLL
HKEY_CLASSES_ROOT\clsid\{9738b9e6-8afa-11d2-959e-444553540002}\ProgID DAPNS.Protocol.1
HKEY_CLASSES_ROOT\clsid\{9738b9e6-8afa-11d2-959e-444553540002} DAPNS.Protocol.1
HKEY_CLASSES_ROOT\daffile\DefaultIcon
HKEY_CLASSES_ROOT\daffile\DefaultIcon C:\Program Files\DAP\DAP.EXE
HKEY_CLASSES_ROOT\daffile\shell\open\command
HKEY_CLASSES_ROOT\daffile\shell\open\command C:\Program Files\DAP\DAP.EXE DAF:"%l"
HKEY_CLASSES_ROOT\daffile
HKEY_CLASSES_ROOT\daffile\DefaultIcon C:\Program Files\DAP\DAP.EXE
HKEY_CLASSES_ROOT\daffile\shell\open\command C:\Program Files\DAP\DAP.EXE DAF:"%l"
HKEY_CLASSES_ROOT\daffile Download Accelerator file
HKEY_CLASSES_ROOT\daffile EditFlags
HKEY_CLASSES_ROOT\dalfile\DefaultIcon
HKEY_CLASSES_ROOT\dalfile\DefaultIcon C:\Program Files\DAP\DAP.EXE
HKEY_CLASSES_ROOT\dalfile\shell\open\command
HKEY_CLASSES_ROOT\dalfile\shell\open\command C:\Program Files\DAP\DAP.EXE DAL:"%l"
HKEY_CLASSES_ROOT\dalfile
HKEY_CLASSES_ROOT\dalfile\DefaultIcon C:\Program Files\DAP\DAP.EXE
HKEY_CLASSES_ROOT\dalfile\shell\open\command C:\Program Files\DAP\DAP.EXE DAL:"%l"
HKEY_CLASSES_ROOT\dalfile Download Accelerator file list
HKEY_CLASSES_ROOT\dalfile EditFlags
HKEY_CLASSES_ROOT\DAPIE.DownloadAcceleratorIE.1
HKEY_CLASSES_ROOT\DAPIE.DownloadAcceleratorIE.1\CLSID {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}
HKEY_CLASSES_ROOT\DAPIE.DownloadAcceleratorIE.1 DownloadAcceleratorIE Class
HKEY_CLASSES_ROOT\DAPNS.Protocol.1
HKEY_CLASSES_ROOT\DAPNS.Protocol.1\CLSID {9738B9E6-8AFA-11D2-959E-444553540002}
HKEY_CLASSES_ROOT\DAPNS.Protocol.1 DAPNS.Protocol.1
HKEY_CLASSES_ROOT\dasfile\DefaultIcon
HKEY_CLASSES_ROOT\dasfile\DefaultIcon C:\Program Files\DAP\DAP.EXE
HKEY_CLASSES_ROOT\dasfile\shell\open\command
HKEY_CLASSES_ROOT\dasfile\shell\open\command C:\Program Files\DAP\DAP.EXE DAS:"%l"
HKEY_CLASSES_ROOT\dasfile
HKEY_CLASSES_ROOT\dasfile\DefaultIcon C:\Program Files\DAP\DAP.EXE
HKEY_CLASSES_ROOT\dasfile\shell\open\command C:\Program Files\DAP\DAP.EXE DAS:"%l"
HKEY_CLASSES_ROOT\dasfile Download Accelerator file
HKEY_CLASSES_ROOT\dasfile EditFlags
HKEY_CLASSES_ROOT\dzsfile\DefaultIcon
HKEY_CLASSES_ROOT\dzsfile\DefaultIcon C:\Program Files\DAP\DAP.EXE
HKEY_CLASSES_ROOT\dzsfile\shell\open\command
HKEY_CLASSES_ROOT\dzsfile\shell\open\command C:\Program Files\DAP\DAP.EXE DZS:"%l"
HKEY_CLASSES_ROOT\dzsfile
HKEY_CLASSES_ROOT\dzsfile\DefaultIcon C:\Program Files\DAP\DAP.EXE
HKEY_CLASSES_ROOT\dzsfile\shell\open\command C:\Program Files\DAP\DAP.EXE DZS:"%l"
HKEY_CLASSES_ROOT\dzsfile Download Accelerator Skin file
HKEY_CLASSES_ROOT\dzsfile EditFlags
HKEY_CLASSES_ROOT\interface\{5bfa1dae-5edc-11d2-959e-00c00c02da5e}
HKEY_CLASSES_ROOT\interface\{5bfa1dae-5edc-11d2-959e-00c00c02da5e}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5bfa1dae-5edc-11d2-959e-00c00c02da5e}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5bfa1dae-5edc-11d2-959e-00c00c02da5e}\TypeLib {5FE38345-35A8-11D3-BD27-000021C9A4D9}
HKEY_CLASSES_ROOT\interface\{5bfa1dae-5edc-11d2-959e-00c00c02da5e}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{5bfa1dae-5edc-11d2-959e-00c00c02da5e} IDownloadAcceleratorIE
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\ftp\ZDA
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\ftp\ZDA CLSID {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\ftp\ZDA Pattern1
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\ZDA
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\ZDA CLSID {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\ZDA Pattern1
HKEY_CLASSES_ROOT\typelib\{5bfa1da1-5edc-11d2-959e-00c00c02da5e}
HKEY_CLASSES_ROOT\typelib\{5bfa1da1-5edc-11d2-959e-00c00c02da5e}\1.0\0\win32 C:\Program Files\DAP\DAPIE.DLL
HKEY_CLASSES_ROOT\typelib\{5bfa1da1-5edc-11d2-959e-00c00c02da5e}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{5bfa1da1-5edc-11d2-959e-00c00c02da5e}\1.0\HELPDIR C:\Program Files\DAP
HKEY_CLASSES_ROOT\typelib\{5bfa1da1-5edc-11d2-959e-00c00c02da5e}\1.0 DAPIE 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{5fe38345-35a8-11d3-bd27-000021c9a4d9}
HKEY_CLASSES_ROOT\typelib\{5fe38345-35a8-11d3-bd27-000021c9a4d9}\1.0\0\win32 C:\Program Files\DAP\DAPIE.DLL
HKEY_CLASSES_ROOT\typelib\{5fe38345-35a8-11d3-bd27-000021c9a4d9}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{5fe38345-35a8-11d3-bd27-000021c9a4d9}\1.0\HELPDIR C:\Program Files\DAP
HKEY_CLASSES_ROOT\typelib\{5fe38345-35a8-11d3-bd27-000021c9a4d9}\1.0 dapie 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADS\Default CategoryID Default
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADS\Default Media 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADS NOMAIOD 3455
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADS DefaultServer http://ads7.speedbit.com/cgi-bin/ads9.dll
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADS DBAR 450
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADS ASR 4
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\ADS KAR 10
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Documents File Types DOC PDF RTF
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Documents Download Dir C:\Documents and Settings\Ozcar\Desktop\Documents Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Documents Name Documents
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Documents IconID 5
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Documents ID 5
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Documents Index 5
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Images File Types GIF JPG TIFF BMP
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Images Download Dir C:\Documents and Settings\Ozcar\Desktop\Image Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Images Name Images
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Images IconID 4
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Images ID 4
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Images Index 4
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Movies & Videos File Types AVI MPG MPEG QT ASF MOV WMV
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Movies & Videos Download Dir C:\Documents and Settings\Ozcar\Desktop\Video Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Movies & Videos Name Movies & Videos
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Movies & Videos IconID 2
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Movies & Videos ID 3
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Movies & Videos Index 3
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Music & Sounds File Types MP3 PLJ WMA WAV
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Music & Sounds Download Dir C:\Documents and Settings\Ozcar\Desktop\Music Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Music & Sounds Name Music & Sounds
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Music & Sounds IconID 3
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Music & Sounds ID 2
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Music & Sounds Index 2
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Software & Archives File Types EXE ZIP ARJ RAR LZH Z GZ GZIP TAR BIN R0* R1* A0* A1*
