Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help


  • This topic is locked This topic is locked
30 replies to this topic

#1 jamie4k

jamie4k

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 09 May 2006 - 12:44 PM

Hi my brother has installed a few things from msn that are infected. Here is my log from HJT.

The popups are crazy when he first installed block checker i simply stopped using IE and went to firefox which was completely fine and now he installed IM-Names which is similar to the above and is showing popups in firefox this is quite annoying as its mad lol my comp is pretty infected and I will appreciate your help so much.

Logfile of HijackThis v1.99.1
Scan saved at 18:39:23, on 09/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\QW5kcmV3IENvb3Blcg\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark P910 Series\ezprint.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\win.exe
C:\mousepad18.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\lxbycoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SwiftSwitch\SwiftSwitch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\My Pictures\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Jammer2nd] C:\WINDOWS\Jammer2nd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Mode Less Roam Ball] C:\Documents and Settings\All Users\Application Data\vc meow mode less\TONS THUNK.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] win.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard18.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad18.exe
O4 - HKLM\..\Run: [newname] C:\\newname18.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] win.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Sygate Personal Firewall] win.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126266495906
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BA46668-3F8F-451C-A2B8-404F8CE25846}: NameServer = 80.225.254.178 80.225.254.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kcmV3IENvb3Blcg\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Edited by jamie4k, 09 May 2006 - 12:54 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:17 AM

Posted 10 May 2006 - 04:44 AM

Hello,

Go to start > controlpanel > software > add/remove programs and uninstall next programs if present:

Network Monitor
Command


I also see you have messenger plus installed with sponsors. They are responsible for popups, changing startpage and extra toolbars.
So, I advise you to uninstall messengerplus first. If you really like the program and think it's very usefull, you can install it again AFTER your system is clean again. Please make sure you install it without the sponsors. (They'll ask you in the beginning of the install)

During the uninstall you will get a little window as in the example here: http://www.msgplus.net/images/sponsor_uninstall.jpg
If you can't find that window, look in your taskbar. Type the code you'll see in that window and click uninstall.
When finished, reboot your system.

After reboot,

Please perform next in the right order:

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report Together with the contents of a new HiJackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 jamie4k

jamie4k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 10 May 2006 - 07:32 AM

Panda Report:


