Starware removal

bygeek · Oct 3, 2005

Anyone familiar with Starware? Will any of the popular scanning tools remove it?

electronicsfreak · Oct 4, 2005

havent heard of it but im sure they will remove some if not all of it. try using hijackthis as ive come to greatly use that for removing difficult spyware.

pechenegs · Oct 4, 2005

Download hijack this from the link below.Please do this. Click here:

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

to download HijackThis. Click scan and save a logfile, then post it here so we can take a look at it for you. Don't click fix on anything in hijack this as most of the files are legitimate.

* Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/

* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.

*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET

* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Run Ewido:

* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

* Run Cleanup:

* Click on the "Cleanup" button and let it run.
* Once its done, close the program.

Run ActiveScan online virus scan here

http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!

post another hijack this log, the ewido and active scan logs

carrr · Oct 4, 2005

It sure dumps a lot of crud.
Manual removal instructions, if you're a purist:

http://labs.paretologic.com/spyware.aspx?remove=Adware.Starware

Tired of waiting for an answer? Try asking better questions. See: faq222-2244

bygeek · Oct 6, 2005

Turns out it has a removal routine in Add/Remove Programs that seems to get rid of it. After running the uninstall, I rebooted and checked all the registry references listed by Symantec, and none were found, and the toolbar was gone.

koxan · Nov 28, 2005

Hi! I've got these annoying flash popups on my desktop every few minutes and if I open my browser something keeps redirecting me to other pages, like

http://www.searc-h.com

or

http://www.starware.com.

Could you please help me?
Here's my hijack-logfile.
Thx.

Logfile of HijackThis v1.99.1
Scan saved at 23:11:27, on 2005.11.28.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3A3D588C-741C-458B-9259-A516D38A036D}: NameServer = 192.168.2.1,213.46.246.52
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\ir82l5lo1.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pechenegs · Nov 28, 2005

go to add/remve and uninstall meseengerplus 3, delete it's folder from C:\program files!

fix these with hijack this, close all open programmes and click FIX.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe

http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into
this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

post back with the l2me log!

koxan · Nov 28, 2005

Here is my l2me log. (And thanks for answering so quickly)

L2MFIX find log 1.99
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l0p20a7oed.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (

http://www.heysoft.de)

This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Felhaszn l?k
(ID-IO) ALLOW Read BUILTIN\Felhaszn l?k
(ID-NI) ALLOW Read BUILTIN\Kiemelt felhaszn l?k
(ID-IO) ALLOW Read BUILTIN\Kiemelt felhaszn l?k
(ID-NI) ALLOW Full access BUILTIN\Rendszergazd k
(ID-IO) ALLOW Full access BUILTIN\Rendszergazd k
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access L?TREHOZ? TULAJDONOS