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Software & Archives Download Dir C:\Documents and Settings\Ozcar\Desktop\Software Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Software & Archives Name Software & Archives
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Software & Archives IconID 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Software & Archives ID 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category\Software & Archives Index 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Category Init 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\DBS\Settings GUID e0Y1QzIyQjQ3LUM0MjgtNGUxNi05M0NCLUI3NjI4RTc0OTk5Rn17RUVCRkEwQzktRkFFMi00YmM1LUFFNTAtRDQyRjMxM0MwNkUzfQ==
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_Size 6115
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_Status 3
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_ShortFilename SuperAdBlocker.v4.1.0.1004_dailyfreedownloads.com.rar
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_MainURL http://rapidshare.de/files/32177660/SuperA...wnloads.com.rar
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_OutputFilename D:\instaladores\SuperAdBlocker.v4.1.0.1004_dailyfreedownloads.com.rar
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_Query_Index 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_Query_Status 5
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_Cancel_Reason 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_Finish_Time 1159211532
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_Time_Stamp 1159211524
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_Was_Open 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_HCS e7ddadeab9948b154ff886d9e046432d
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_FCS I/8se32uOqIberEXvvrUKOlgCgE=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{24FD792D-7713-49d0-9DA8-268A6F716653} Item_CatID 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_Size 16504464
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_Status 3
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_ShortFilename jre-1_5_0_08-windows-i586-p.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_MainURL http://192.18.108.209/ECom/EComTicketServl...4/1691136531/2t
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_OutputFilename D:\instaladores\jre-1_5_0_08-windows-i586-p.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_Query_Index 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_Query_Status 5
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_Cancel_Reason 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_Finish_Time 1159123660
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_Time_Stamp 1159122924
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_Was_Open 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_FCS l5N3D4XsbjqxU62ZZjywm4cbxlc=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{9E66BF3B-CBB0-4c00-89A7-46A88EE12DBD} Item_CatID 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_Size 15302448
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_Status 3
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_ShortFilename IE7RC1-WindowsXP-x86-enu.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_MainURL http://download.microsoft.com/download/4/0...sXP-x86-enu.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_OutputFilename D:\instaladores\IE7RC1-WindowsXP-x86-enu.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_Query_Index 2
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_Query_Status 5
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_Cancel_Reason 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_Finish_Time 1159146598
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_Time_Stamp 1159144042
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_Was_Open 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_HCS 43a44b44eac14e62d898b276921d4c4b
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_FCS kcC34iCcNfh3v+goFd15BI+CWSY=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\FileList\{C618D161-F1F2-40d6-A380-BB6B37F20929} Item_CatID 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Binaries Extention List EXE ZIP ARJ RAR LZH Z GZ GZIP TAR BIN R0* R1* A0* A1*
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Binaries Enable 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Binaries Type 4
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Custom Enable 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Custom Type 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Images Extention List GIF JPG TIFF BMP
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Images Enable 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Images Type 5
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Music Extention List MP3 PLJ WMA WAV
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Music Enable 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Music Type 2
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Video Extention List AVI MPG MPEG QT ASF MOV WMV
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Video Enable 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Leech\Video Type 3
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always winupdate.www.conxion.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always www.buydirect.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always windowsupdate.microsoft.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always ehg.hitbox.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always download.macromedia.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always data.alexa.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always search.yahoo.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always rd.yahoo.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always www.lycos.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always www.shop.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always search.lycos.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always guide.walla.co.il
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always www.download.windowsupdate.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always 127.0.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always downloadfinder2.intel.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\Always a9.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.winzip.com downauto.cgi?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound volftp.tin.it ?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.rocketdownload.com ?file=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound 151.99.197.24 ?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.chip.de ?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.download.com cgi-bin/dl2
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.wsj.com cgi
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound public.wsj.com cgi
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound home.cnet.com search
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.3dfiles.com dl-http
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound 3dfiles.com dl-http