Incident Status Location

Adware:Adware/Deskwizz Not disinfected C:\bintheredunthat\VSL02.exe
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.advertising.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.888.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.rn11.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bvv3413b.default\cookies.txt[statse.webtrendslive.com/dcse2j1285twkf1mbliutrv4s_2m7b]
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\startsurf\bash face first.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\startsurf\Multierrorphonebib.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\3d2b71b.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C0LR8WGB\upAYB_unk[1].int
Virus:Trj/SCKeyLog.AA Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\aaa.zip[SCKeyLogFree.exe][klenA]
Virus:Trojan Horse Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\aaa.zip[SCKeyLogFree.exe][kllnA]
Virus:PHP/Shellbot.A.worm Disinfected C:\Documents and Settings\Owner\My Documents\Jamie\habworld\public_html\cutenews\bot.c
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\Havvoc.zip[WpeSpy.dll]
Virus:Trj/SCKeyLog.AA Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\aaa.zip[SCKeyLogFree.exe][klenA]
Virus:Trojan Horse Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\aaa.zip[SCKeyLogFree.exe][kllnA]
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\Havvoc.zip[WpeSpy.dll]
Virus:Trj/UpHid.A Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\Sc-Keylog Pro 3.1 License.rar[SC-Keylog Pro 3.1\scklpro.exe][klenA]
Virus:Trj/SCKeylog.F Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\Sc-Keylog Pro 3.1 License.rar[SC-Keylog Pro 3.1\scklpro.exe][kllnA]
Virus:Trj/SCKeyLog.AA Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\SC.zip[SCKeyLogFree.exe][klenA]
Virus:Trojan Horse Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\SC.zip[SCKeyLogFree.exe][kllnA]
Virus:Trj/SCKeyLog.AA Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\SCKeyLogFree.exe[klenA]
Virus:Trojan Horse Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\SCKeyLogFree.exe[kllnA]
Virus:Bck/Agent.AWF Disinfected C:\Documents and Settings\Owner\My Documents\Jamie\mbhttpbf.exe
Virus:Trj/SCKeyLog.AA Disinfected C:\Documents and Settings\Owner\My Documents\Jamie\SC-KeyLog\Rune_Merchant.zip[Rune_Browse.exe]
Virus:Trj/UpHid.A Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\Sc-Keylog Pro 3.1 License.rar[SC-Keylog Pro 3.1\scklpro.exe][klenA]
Virus:Trj/SCKeylog.F Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\Sc-Keylog Pro 3.1 License.rar[SC-Keylog Pro 3.1\scklpro.exe][kllnA]
Virus:Trj/SCKeyLog.AA Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\SC.zip[SCKeyLogFree.exe][klenA]
Virus:Trojan Horse Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\SC.zip[SCKeyLogFree.exe][kllnA]
Virus:Trj/SCKeyLog.AA Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\SCKeyLogFree.exe[klenA]
Virus:Trojan Horse Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\SCKeyLogFree.exe[kllnA]
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\wpe\WPE PRO.exe
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\wpe\WpeSpy.dll
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\wpe.zip[WPE PRO.exe]
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\wpe.zip[WpeSpy.dll]
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\WPEPRO\WPE PRO.exe
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\WPEPRO\WpeSpy.dll
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\WPEPRO.zip[WPE PRO.exe]
Hacktool:Sniffer/WpePro Not disinfected C:\Documents and Settings\Owner\My Documents\Jamie\WPEPRO.zip[WpeSpy.dll]
Virus:Trj/SCKeyLog.AA Disinfected C:\Documents and Settings\Owner\My Documents\My Webs\scsite\banpanel.zip[banpanel.exe]
Virus:Trj/SCKeyLog.AA Disinfected C:\Documents and Settings\Owner\My Documents\My Webs\scsite\furnimaker.zip[furnimaker.exe]
Virus:Trj/SCKeyLog.AA Disinfected C:\Documents and Settings\Owner\My Documents\My Webs\scsite\hab-plus.zip[Habbo Plus 4.exe]
Virus:Trj/SCKeyLog.AA Disinfected C:\Documents and Settings\Owner\My Documents\My Webs\scsite\hcmaker.zip[hcmaker.exe]
Adware:Adware/nCase Not disinfected C:\Documents and Settings\Owner\My Documents\Setup.exe
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Adware:Adware/2Search Not disinfected C:\Program Files\2search\2search.dll
Adware:Adware/2Search Not disinfected C:\Program Files\2search\get.exe
Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\21C2884C-45AE-461A-9CBA-C53A4D\FBC1AB8A-36A1-4BCF-A6D9-1A8300
Adware:Adware/SurfAccuracy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\41E0BDD1-2B6A-4E1D-B14B-C45096\0BE47CFF-70B5-47A8-8F05-33A57E
Adware:Adware/SurfAccuracy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\41E0BDD1-2B6A-4E1D-B14B-C45096\2F4D2689-E596-498A-8B26-5A9D9D
Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6122DFF2-B409-47A4-A71B-B986ED\ACA6EB4A-0FDE-4B08-87F3-68D3BF
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\64222B25-F354-4C29-AF7C-4C3F4B\6DB1702C-5F74-4084-A9E0-28CECC
Adware:Adware/PowerScan Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\719A2D61-19E0-40CB-B5EE-5C37F8\E48B5019-67F9-4B66-97F3-372517
Adware:Adware/2Search Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\95227A1D-2C76-4512-8288-64013E\840BDACB-0EC0-4FF7-A043-F2D85D
Adware:Adware/2Search Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\95227A1D-2C76-4512-8288-64013E\EBADA11B-C786-418E-8E15-318EFA
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\9EE9F816-8C51-4573-8297-790AE3\6B8CCF76-AEF4-4CC9-98BA-1556AF
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\9EE9F816-8C51-4573-8297-790AE3\AD82ADF5-ED24-4A8C-BC30-EE259D
Adware:Adware/Block-checker Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B17477FC-9120-42F2-AE0A-E2367A\D7A66248-E460-4740-8700-BF531C
Adware:Adware/NewAds Not disinfected C:\Program Files\SwiftSwitch\wSwiftSwitch.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Uninstall My Web Search.dll
Adware:Adware/NewAds Not disinfected C:\Program Files\Windows\WinUpdate.exe[≤™«]
Virus:PHP/Shellbot.A.worm Disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\habworld\public_html\cutenews\bot.c
Virus:Trj/Keylog.Y Not disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\SCKeyLogFree.exe[klenA]
Virus:Trj/Keylog.Y Not disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\SCKeyLogFree.exe[kllnA]
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe\WPE PRO.exe
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe\WpeSpy.dll
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe.zip[WPE PRO.exe]
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe.zip[WpeSpy.dll]
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO\WPE PRO.exe
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO\WpeSpy.dll
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO.zip[WPE PRO.exe]
Hacktool:Sniffer/WpePro Not disinfected C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO.zip[WpeSpy.dll]
Adware:Adware/nCase Not disinfected C:\WINDOWS\icont.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_98.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\QW5kcmV3IENvb3Blcg\asappsrv.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\QW5kcmV3IENvb3Blcg\command.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\QW5kcmV3IENvb3Blcg\kqc4wApaKHhSva15w0.vbs
Virus:Trj/Downloader.IRR Disinfected C:\WINDOWS\system32\setup.exe.tmp
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\teller2.chk


