I have been infected by this and followed stops found on this forum. Here is the copied notes ater doing the hijackthis scan. Sorry i am not exactly a computer wizz so am just stumbling through this. It says to post this at the end of the process so here it is. Is it gone? seems pretty tricky to remove this eacceleration thingy.
thank you for your help in advance!
Logfile of HijackThis v1.99.1
Scan saved at 23:47:16, on 2007-3-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\accele~1\velozd~1\asiclayer.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

hi sarahcantbeara,

first look in add/remove program files and uninstall if present:
eAcceleration
stopsign

reboot computer once if you uninstall.

next:
download LSPFix.exe:

http://www.cexx.org/lspfix.htm

Check the Box labeled "I know what I'm doing" and then click on the >>asiclayer.dll<< file in the “Keep” side to select it.

Then, Select the >> button to move asiclayer.dll over to the remove side.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

(>> If the file asiclayer.dll is already in the remove section, then just click FINISH.)
------------------------------------
reboot once more and rescan and post a new hjt log please.

shelf life

download LSPFix.exe:

Ok, absolutely nothing to be found in the add/reomve programmes folder. I also coudn't download the lspfix software as it seems my winzip is all in chinese - a little problem living here in China when you get software from the computer companies...Can you help me with this little problem?? Virus still present i am afraid!

http://www.cexx.org/lspfix.htm

Check the Box labeled "I know what I'm doing" and then click on the >>asiclayer.dll<< file in the “Keep” side to select it.

Then, Select the >> button to move asiclayer.dll over to the remove side.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

(>> If the file asiclayer.dll is already in the remove section, then just click FINISH.)
------------------------------------
reboot once more and rescan and post a new hjt log please.

hi sarahcantbeara,

we can hold off on the LSPFix for now.

lets try AVG antispyware to see what it can dig up.

Download AVG Anti-Spyware and save that file to your
desktop.
This is a 30 day trial of the program:

http://www.ewido.net/en/download/

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition
files.
3. On the main screen select the icon "Update" then select the "
Update now" link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then
select "Quarantine".
6. Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"

# Select the "Scanner" icon at the top and then the "Scan" tab
then click on "Complete System Scan".
# ewido will now begin the scanning process, be patient this may take a little
time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all
actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the
screen and save it to a text file on your system. please post the avg saved report in next reply, if there are alot of cookies you can edit them out to keep it short.

shelf life

Thank you for your support. I really am very grateful!
The AVG didnt pick up the eacceleration. It picked up a lot of cookies and deleted them. There were no reports available.

Eacceleration doesnt seem to be casuing any problem we can see. Everything is running smoothly so far. It is still always picked up by spy bot though. I am wondering if that is the nature of this virus?

Thank you for everything, this is a great "community" here that feels like a supportive family in many ways. A cyber family...how sweet. I am learning new things every day!

hi sarahcantbeara,


glad to help.


It is still always picked up by spy bot though
maybe this is just a leftover registry entry spybot is flagging?
dont see anything in the hjt log and AVG didnt find it either.

can you post the spybot log?
like this:
Open SpyBot. On the toolbar menu select mode and switch to advanced mode. on the left....lower down, select tools,then>> at top>view report. Ensure all the options are selected near the bottom except [ ]dont check: do not report disabled or known legitimate Items, then select(near the top) view report. Press export, in the save in box choose a place such as your my documents folder,or desktop then. copy/paste that log in next reply.
-------------
shelf life

This topic has been closed to prevent others with similar issues posting in it. :D:

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.