Hi to erveribody

in my IE7 bar I can have bar888 anche I can't remouve it

can you pls help me?

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.

Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

in my pc I use Zone alarm and Acttive virus shild.

these are the two files form Hijackthis and SmitFraudFix

thanks for your help

Logfile of HijackThis v1.99.1
Scan saved at 0.28.10, on 11/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\eraser\eraser.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Programmi\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FILECO~1\{3CD0B~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FILECO~1\{3CD0B~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.pcn.minambiente.it/ecwpl...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.c...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1AB22F9-9A9B-4267-90F8-056B328EA0BA}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

SmitFraudFix v2.179

Scan done at 0.24.46,68, 11/05/2007
Run from C:\Documents and Settings\a\Desktop\zip\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\eraser\eraser.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\a

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\a\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\a\PREFER~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Pagina iniziale corrente"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NIC Fast Ethernet PCI Realtek RTL8139 Family - Miniport dell'Utilità di pianificazione pacchetti
DNS Server Search Order: 193.70.152.15
DNS Server Search Order: 193.70.152.25

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C1AB22F9-9A9B-4267-90F8-056B328EA0BA}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C1AB22F9-9A9B-4267-90F8-056B328EA0BA}: NameServer=193.70.152.15,193.70.152.25
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C1AB22F9-9A9B-4267-90F8-056B328EA0BA}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C1AB22F9-9A9B-4267-90F8-056B328EA0BA}: NameServer=193.70.152.15,193.70.152.25
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C1AB22F9-9A9B-4267-90F8-056B328EA0BA}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C1AB22F9-9A9B-4267-90F8-056B328EA0BA}: NameServer=193.70.152.15,193.70.152.25
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Go to start > controlpanel > add/remove programs and uninstall next if present:
Think-Adz Search Assistant
Enhanced Ads by Think-Adz
Surfsidekick
ClickSpring
Cowabanga by OIN
ipwindows / ipwins
MediaTickets
MediaTickets by OIN
OIN
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX by OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Snowball Wars by OIN
Yazzle Sudoku by OIN
Zolero Translator

or anything similar with Oin in it
888 toolbar
anything with 888 in it

If OIN not listed, download and run this uninstaller OiUninstaller.exe

Reboot when done! Really important!

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FILECO~1\{3CD0B~1\Bar888.dll (file missing)

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FILECO~1\{3CD0B~1\Bar888.dll (file missing)

Exit Hijack This

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Post the AVG AntiSpyware report please.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces and a new Hijack This log.

Hi

I think bar888 is been remouved

the following links seems to be broken
<quote>
If OIN not listed, download and run this uninstaller OiUninstaller.exe
</quote>

In my pc I have Zone Alarm, Active virus Shild and now there is also ANV anti-spyware
can I use both of them or is necessary to disable one of them?

about 10 times a day Active virus shild send me messages about a modified troian but the pop up is too fast and I can't read it. ( I think the last letters are .de )

still now I had 1 event of this.

these are the 3 reports

thanks for your help

Logfile of HijackThis v1.99.1
Scan saved at 9.46.32, on 11/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.pcn.minambiente.it/ecwpl...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.c...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1AB22F9-9A9B-4267-90F8-056B328EA0BA}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

AVG Anti-Spyware - Rapporto scansione

+ Creato alle: 10.44.21 11/05/2007

+ Risultato scansione:

C:\Programmi\File comuni\{3CD0B2CE-064D-1040-1231-010106000027}\UnInstall.exe -> Adware.888Bar : Ignorato.
C:\System Volume Information\_restore{46C7D552-EEA7-4F2E-9441-7A41DE9AA8AE}\RP2\A0000135.exe -> Adware.Softomate : Ignorato.
C:\Programmi\ABC Lock\matcash.exe -> Downloader.Agent.bdr : Ripulito con backup (in quarantena)
C:\Programmi\ABC Lock\ysbinstall.exe -> Downloader.IstBar : Ripulito con backup (in quarantena)
C:\Programmi\File comuni\{ACD0B2CE-064C-1040-1231-010106000027}\system.dll -> Downloader.Small : Ripulito con backup (in quarantena)
C:\System Volume Information\_restore{46C7D552-EEA7-4F2E-9441-7A41DE9AA8AE}\RP2\A0000134.dll -> Downloader.Small : Ripulito con backup (in quarantena)
C:\Programmi\ABC Lock\Medellin.exe -> Dropper.VB.nn : Ripulito con backup (in quarantena)