And HJT:

Logfile of HijackThis v1.99.1
Scan saved at 13:31:21, on 10/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\QW5kcmV3IENvb3Blcg\command.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark P910 Series\ezprint.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\win.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\lxbycoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~e5d141.tmp
C:\Documents and Settings\Owner\My Documents\My Pictures\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Jammer2nd] C:\WINDOWS\Jammer2nd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Mode Less Roam Ball] C:\Documents and Settings\All Users\Application Data\vc meow mode less\TONS THUNK.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] win.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] win.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Sygate Personal Firewall] win.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126266495906
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BA46668-3F8F-451C-A2B8-404F8CE25846}: NameServer = 80.225.254.178 80.225.254.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:17 AM

Posted 10 May 2006 - 07:57 AM

Hello,

As you already noticed from your Pandalog... most what Panda flagged were programs you downloaded/installed yourself, containing malicious files.
As long as you proceed doing this and installing this malware yourself, you will never be able to keep this system clean... and you'll get reinfected again and again.

I see you still didn't uninstall Messenger plus. Trust me, it is with a reason I am asking, because you installed it with the sponsorpacket. When your system is clean again, you can reinstall it, but WITHOUT the sponsorpacket.

So please uninstall Messenger Plus, otherwise we won't be able to deal with the malware it installed.

Reboot afterwards.

After reboot,

We also need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [Jammer2nd] C:\WINDOWS\Jammer2nd.exe
O4 - HKLM\..\Run: [Mode Less Roam Ball] C:\Documents and Settings\All Users\Application Data\vc meow mode less\TONS THUNK.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] win.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] win.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] win.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

* Reboot into Safe Mode`: ( without networking support !)
įTo get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\System32\win.exe
C:\WINDOWS\Jammer2nd.exe
C:\Documents and Settings\All Users\Application Data\vc meow mode less <= folder
C:\bintheredunthat\VSL02.exe
C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
C:\Documents and Settings\Owner\Application Data\startsurf <== folder
C:\Documents and Settings\Owner\My Documents\Jamie\Havvoc.zip
C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\aaa.zip
C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\Havvoc.zip
C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\Sc-Keylog Pro 3.1 License.rar
C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\SC.zip
C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\Jamie\SCKeyLogFree.exe
C:\Documents and Settings\Owner\My Documents\Jamie\Sc-Keylog Pro 3.1 License.rar
C:\Documents and Settings\Owner\My Documents\Jamie\SC.zip
C:\Documents and Settings\Owner\My Documents\Jamie\SCKeyLogFree.exe
C:\Documents and Settings\Owner\My Documents\Jamie\wpe <== folder
C:\Documents and Settings\Owner\My Documents\Jamie\wpe.zip
C:\Documents and Settings\Owner\My Documents\Jamie\WPEPRO <== folder
C:\Documents and Settings\Owner\My Documents\Jamie\WPEPRO.zip
C:\Documents and Settings\Owner\My Documents\Setup.exe
C:\Program Files\2search <== folder
C:\Program Files\SwiftSwitch <== folder
C:\Program Files\Uninstall My Web Search.dll
C:\Program Files\Windows\WinUpdate.exe[≤™«]
C:\WINDOWS\icont.exe
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\QW5kcmV3IENvb3Blcg <= folder (this is a hidden folder, so make sure your hidden files and folders are shown as I already explained)
C:\WINDOWS\teller2.chk

Open your Microsoft Antispyware, select the quarantaine option and delete anything present in there.

Please hide your hidden files and folders afterwards again, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

You forgot to perform this step previously or didn't perform it properly, so perform next again: (you are still in safe mode)

* Clean your Cache and Cookies in IE:

  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.