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound hotfiles.zdnet.com basket.bin
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound 32bit.bhs.com download.asp?filename=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound download.lycos.com query=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound chkpt.zdnet.com basket.bin
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound music.lycos.com redir.asp?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.google.com search?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound ftpsearch.lycos.com query=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.fileplanet.com dl.asp?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.aopen.com scripts
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.megagames.com redir.cgi?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound download.search.com q=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound download.com.com qt=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.alltheweb.com q=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound support.gateway.com osWarn.asp
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound downloadfinder.intel.com .asp?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound web.neuroticmedia.net License.asp
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.mysearch.com searchfor
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.bhs.com download.asp
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound fileforum.betanews.com dlmain.php3
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.versiontracker.com redir.fcgi
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound stats.indextools.com p.pl
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.thawte.com cgi
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound groups.google.com &q=
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound metrics.webcriteria.net tags
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www2.driverguide.com uploads
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound www.adaptec.com www.adaptec.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound ak.buy.com get_loaded.mp3
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound clusty.com search?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenFound mysearch.yahoo.com search?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenNotFound volftp.tiscalinet.it dl.htm?
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger\WhenNotFound www.juston.com pview.cgi
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger LastUrl http://download.iplanet.com/cgi-bin/downlo...load.cgi?cd=1-1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger AskLastUrlIndex 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\NoTrigger AskLastUrl0 http://gfx1.mail.live.com/mail/11.00/beta/i_checkmark_on.gif
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Updates\Register DAPGAMES
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator\Updates LicenseVersion 7300
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator EXELOCATION C:\Program Files\DAP\DAP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator FTPSearchAutoFind 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator Extensions EXE ZIP ARJ RAR LZH Z GZ GZIP TAR BIN MP3 AVI MPG MPEG QT PLJ ASF MOV WMA WMV R0* R1* A0* A1* TIF TIFF ACE ISO
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator BrowserIntegration 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator AllowUpdate 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator FTPSearchAutoSelect 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator NewVersionChecking 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator DragURLWindow 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator DragURLWindowX 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator DragURLWindowY 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator RegularAccelerateWindow 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator RemoveFromListWhenOK 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator NoInfoWindow 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator LLL 51
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator InstallTime 1159068496
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator LastNotifyVersion 7509
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator Version 7509
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator View_DAP_Filters 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator InstallCompany
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator InstallEmail game2k1@hotmail.com
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator InstallAge 19-25
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator InstallProf
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator InstallGender
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator InstallInterests 2
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator ISN 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator InstallIntegrateBrowser 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator InstallLastName Salas
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator InstallFirstName Oscar
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator Download Directory D:\instaladores
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator TempDirectory C:\Program Files\DAP\Temp
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator Details 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator SessionTime 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator LastSkin
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator MultiLang 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator Log 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator LastBootTime 1159472118
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator LWV 7.5.0.9
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator FTW 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator QV_Cols_List 0;1;2;3;4;5;6;7;8;9
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator LRV 61
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator FViewTStart 1159068496
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator DAUI 225966911
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator LastUpdateTime 1159471863
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator DAPScreenPos 0100 0100 0900 0700
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator ScreenMin 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator ScreenMax 0
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator QV_Cols_Params 50;125;86;65;65;50;65;65;65;170
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator BWIndication 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator MaxConnections 5
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator FSD 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator SaveToDirChanged 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator HistoryCImported 1
HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Download Accelerator CV_Cols_Params 125;70;125;125;125