::Fine rapporto

"a" - 2007-05-11 10.47.07 Service Pack 2 [SAFE MODE]
ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\a\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Programmi\cowabanga\License.txt
C:\Programmi\File comuni\{3CD0B~1\UnInstall.exe
C:\DOCUME~1\a\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\unsvchosts.exe
C:\Programmi\cowabanga
C:\Programmi\File comuni\{3CD0B~1
C:\Programmi\File comuni\{ACD0B~2
C:\Programmi\File comuni\{ACD0B~1

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CLIENT_IP-IPX

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-11 ))))))))))))))))))))))))))))))))))

2007-05-11 09:16 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-11 00:24 1,368 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-10 14:22 <DIR> d-------- C:\Nuova cartella
2007-05-10 14:18 <DIR> d-------- C:\recycled
2007-05-10 14:15 102,160 --a------ C:\WINDOWS\system32\VB6CHT.DLL
2007-05-10 14:13 <DIR> d-------- C:\WINDOWS\kapmet
2007-05-10 14:13 <DIR> d-------- C:\Programmi\ABC Lock
2007-05-10 14:11 <DIR> d-------- C:\Programmi\Secrecy File & Folder Hider
2007-05-09 22:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
2007-05-09 22:04 <DIR> d-------- C:\SOPHTEMP
2007-05-09 21:48 <DIR> d-------- C:\Programmi\ClamWin
2007-05-09 21:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\.clamwin
2007-05-09 21:48 <DIR> d-------- C:\DOCUME~1\a\DATIAP~1\.clamwin
2007-05-09 21:46 <DIR> d-------- C:\DOCUME~1\a\DATIAP~1\WinRAR
2007-05-09 21:38 <DIR> d-------- C:\DOCUME~1\a\DATIAP~1\R-Wipe&Clean
2007-05-09 21:31 <DIR> d-------- C:\DOCUME~1\a\bachup 905
2007-05-09 21:07 <DIR> d-------- C:\Programmi\Cobian Backup 8
2007-05-09 17:01 <DIR> d-------- C:\Programmi\R-Wipe&Clean
2007-05-09 16:52 <DIR> d-------- C:\Programmi\PrivacyEraser Computing
2007-05-09 16:17 <DIR> d-------- C:\Programmi\IObit
2007-05-08 19:45 <DIR> d-------- C:\Programmi\Paint.NET
2007-05-08 18:57 <DIR> d-------- C:\Programmi\NotePad SX
2007-05-07 13:29 <DIR> d-------- C:\Programmi\Foxit Software
2007-05-07 13:26 <DIR> d-------- C:\Programmi\VisualTaskTips
2007-05-07 10:01 <DIR> d-------- C:\Programmi\Virtual Earth 3D
2007-05-05 13:13 <DIR> d-------- C:\Programmi\Lavasoft
2007-05-05 13:13 <DIR> d-------- C:\DOCUME~1\a\DATIAP~1\Lavasoft
2007-05-05 13:12 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-04-29 12:28 155,648 --a------ C:\WINDOWS\system32\stuninstall.exe
2007-04-15 09:06 <DIR> d-------- C:\Programmi\Macrogaming

Looks like we only got a partial Combofix report.

Please post a new Combofix log.

Run Hijack This> click "open the misc. tool section"> click "open uninstall manager"> click "save list"> click "save"> click "yes"> post that log please.

Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

sorry for my mistake

I downoad kaspersky but after the instalaltion i have this message:
**************

Downloading remote file: master.xml
Update process FAILED. No further antivirus actions can be performed!

Attention, you must be online to activate Kaspersky Online Scanner, since the latest Anti-Virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest viruses. [21]

*******
it is strange because I'm online

here are the reports of combofix and uninstall list

thanks

"a" - 2007-05-11 10.47.07 Service Pack 2 [SAFE MODE]
ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\a\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Programmi\cowabanga\License.txt
C:\Programmi\File comuni\{3CD0B~1\UnInstall.exe
C:\DOCUME~1\a\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\unsvchosts.exe
C:\Programmi\cowabanga
C:\Programmi\File comuni\{3CD0B~1
C:\Programmi\File comuni\{ACD0B~2
C:\Programmi\File comuni\{ACD0B~1

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CLIENT_IP-IPX

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-11 ))))))))))))))))))))))))))))))))))