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{B85D712A-C6B9-069E-F6B9-0154A4A964FA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multim‚dia f jltulajdons glap"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM k‚polvas?-kezel‚s"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS biztons gi oldal"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE dokumentumf jl tulajdons glapja"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rendszerh‚j-kiterjeszt‚sek a megoszt shoz"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Videok rtya CPL kiterjeszt‚s"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="K‚perny‹figyel‹ CPL kiterjeszt‚s"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="K‚perny‹k”vet‹ CPL kiterjeszt‚s"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS biztons glap"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit si oldal"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Rendszerh‚j - Scrap adatkezel‹"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Lemezm sol s kiterjeszt‚se"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rendszerh‚j-kiterjeszt‚sek - Microsoft Windows h l?zati objektumok"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM monitorkezel‚s"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM nyomtat?kezel‚s"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rendszerh‚j-kiterjeszt‚sek - f jlt”m”r?t‚s"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Rendszerh‚j-kiterjeszt‚s - webnyomtat?"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="T ska"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal ikonkiterjeszt‚s"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers biztons gi oldal"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rendszerh‚j-kiterjeszt‚sek a megoszt shoz"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO kieg‚sz?t‹ mez‹"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign kieg‚sz?t‹ mez‹"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="H l?zati kapcsolatok"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="H l?zati kapcsolatok"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="K‚polvas?k & f‚nyk‚pez‹g‚pek"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="K‚polvas?k & f‚nyk‚pez‹g‚pek"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="K‚polvas?k & f‚nyk‚pez‹g‚pek"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="K‚polvas?k & f‚nyk‚pez‹g‚pek"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="K‚polvas?k & f‚nyk‚pez‹g‚pek"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Host rendszerh‚j-kiterjeszt‚s"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="štemezett feladatok"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="T lca ‚s Start men?"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Keres‚s"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="S?g? ‚s t mogat s"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="S?g? ‚s t mogat s"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Futtat s..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Fel?gyeleti eszk”z”k"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft internetes eszk”zt r"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Let”lt‚s llapota"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="B‹v?tett rendszerh‚jmappa 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Keres‹s v"
"{32683183-48a0-441b-a342-7c2a440a9478}"="M‚dias v"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Panelen bel?li keres‚s"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Webes keres‚s"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&C?m"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Egy‚ni MRU automatikus kieg‚sz?t‚ses lista"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="El‚rhet‹"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Felbukkan? eszk”zt rak k”vet‚se"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="C?msorelemz‹"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Felhaszn l?i seg?ts‚gny?jt s"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="µltal nos mappabe ll?t sok"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url El‹zm‚nyek szolg ltat s"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="El‹zm‚nyek"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Ideiglenes internetf jlok"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Ideiglenes internetf jlok"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Internet Explorer 4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Az internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="B”ng‚sz‹s v"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX gyors?t?t rmappa"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="El‹fizet‚s mappa"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Rendszerh‚j - alkalmaz skezel‹"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Telep?tett alkalmaz ssz ml l?"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin alkalmaz s-k”zz‚tev‹"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ f jlminiat?ra-kicsomagol?"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="™sszefoglal? a miniat?rakezel‹r‹l (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-miniat?rkicsomagol?"