• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
lila

toolbar

9 posts in this topic

When I connect to the internet I get this message to install a toolbar, I have run adaware but can`t get rid of it. http:web.links4all.biz and asks me if I want to install Toolbar888 publisher YAWSA LLC.I have downloaded hijack this but need further help as I am not sure which things I can delete with safety.

Thanks so much!

Share this post


Link to post
Share on other sites

Hi lalenia,

 

In order for the malware experts to assist you, please post scan-logs from both Ad-Aware and HijackThis, as set out in my post here: Unable to remove spywares Boran.g et Smitfraud-C (the 2nd post in the thread)

 

Once you have posted the logs, please do not "bump" your thread (by adding further posts), as the logs are read from oldest to newest. It may take a little while before an expert subscribes to your post, so your patience would be appreciated :)

 

Regards,

 

Spike

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 9:02:58, on 5/10/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\explorer.exe

C:\Acer\eManager\anbmServ.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Documents and Settings\Lal\Bureaublad\Yinstall.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\PROGRA~1\PRINTV~1\pvmodule.exe

C:\Program Files\Common Files\{320D180E-0578-2067-0614-050315050020}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\acer\eRecovery\Monitor.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

C:\DOCUME~1\Lal\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Windows APCI Verifier] dhcpserv.exe

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Lal\Bureaublad\Yinstall.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe

O4 - HKLM\..\RunServices: [Windows APCI Verifier] dhcpserv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

 

I added the other log onto this for adaware but it gave me an error message! zill try and send it again, THKS

Share this post


Link to post
Share on other sites

this is adaware it is huge!

avast! Report

* This file is generated automatically

*

* Task 'Simple user interface' used

* Started on donderdag 5 oktober 2006 14:41:59

* VPS: 0640-3, 05/10/2006

*

 

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloader.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloader.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DeskMateTahni.zip\ac3_0010.exe [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DeskMateTahni.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\drsmartload1.exe [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SystemDoctor.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip\$_2341233.TMP [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip\ibm00003.exe [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig2.zip\$_2341234.TMP [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig2.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\UCmore.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE1.zip\sbRecovery.reg [E] Archive is password protected. (42056)

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE1.zip\sbRecovery.ini [E] Archive is password protected. (42056)

C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\Y29DN3VH\Installer[1].exe [L] Win32:Lookme-gen [Adw] (0)

While moving file to chest, error occurred: Virus chest server is not running. RPC communication failed.

File was successfully renamed/moved...

C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ac3_0010[1].exe [L] Win32:Small-BIW [Trj] (0)

File was successfully renamed/moved...

C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)

C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)

During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund

During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund

C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe [L] Win32:Adware-gen. [Adw] (0)

File was successfully renamed/moved...

C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\O34JU107\MTE3NDI6ODoxNg[1].exe [L] Win32:Trojano-2873 [Trj] (0)

File was successfully renamed/moved...

C:\Documents and Settings\Lal\passchk.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\pagefile.sys.vir [L] Win32:Sinowal-L [Trj] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\[uPX].2.vir\[uPX] [L] Win32:Trojano-P [Trj] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\wqjbtp.exe.vir [L] Win32:Trojan-gen. {Other} (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\A0018849.exe.vir [L] Win32:Trojan-gen. {Other} (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNgnew.exe.vir [L] Win32:Trojano-2873 [Trj] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\warebundlenewer.exe.vir [L] Win32:Lookme-gen [Adw] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\Installer[1].exe.vir [L] Win32:Lookme-gen [Adw] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\ac3_0010[1].exe.vir [L] Win32:Small-BIW [Trj] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\UCMTSAIE.DLL.vir [L] Win32:Adware-gen. [Adw] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\IUCMORE.DLL.vir [L] Win32:Adware-gen. [Adw] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)

C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)

During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund

During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund

C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir [L] Win32:Adware-gen. [Adw] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNg[1].exe.vir [L] Win32:Trojano-2873 [Trj] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\server2.exe.vir [L] Win32:Agent-UA [Drp] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\UCMTSAIE.DLL.2.vir [L] Win32:Adware-gen. [Adw] (0)

File was successfully renamed/moved...

C:\Program Files\Alwil Software\Avast4\DATA\moved\IUCMORE.DLL.2.vir [L] Win32:Adware-gen. [Adw] (0)

File was successfully renamed/moved...

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp [E] Archive is password protected. (42056)

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp [E] Archive is password protected. (42056)

C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP197\A0017788.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)

File was successfully renamed/moved...

C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP197\A0018801.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)

File was successfully renamed/moved...

C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018970.exe [L] Win32:Small-BIW [Trj] (0)

File was successfully renamed/moved...

C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)

C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)

During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund

During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund

C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe [L] Win32:Adware-gen. [Adw] (0)

File was successfully renamed/moved...

C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018983.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)

File was successfully renamed/moved...

C:\FOUND.001\FILE0012.CHK\FILE0012 [E] GZIP archive is corrupted. (42129)

Infected files: 31

Total files: 121103

Total folders: 2528

Total size: 8,1 GB

 

*

* Task stopped: donderdag 5 oktober 2006 15:52:14

* Run-time was 1 hour(s), 10 minute(s), 15 second(s)

Thanks, hope you receive it ok!

Share this post


Link to post
Share on other sites

Hi Spike,

I am still waiting for a reply from my previos post dated the 5th October. Or maybe someone else will be able to help me.

Thanks

Share this post


Link to post
Share on other sites

Hi lalenia,

Once you have posted the logs, please do not "bump" your thread (by adding further posts), as the logs are read from oldest to newest. It may take a little while before an expert subscribes to your post, so your patience would be appreciated
The experts were almost up to your posting-date - now you have sent yourself to the end of the queue, by posting again - sorry :unsure:

 

Regards,

 

Spike

Share this post


Link to post
Share on other sites
Hi lalenia, The experts were almost up to your posting-date - now you have sent yourself to the end of the queue, by posting again - sorry ;)

 

Regards,

 

Spike

 

Note by Admin: Insults removed. This poster is on Moderator Preview indefinitely

 

Last ned CCleaner, og kjør en rens.

 

Oppdater AVG-antispyware

 

Kjør HJT og fjern:

O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\bjoffe\winstall.exe

 

Sørg for at du ser skjulte filer og mapper (kontrollpanel->Mappealternativer->Vis->"Vis skjulte filer og mapper"

 

Restart i sikker modus (tapp f8 under oppstart)

 

I utforsker sletter du fila (i bold)

C:\Documents and Settings\bjoffe\winstall.exe

 

Kjør en full scan med AVG

 

Restart i normal modus og post en ny HJT

Edited by LS CalamityJane

Share this post


Link to post
Share on other sites

Admin Note: Quote of insult removed

 

I regret that you feel so strongly about the wording of my post.

 

Blunt though it was (and yes, I admit that I could have softened the wording), it was the literal truth for the over-stretched resources of the forum at that time. To speed-up their assistance once an expert log-reader had subscribed to their topic, I asked posters to submit both Ad-Aware and HijackThis logs.

 

I also clearly requested that the Topics not be "bumped", as logs were read from oldest to newest. I also knew (from previous "behind-the-scenes" attempts to get "bumped" posts re-instated to their previous posting-date) that the "oldest to newest" policy of the forum was being strictly enforced.

 

Not being trained in reading logs myself, I gave lalenia an honest response.

 

Spike

Edited by LS CalamityJane

Share this post


Link to post
Share on other sites

Due to lack of response by the original poster, I am closing this thread.

 

If the original poster still needs assistance, please send me a private message and I will be happy to re-open it.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0