2007-05-11 09:16 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-11 00:24 1,368 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-10 14:22 <DIR> d-------- C:\Nuova cartella
2007-05-10 14:18 <DIR> d-------- C:\recycled
2007-05-10 14:15 102,160 --a------ C:\WINDOWS\system32\VB6CHT.DLL
2007-05-10 14:13 <DIR> d-------- C:\WINDOWS\kapmet
2007-05-10 14:13 <DIR> d-------- C:\Programmi\ABC Lock
2007-05-10 14:11 <DIR> d-------- C:\Programmi\Secrecy File & Folder Hider
2007-05-09 22:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
2007-05-09 22:04 <DIR> d-------- C:\SOPHTEMP
2007-05-09 21:48 <DIR> d-------- C:\Programmi\ClamWin
2007-05-09 21:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\.clamwin
2007-05-09 21:48 <DIR> d-------- C:\DOCUME~1\a\DATIAP~1\.clamwin
2007-05-09 21:46 <DIR> d-------- C:\DOCUME~1\a\DATIAP~1\WinRAR
2007-05-09 21:38 <DIR> d-------- C:\DOCUME~1\a\DATIAP~1\R-Wipe&Clean
2007-05-09 21:31 <DIR> d-------- C:\DOCUME~1\a\bachup 905
2007-05-09 21:07 <DIR> d-------- C:\Programmi\Cobian Backup 8
2007-05-09 17:01 <DIR> d-------- C:\Programmi\R-Wipe&Clean
2007-05-09 16:52 <DIR> d-------- C:\Programmi\PrivacyEraser Computing
2007-05-09 16:17 <DIR> d-------- C:\Programmi\IObit
2007-05-08 19:45 <DIR> d-------- C:\Programmi\Paint.NET
2007-05-08 18:57 <DIR> d-------- C:\Programmi\NotePad SX
2007-05-07 13:29 <DIR> d-------- C:\Programmi\Foxit Software
2007-05-07 13:26 <DIR> d-------- C:\Programmi\VisualTaskTips
2007-05-07 10:01 <DIR> d-------- C:\Programmi\Virtual Earth 3D
2007-05-05 13:13 <DIR> d-------- C:\Programmi\Lavasoft
2007-05-05 13:13 <DIR> d-------- C:\DOCUME~1\a\DATIAP~1\Lavasoft
2007-05-05 13:12 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-04-29 12:28 155,648 --a------ C:\WINDOWS\system32\stuninstall.exe
2007-04-15 09:06 <DIR> d-------- C:\Programmi\Macrogaming

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-11 00:25:21 -------- d-----w C:\Programmi\eraser
2007-05-10 17:13:09 1,632 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-05-10 17:13:04 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-10 13:30:40 -------- d-----w C:\Programmi\BookMark Master
2007-05-09 19:49:15 -------- d-----w C:\DOCUME~1\a\DATIAP~1\.clamwin
2007-05-09 16:39:51 -------- d-----w C:\Programmi\eMule
2007-05-07 08:40:36 -------- d-----w C:\Programmi\Look@LAN
2007-03-25 07:42:40 69,790 ----a-w C:\WINDOWS\system32\perfc010.dat
2007-03-25 07:42:40 437,644 ----a-w C:\WINDOWS\system32\perfh010.dat
2007-03-17 22:02:45 -------- d-----w C:\Programmi\CoffeeCup Free HTML Editor
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 09:23:18 -------- d-----w C:\Programmi\Creative
2007-03-08 15:37:44 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:44 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:44 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:54 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-05 12:34:28 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2007-02-05 20:19:11 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"="C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\Programmi\Spybot - Search & Destroy\SDHelper.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\programmi\google\googletoolbar3.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"aol"="\"C:\\Programmi\\AOL\\Active Virus Shield\\avp.exe\""
"Zone Labs Client"="\"C:\\Programmi\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Programmi\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Programmi\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-11 10:53:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-11 10:58:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-11 10:58