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="K”zz‚t‚tel a weben var zsl?"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="K‚prendel‚s a weben"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Rendszerh‚j k”zz‚t‚teli var zsl?j nak objektuma"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport var zsl?"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Felhaszn l?i fi?kok"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Csatornaf jl"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Csatorna-parancsikon"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Csatornakezel‹ objektum"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Kapcsolat n‚lk?li f jlok mapp ja"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Szem‚lyek..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmapp k"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{516EC4D3-4AD9-11D5-AA6A-00E0189008B3}"="The Core Media Player Shell Extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{0D7070AB-B0F0-4A01-9E70-934E8E16102F}"=""
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0D7070AB-B0F0-4A01-9E70-934E8E16102F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0D7070AB-B0F0-4A01-9E70-934E8E16102F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0D7070AB-B0F0-4A01-9E70-934E8E16102F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0D7070AB-B0F0-4A01-9E70-934E8E16102F}\InprocServer32]
@="C:\\WINDOWS\\system32\\OmgDS.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
ati2cqag.dll Wed 2005-08-31 2.42.50 A.... 233 472 228,00 K
ati2dvag.dll Wed 2005-08-31 3.42.54 A.... 238 592 233,00 K
ati2edxx.dll Wed 2005-08-31 3.37.22 A.... 39 936 39,00 K
ati2evxx.dll Wed 2005-08-31 3.37.12 A.... 46 080 45,00 K
ati3duag.dll Wed 2005-08-31 3.28.36 A.... 2 429 824 2,32 M
atiddc.dll Wed 2005-08-31 3.35.46 A.... 53 248 52,00 K
atidemgr.dll Wed 2005-08-31 5.33.32 A.... 258 048 252,00 K
atiiiexx.dll Wed 2005-08-31 6.08.36 A.... 307 200 300,00 K
atikvmag.dll Wed 2005-08-31 3.10.36 A.... 147 456 144,00 K
atioglx1.dll Wed 2005-08-31 4.57.50 A.... 6 684 672 6,38 M
atioglxx.dll Wed 2005-08-31 3.57.00 A.... 4 718 592 4,50 M
atipdlxx.dll Wed 2005-08-31 3.37.44 A.... 106 496 104,00 K
atitvo32.dll Wed 2005-08-31 2.47.46 A.... 17 408 17,00 K
ativvaxx.dll Wed 2005-08-31 3.23.04 A.... 600 672 586,59 K
axferror.dll Mon 2005-11-07 18.49.44 ..S.R 236 642 231,09 K
browseui.dll Sat 2005-09-03 0.54.56 A.... 1 019 904 996,00 K
cdfview.dll Sat 2005-09-03 0.54.56 A.... 151 552 148,00 K
cdosys.dll Sat 2005-09-10 2.55.36 A.... 2 067 968 1,97 M
danim.dll Sat 2005-09-03 0.54.58 A.... 1 055 232 1,00 M
deser.dll Sun 2005-11-06 18.38.06 ..S.R 236 642 231,09 K
dhlzaac.dll Tue 2005-11-15 13.09.26 ..S.R 233 765 228,29 K
dn0801~1.dll Mon 2005-11-28 23.23.12 ..S.R 234 961 229,45 K
dnlo01~1.dll Mon 2005-11-07 10.38.44 ..S.R 233 929 228,45 K
dxtrans.dll Sat 2005-09-03 0.54.58 A.... 205 312 200,50 K
extmgr.dll Sat 2005-09-03 0.54.58 ..... 55 808 54,50 K
g6jolg~1.dll Sun 2005-11-27 1.57.12 ..S.R 236 509 230,96 K
gdi32.dll Thu 2005-10-06 4.18.54 A.... 280 064 273,50 K
iepeers.dll Sat 2005-09-03 0.54.58 A.... 251 392 245,50 K
inseng.dll Sat 2005-09-03 0.54.58 A.... 96 256 94,00 K
irlql5~1.dll Mon 2005-11-28 8.14.10 ..S.R 237 023 231,46 K
l0p20a~1.dll Mon 2005-11-28 22.46.50 ..S.R 234 160 228,67 K
linkinfo.dll Thu 2005-09-01 3.28.38 A.... 19 968 19,50 K
mkc40.dll Mon 2005-11-07 10.30.44 ..S.R 233 929 228,45 K
mnvcrt.dll Wed 2005-11-09 18.36.10 ..S.R 233 765 228,29 K
mshtml.dll Wed 2005-10-05 1.27.34 A.... 3 013 120 2,87 M
mshtmled.dll Sat 2005-09-03 0.55.02 A.... 448 512 438,00 K
msrating.dll Sat 2005-09-03 0.55.04 A.... 146 432 143,00 K
mstime.dll Sat 2005-09-03 0.55.04 A.... 530 432 518,00 K
oemdspif.dll Wed 2005-08-31 3.37.34 A.... 73 728 72,00 K
omgds.dll Mon 2005-11-28 23.23.12 ..S.R 234 160 228,67 K
pngfilt.dll Sat 2005-09-03 0.55.04 A.... 39 424 38,50 K
rdsutils.dll Sun 2005-11-20 17.17.16 ..S.R 235 669 230,14 K
shdocvw.dll Sat 2005-09-03 0.55.06 A.... 1 483 776 1,41 M
shell32.dll Fri 2005-09-23 4.07.40 A.... 8 471 552 8,08 M
shlwapi.dll Sat 2005-09-03 0.55.06 A.... 473 600 462,50 K
sintf16.dll Sat 2005-10-15 16.56.10 A.... 12 067 11,78 K
sintf32.dll Sat 2005-10-15 16.56.10 A.... 17 212 16,81 K
sintfnt.dll Sat 2005-10-15 16.56.10 A.... 21 840 21,33 K
sirenacm.dll Thu 2005-10-13 8.11.06 A.... 118 784 116,00 K
sporder.dll Sun 2005-10-23 21.53.22 A.... 8 464 8,27 K
srman32.dll Wed 2005-11-16 11.08.48 ..S.R 233 765 228,29 K
ssftpub.dll Wed 2005-11-09 19.04.02 ..S.R 236 642 231,09 K
urlmon.dll Sat 2005-09-03 0.55.08 A.... 603 648 589,50 K
vsdata.dll Tue 2005-11-15 0.50.30 A.... 83 720 81,76 K
vsinit.dll Tue 2005-11-15 0.50.42 A.... 141 064 137,76 K
vsmonapi.dll Tue 2005-11-15 0.50.52 A.... 104 208 101,77 K
vspubapi.dll Tue 2005-11-15 0.50.56 A.... 227 088 221,77 K
vsregexp.dll Tue 2005-11-15 0.51.00 A.... 71 440 69,77 K
vsutil.dll Tue 2005-11-15 0.51.12 A.... 382 728 373,76 K
vsxml.dll Tue 2005-11-15 0.51.20 A.... 100 104 97,76 K
wininet.dll Sat 2005-09-03 0.55.08 A.... 658 944 643,50 K
winsrv.dll Thu 2005-09-01 3.28.38 A.... 292 352 285,50 K
zlcomm.dll Tue 2005-11-15 0.51.40 A.... 79 624 77,76 K
zlcommdb.dll Tue 2005-11-15 0.51.44 A.... 71 440 69,77 K