Fearmusk.A Backdoor more information...
Status: Deleted

Infected files detected
c:\windows\system32\mqprfs.h


Ardamax Keylogger Commercial Key Logger more information...
Status: Deleted

Infected files detected
C:\!KillBox\WinSecure.003
C:\!KillBox\WinSecure.004


Cookie: ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\ozcar\cookies\ozcar@ad.yieldmanager[2].txt


Cookie: CGI-Bin Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\ozcar\cookies\ozcar@cgi-bin[1].txt


Cookie: QuestionMarket.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\ozcar\cookies\ozcar@questionmarket[2].txt

#6 ozkar

ozkar
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 29 September 2006 - 09:44 PM

And here's the new Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:10:47 PM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\MediaKey\Versato.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MediaKey\MePlayer.exe
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe
C:\WINDOWS\system32\svchost.exe
D:\instaladores\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [SuperAdBlocker] D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\SAdBlock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SABWinLogon - D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\SABWINLO.DLL (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\SABSVC.EXE (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe



Hopefully you won't find anything new... But if you do plz let me know what to do... And would you recommend me what to do regarding the scan concerning msn plus live and download accelerator?? Should i put it ALWAYS IGNORE????
Besides that.... Thanks a lot for helping me with that Winsecure thing....

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:56 AM

Posted 30 September 2006 - 09:56 AM

Messenger Plus and DAP aren't malicious in themselves. But they can bundle additional malware infections with them when they are installed. I don't find those specific infections in any of your logs, so if you use those programs you can keep them and just have Counterspy ignore them.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O20 - Winlogon Notify: SABWinLogon - D:\Mis Documentos\Mis Documentos\Oscar\Otros\Programas\SABWINLO.DLL (file missing)


Counterspy indentified the winsecure files as related to Ardamax Keylogger. If you are not familiar with this program, you may want to assume that your keystrokes have been logged and change your passwords. Here is more info.
http://www.spywareguide.com/product_show.php?id=526



Your hijackthis log looks pretty good to me. If you are not having any other issues, I'd say you are clean!


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :flowers:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 ozkar

ozkar
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 30 September 2006 - 11:29 PM

Hey man... Really thanks a lot.... You've been of great help....

:thumbsup: :flowers:

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:56 AM

Posted 01 October 2006 - 08:29 AM

I'm glad I could help you out! :thumbsup:

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users