--------------
uninstall list
------

ABC Lock 1.6
Active Virus Shield
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9 - Italiano
Adobe Shockwave Player
Advanced WindowsCare 2.40 Personal
Aggiornamento della protezione per Windows Internet Explorer 7 (KB928090)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB929969)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB931768)
Aggiornamento della protezione per Windows Media Player (KB911564)
Aggiornamento della protezione per Windows Media Player 6.4 (KB925398)
Aggiornamento della protezione per Windows Media Player 9 (KB917734)
Aggiornamento della protezione per Windows XP (KB890046)
Aggiornamento della protezione per Windows XP (KB893756)
Aggiornamento della protezione per Windows XP (KB896358)
Aggiornamento della protezione per Windows XP (KB896423)
Aggiornamento della protezione per Windows XP (KB896424)
Aggiornamento della protezione per Windows XP (KB896428)
Aggiornamento della protezione per Windows XP (KB899587)
Aggiornamento della protezione per Windows XP (KB899589)
Aggiornamento della protezione per Windows XP (KB899591)
Aggiornamento della protezione per Windows XP (KB900725)
Aggiornamento della protezione per Windows XP (KB901017)
Aggiornamento della protezione per Windows XP (KB901214)
Aggiornamento della protezione per Windows XP (KB902400)
Aggiornamento della protezione per Windows XP (KB904706)
Aggiornamento della protezione per Windows XP (KB905414)
Aggiornamento della protezione per Windows XP (KB905749)
Aggiornamento della protezione per Windows XP (KB908519)
Aggiornamento della protezione per Windows XP (KB911562)
Aggiornamento della protezione per Windows XP (KB911567)
Aggiornamento della protezione per Windows XP (KB911927)
Aggiornamento della protezione per Windows XP (KB912919)
Aggiornamento della protezione per Windows XP (KB913433)
Aggiornamento della protezione per Windows XP (KB913580)
Aggiornamento della protezione per Windows XP (KB914388)
Aggiornamento della protezione per Windows XP (KB914389)
Aggiornamento della protezione per Windows XP (KB917344)
Aggiornamento della protezione per Windows XP (KB917422)
Aggiornamento della protezione per Windows XP (KB917953)
Aggiornamento della protezione per Windows XP (KB918118)
Aggiornamento della protezione per Windows XP (KB918439)
Aggiornamento della protezione per Windows XP (KB918899)
Aggiornamento della protezione per Windows XP (KB919007)
Aggiornamento della protezione per Windows XP (KB920213)
Aggiornamento della protezione per Windows XP (KB920214)
Aggiornamento della protezione per Windows XP (KB920670)
Aggiornamento della protezione per Windows XP (KB920683)
Aggiornamento della protezione per Windows XP (KB920685)
Aggiornamento della protezione per Windows XP (KB921398)
Aggiornamento della protezione per Windows XP (KB921883)
Aggiornamento della protezione per Windows XP (KB922616)
Aggiornamento della protezione per Windows XP (KB922760)
Aggiornamento della protezione per Windows XP (KB922819)
Aggiornamento della protezione per Windows XP (KB923191)
Aggiornamento della protezione per Windows XP (KB923414)
Aggiornamento della protezione per Windows XP (KB923689)
Aggiornamento della protezione per Windows XP (KB923694)
Aggiornamento della protezione per Windows XP (KB923980)
Aggiornamento della protezione per Windows XP (KB924191)
Aggiornamento della protezione per Windows XP (KB924270)
Aggiornamento della protezione per Windows XP (KB924496)
Aggiornamento della protezione per Windows XP (KB924667)
Aggiornamento della protezione per Windows XP (KB925454)
Aggiornamento della protezione per Windows XP (KB925486)
Aggiornamento della protezione per Windows XP (KB925902)
Aggiornamento della protezione per Windows XP (KB926255)
Aggiornamento della protezione per Windows XP (KB926436)
Aggiornamento della protezione per Windows XP (KB927779)
Aggiornamento della protezione per Windows XP (KB927802)
Aggiornamento della protezione per Windows XP (KB928255)
Aggiornamento della protezione per Windows XP (KB928843)
Aggiornamento della protezione per Windows XP (KB930178)
Aggiornamento della protezione per Windows XP (KB931261)
Aggiornamento della protezione per Windows XP (KB931784)
Aggiornamento della protezione per Windows XP (KB932168)
Aggiornamento per Windows XP (KB894391)
Aggiornamento per Windows XP (KB898461)
Aggiornamento per Windows XP (KB900485)
Aggiornamento per Windows XP (KB904942)
Aggiornamento per Windows XP (KB908531)
Aggiornamento per Windows XP (KB910437)
Aggiornamento per Windows XP (KB911280)
Aggiornamento per Windows XP (KB916595)
Aggiornamento per Windows XP (KB920872)
Aggiornamento per Windows XP (KB922582)
Aggiornamento per Windows XP (KB929338)
Aggiornamento per Windows XP (KB930916)
Aggiornamento per Windows XP (KB931836)
Aggiornamento rapido per Windows XP - KB873339
Aggiornamento rapido per Windows XP - KB885835
Aggiornamento rapido per Windows XP - KB885836
Aggiornamento rapido per Windows XP - KB885884
Aggiornamento rapido per Windows XP - KB886185
Aggiornamento rapido per Windows XP - KB887472
Aggiornamento rapido per Windows XP - KB888302
Aggiornamento rapido per Windows XP - KB890859
Aggiornamento rapido per Windows XP - KB891781
Aggiornamento rapido per Windows XP (KB914440)
AM-DeadLink 2.8.1
AVG Anti-Spyware 7.5
CCleaner (remove only)
ClamWin Free Antivirus 0.90.2
Cobian Backup 8
CoffeeCup Free HTML Editor
Core FTP LE 1.3c
Creative Video Blaster WebCam 5 Driver
Creative WebCam Control
Crimson Editor (remove only)
CutePDF Writer 2.6
Duplicate File Finder 1.1.0.0
eMule
Eraser 5.2.1
Evrsoft First Page 2006
FastStone Image Viewer 2.7
Foxit Reader
Free DWG Viewer 5.4
Google Earth
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Image Web Server IE Plugin 1,7,0,424
Image Web Server IE Plugins 1,7,0,424
IrfanView (remove only)
Macrogaming SweetIM 2.0
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Word Viewer 97
Mozilla Firefox (1.5.0.9)
NotePad SX 1.2
Outlook-QuoteFix
Paint.NET v3.07
PDF Editor 2
PDF4Free 2.0
PHP Editor 2.22
Privacy Eraser 4.62
QuickTime
Registrar Lite 2.00
R-Wipe&Clean 7.5
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update per Microsoft .NET Framework 2.0 (KB917283)
Spybot - Search & Destroy 1.4
SweetIM For Internet Explorer 3.0b
VertrigoServ (remove only)
Visual Task Tips 2.1
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
WinRAR gestione archivi
ZoneAlarm