64 items found: 64 files (14 H/S), 0 directories.
Total of file sizes: 42 052 016 bytes 40,10 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
A meghajt?ban (C) l‚v‹ k”tetnek nincs c?mk‚je.
A k”tet sorozatsz ma: 1883-A56F

C:\WINDOWS\System32 tartalma:

2005.11.28. 23:23 234?160 OmgDS.dll
2005.11.28. 23:23 234?961 dn0801due.dll
2005.11.28. 22:46 234?160 l0p20a7oed.dll
2005.11.28. 08:14 237?023 irlql5351.dll
2005.11.27. 01:57 236?509 g6jolg1316.dll
2005.11.20. 17:17 235?669 rdsutils.dll
2005.11.16. 11:08 233?765 srman32.dll
2005.11.15. 13:09 233?765 dhlzAAC.dll
2005.11.12. 12:56 <DIR> dllcache
2005.11.09. 19:04 236?642 ssftpub.dll
2005.11.09. 18:36 233?765 mnvcrt.dll
2005.11.07. 18:49 236?642 axferror.dll
2005.11.07. 10:38 233?929 dnlo0133e.dll
2005.11.07. 10:30 233?929 mkc40.dll
2005.11.06. 18:38 236?642 deser.dll
2005.10.05. 20:56 <DIR> Microsoft
14 f jl 3?291?561 b jt
2 k”nyvt r 3?406?008?320 b jt szabad

pechenegs · Nov 29, 2005

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then it will ask for a password enter bye (lowercase) then hit enter. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of
that log and paste it back into this thread, along with a new HijackThis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the log does not open double click on it in the l2mfix folder.

koxan · Nov 29, 2005

Well I've tried... but something went really wrong.

Error message: "shell.reg can't be imported"
+: "zip warning
name not matched dlls\*.*"

Oh and I can't type the password properly in cause I don't have enough time. (The next line appears too fast)

But here are the logfiles:

Checking for L2MFix account(0=no 1=yes):
0
Checking for L2MFix account(0=no 1=yes):
0

Logfile of HijackThis v1.99.1
Scan saved at 15:23:34, on 2005.11.29.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3A3D588C-741C-458B-9259-A516D38A036D}: NameServer = 192.168.2.1,213.46.246.52
O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\dn0801due.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pechenegs · Nov 29, 2005

did you follow the instrcutions properly?

Please download WebRoot SpySweeper from here:

http://www.webroot.com/consumer/downloads/

(It's a 2 week trial):
Click the Free Trial link under to "SpySweeper" to download the program.
Install it.
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.

koxan · Nov 29, 2005

Thanks.

********
22:37: | Start of Session, 2005. november 29. |
22:37: Spy Sweeper started
22:37: Sweep initiated using definitions version 574
22:37: Starting Memory Sweep
22:37: The Spy Communication shield has blocked access to:

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Starware removal

IS-IT--Management

Technical User

MIS

Technical User

IS-IT--Management

Technical User

MIS

Technical User

MIS

Technical User

MIS

Technical User

MIS

Similar threads

Log in

Part and Inventory Search

Sponsor