Reboot back to normal mode.

* Open notepad and copy and paste next in it:

if exist %systemdrive%\look.txt del %systemdrive%\look.txt
cd\
cd %appdata%
dir /x >> %systemdrive%\look.txt
cd %allusersprofile%\Application Data
dir /x >> %systemdrive%\look.txt
dir %Windir%\tasks /a:h >> C:\look.txt
start notepad %systemdrive%\look.txt


Save this as look.bat , choose to save it as *all files and place it on your desktop.
This is how the batch must look afterwards: Posted Image
Doubleclick findjobs.bat and post the content of the txtfile you get in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 jamie4k

jamie4k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 10 May 2006 - 09:07 AM

When I press F8 it isnt loading in safe mode.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:17 AM

Posted 10 May 2006 - 09:14 AM

Not sure how you try to boot in safe mode though...
Take a look here with pictures:
http://www.computerhope.com/issues/chsafe.htm#02

If it really doesn't work, perform it in normal mode. Just let me know afterwards what files/folders you were not able to delete/giving an access denied error or file is in use error.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 jamie4k

jamie4k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 10 May 2006 - 09:17 AM

It letting me open in safe mode now I will post an update shortly on how it goes.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:17 AM

Posted 10 May 2006 - 09:21 AM

Ok, success. Better to print out above instructions, because in safe mode, you're not supposed to have internet connection, so you won't be able to read the instructions here. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 jamie4k

jamie4k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 10 May 2006 - 09:50 AM

Saved them in notepad :thumbsup: anyway im back and here is the result from the look.bat

Volume in drive C is HP_PAVILION
Volume Serial Number is E0CB-3111

Directory of C:\Documents and Settings\Owner\Application Data

10/05/2006 15:24 <DIR> .
10/05/2006 15:24 <DIR> ..
10/05/2006 11:34 <DIR> Adobe
24/01/2006 23:10 <DIR> Aim
10/09/2005 15:15 <DIR> AOL
08/02/2006 17:57 <DIR> APPLEC~1 Apple Computer
08/05/2006 19:04 <DIR> AVG7
07/05/2005 17:29 <DIR> FaxCtr
11/08/2005 18:07 <DIR> FUNKIT~1 funkitron
31/12/2005 23:55 <DIR> Google
08/05/2006 20:59 <DIR> GPLSET~1 Gpl Settings Wipe
17/06/2005 11:36 <DIR> Havvoc
04/07/2005 19:58 773 HAVVOC~1.CON Havvoc2.conf
15/05/2005 13:47 <DIR> Help
14/06/2005 14:50 <DIR> IDENTI~1 Identities
02/01/2003 01:29 <DIR> INTERT~1 InterTrust
08/06/2005 09:43 <DIR> INTERV~1 InterVideo
28/02/2006 20:11 <DIR> MACROM~1 Macromedia
07/05/2005 13:51 <DIR> MICROS~2 Microsoft Web Folders
25/05/2005 17:47 <DIR> Mozilla
01/03/2006 13:41 <DIR> PETROG~1 Petroglyph
02/01/2003 01:37 <DIR> SAMPLE~1 SampleView
07/02/2006 21:21 <DIR> SmartFTP
19/05/2005 13:00 <DIR> Sun
07/05/2005 15:29 <DIR> Symantec
11/01/2006 23:44 <DIR> SYNTRI~1 Syntrillium
25/05/2005 17:47 <DIR> Talkback
10/01/2006 17:44 <DIR> ULEADS~1 Ulead Systems
07/05/2005 21:17 <DIR> VERITAS
08/05/2005 10:29 <DIR> YOU'VE~1 You've Got Pictures Screensaver
1 File(s) 773 bytes
29 Dir(s) 25,992,937,472 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is E0CB-3111