Go to start> control panel> add/remove programs and uninstall this program:

SweetIM For Internet Explorer 3.0b

Navigate to and delete this folder:

C:\Programmi\Macrogaming\SweetIMBarForIE

Please download SDFix by AndyManchesta and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, a menu with options should appear.
Select the first option, to run Windows in "Safe Mode", then press "Enter".
Choose your usual account.

Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt

Please download and install

SuperAntiSpyware
Load SUPERAntiSpyware and click the Check for Updates button.
Once the update has finished, click the Scan your Computer button.
Check Perform Complete Scan and then click Next.
SUPERAntiSpyware will now scan your computer, and when it’s finished it will list all the infections it has found.
Make sure that they all have a check next to them, and then click Next.
Click Finish and you will be taken back to the main interface.
It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
I'll need a log afterwards of what has been found.
To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
Please post the results of the SUPERAntiSpyware log and a new HijackThis log in your next reply.

hi

is it now necessary to remouve antispywere and supera antispywere from my bar ?

these are the 3 reports you ask me

thanks

SDFix: Version 1.83

Run by a - 12/05/2007 - 11.09.26,63

Microsoft Windows XP [Versione 5.1.2600]

Running From: C:\DOCUME~1\a\Desktop\zip\sdf\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...

***************************************

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2007 at 12:37 PM

Application Version : 3.7.1018

Core Rules Database Version : 3237
Trace Rules Database Version: 1248

Scan type : Complete Scan
Total Scan Time : 00:52:50

Memory items scanned : 323
Memory threats detected : 0
Registry items scanned : 4696
Registry threats detected : 2
File items scanned : 63551
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\a\Cookies\a@doubleclick[1].txt
C:\Documents and Settings\a\Cookies\a@tribalfusion[1].txt
C:\Documents and Settings\a\Cookies\a@casaclick[1].txt
C:\Documents and Settings\a\Cookies\a@www.comprabanner[2].txt
C:\Documents and Settings\a\Cookies\a@tradedoubler[2].txt
C:\Documents and Settings\a\Cookies\a@media.intelia[2].txt
C:\Documents and Settings\a\Cookies\a@imrworldwide[2].txt
C:\Documents and Settings\a\Cookies\a@s1.shinystat[1].txt
C:\Documents and Settings\a\Cookies\a@shinystat[1].txt
C:\Documents and Settings\a\Cookies\a@media.eurekasa[1].txt

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-789336058-507921405-1060284298-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

********************************

Logfile of HijackThis v1.99.1
Scan saved at 13.07.03, on 12/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Hijackthis\HijackThis.exe
C:\Programmi\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/englis...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.pcn.minambiente.it/ecwpl...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.c...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1AB22F9-9A9B-4267-90F8-056B328EA0BA}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe