PDA

View Full Version : Spywarequake - has it gone ?

Frogmore_photo
12 Jul 2006, 12:08am
Hi,

Newbie here !!
Here are the logs from Smitrem and Panda.
I think I am still infected.
Is this true and what should I do next?

Hope to hear from you very soon.

CB.


smitRem © log file
version 3.1

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: 11/07/2006
The current time is: 22:44:25.91

Running from
C:\Documents and Settings\Colin\My Documents\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Trust Cleaner Fix © by noahdfear



Starting Trust Cleaner uninstaller

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

Security Toolbar


~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

regperf.exe
simpole.tlb
stdole3.tlb
atmclk.exe
dcomcfg.exe
1024 dir
hp***.tmp


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 760 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :)


Incident Status Location

Adware:Adware/SpywareQuake Not disinfected C:\Documents and Settings\Colin\Application Data\Microsoft\Office.dll
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Colin\Cookies\colin@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Colin\Cookies\colin@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Colin\Cookies\colin@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Colin\Cookies\colin@atwola[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Colin\Cookies\colin@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Colin\Cookies\colin@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Colin\Cookies\colin@ehg-dig.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Colin\Cookies\colin@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Colin\Cookies\colin@hitbox[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Colin\Cookies\colin@mediaplex[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Colin\Cookies\colin@phg.hitbox[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Colin\Cookies\colin@serving-sys[2].txt
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Colin\Favorites\Antivirus Test Online.url
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Colin\Local Settings\Temporary Internet Files\Content.IE5\3GZZ712A\syssecuritysite[1].htm
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Colin\My Documents\smitRem\Process.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Julie\Cookies\julie@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Julie\Cookies\julie@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Julie\Cookies\julie@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Julie\Cookies\julie@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Julie\Cookies\julie@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Julie\Cookies\julie@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Julie\Cookies\julie@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Julie\Cookies\julie@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Julie\Cookies\julie@bluestreak[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Julie\Cookies\julie@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Julie\Cookies\julie@fastclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Julie\Cookies\julie@hitbox[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Julie\Cookies\julie@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Julie\Cookies\julie@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Julie\Cookies\julie@questionmarket[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Julie\Cookies\julie@statse.webtrendslive[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Julie\Cookies\julie@tribalfusion[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Murray\Cookies\murray@247realmedia[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Murray\Cookies\murray@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Murray\Cookies\murray@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Murray\Cookies\murray@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Murray\Cookies\murray@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Murray\Cookies\murray@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Murray\Cookies\murray@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Murray\Cookies\murray@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Murray\Cookies\murray@atdmt[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Murray\Cookies\murray@bfast[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Murray\Cookies\murray@casalemedia[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Murray\Cookies\murray@centrport[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Murray\Cookies\murray@counter6.sextracker[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Murray\Cookies\murray@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Murray\Cookies\murray@fastclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Murray\Cookies\murray@hitbox[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Murray\Cookies\murray@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Murray\Cookies\murray@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Murray\Cookies\murray@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Murray\Cookies\murray@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Murray\Cookies\murray@realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Murray\Cookies\murray@serving-sys[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Murray\Cookies\murray@sextracker[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Murray\Cookies\murray@statse.webtrendslive[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Murray\Cookies\murray@tribalfusion[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Murray\Cookies\murray@valueclick[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Murray\Cookies\murray@webpower[1].txt
Frogmore_photo
12 Jul 2006, 12:17am
Here is the HijackThis log as well :-

Logfile of HijackThis v1.99.1
Scan saved at 00:16:23, on 12/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\AOL\1150498494\ee\AOLHostManager.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Common Files\AOL\1150498494\ee\AOLServiceHost.exe
c:\program files\common files\aol\1150498494\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1150498494\ee\AOLServiceHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Colin\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=25040
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150498494\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{838A5B88-C118-4E0D-925D-7801FEDA35E4}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Frogmore_photo
12 Jul 2006, 6:16pm
Hi there,

I think I have cracked it.
I followed the instructions through again but the "critical error" message kept coming up so I ran a range of antispyware applications through and finally Spybot positively identified and zapped it and since then it has not reappeared. That doesn't mean to say that it won't though !!

Thanks for the help your forum has been to me.

Regards,

CB.