Directory of C:\Documents and Settings\All Users\Application Data

10/05/2006 11:34 <DIR> Adobe
10/09/2005 15:15 <DIR> AOL
08/02/2006 17:55 <DIR> APPLEC~1 Apple Computer
08/05/2006 19:12 <DIR> avg7
25/02/2006 13:49 <DIR> BLUETO~1 Bluetooth
07/05/2005 13:02 <DIR> FaxCtr
08/05/2006 19:04 <DIR> Grisoft
23/12/2005 12:28 <DIR> MACROV~1 Macrovision
08/02/2006 23:15 1,755 QTSBAN~1 QTSBandwidthCache
12/06/2005 18:02 <DIR> QUICKT~1 QuickTime
02/01/2003 00:33 <DIR> SBSI
07/05/2005 13:51 <DIR> SBT
18/01/2006 20:18 <DIR> SONYER~1 Sony Ericsson
06/04/2006 10:24 <DIR> SPYBOT~1 Spybot - Search & Destroy
28/09/2005 19:15 <DIR> Symantec
10/01/2006 17:41 <DIR> ULEADS~1 Ulead Systems
08/05/2005 10:29 <DIR> VIEWPO~1 Viewpoint
08/09/2005 23:18 <DIR> WINDOW~1 Windows Genuine Advantage
1 File(s) 1,755 bytes
17 Dir(s) 25,992,937,472 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is E0CB-3111

Directory of C:\WINDOWS\tasks

10/05/2006 15:00 266 8C1CC72A947B6716.job
21/09/2002 20:18 65 desktop.ini
10/05/2006 15:43 6 SA.DAT
3 File(s) 337 bytes
0 Dir(s) 25,992,937,472 bytes free


and HJT:

Logfile of HijackThis v1.99.1
Scan saved at 15:47:28, on 10/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark P910 Series\ezprint.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\lxbycoms.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\My Pictures\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126266495906
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BA46668-3F8F-451C-A2B8-404F8CE25846}: NameServer = 80.225.254.178 80.225.254.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

and also wen i startup my comp will freeze for a while :S never used to do that.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:17 AM

Posted 10 May 2006 - 10:03 AM

Hello,

Your hijackthislog looks clean again, so we really made progress..

* Open notepad and copy and paste next content in it:

%systemdrive%
cd %WinDir%\Tasks
attrib -r -s -h 8C1CC72A947B6716.job
del 8C1CC72A947B6716.job


Save this as remjobs.bat , choose to save as *all files and place it on your desktop.
Doubleclick on remjobs.bat. A doswindow will open and close again, this is normal.

When you startup your computer, does it give an error? You say it freezes for a while...

Anyway, I want to be sure here that everything malware related is gone, because I guess there is still something present - especially with the amount you were dealing before.
That's why I want to let you run some additional scans to take a look.

But first, Perform a full scan with an updated Adaware SE and/or Spybot S&D to get rid of some leftovers if still present.
If you don't have those programs yet, you can find the downloadlocations in my signature.

When done, Download and Save blacklight to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
I need that log afterwards..

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer"
8. When the scan is complete choose to save the results as "Save as Text"
9. Post the Kaspersky scan results in your next reply together with the log from blacklight.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 jamie4k

jamie4k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 10 May 2006 - 10:17 AM

No it didnt give me w error it would just freeze, also i noticed this toolbar888 in my add/remove programs wont let me uninstall it. And blacklight didnt detecct anything.

Just doing the other scan now.

Edited by jamie4k, 10 May 2006 - 10:18 AM.


#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:17 AM

Posted 10 May 2006 - 10:26 AM

Don't worry about the toolbar88 - most probably the related files were already deleted before, which may explain why the uninstaller doesn't work.

Just look in your C:\Program Files if the folder Toolbar88 is still present and delete it.

After running the Kaspersky online scan, perform next as well..
Open Hijackthis.
Click 'config' (bottom right) > Misc Tools > Generate StartUpListlog
Check the two boxes next to it:
List also minor sections (full)
List empty sections (complete)
Click Generate StartupListlog
Post that log also in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 jamie4k

jamie4k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 10 May 2006 - 01:25 PM

Kaspersky(finally took a while to scan lol):

Scan Statistics
Total number of scanned objects 156956
Number of viruses found 44
Number of infected objects 120
Number of suspicious objects 0
Duration of the scan process 02:53:36

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Owner\Local Settings\Temp\3d2b71b.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\Documents and Settings\Owner\Local Settings\Temp\3e5864a.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\Documents and Settings\Owner\Local Settings\Temp\42c9746.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\Documents and Settings\Owner\My Documents\Jamie\aaa.zip/SCKeyLogFree.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.p skipped
C:\Documents and Settings\Owner\My Documents\Jamie\aaa.zip/SCKeyLogFree.exe/data0010 Infected: Trojan-Spy.Win32.SCKeyLog.p skipped
C:\Documents and Settings\Owner\My Documents\Jamie\aaa.zip/SCKeyLogFree.exe Infected: Trojan-Spy.Win32.SCKeyLog.p skipped
C:\Documents and Settings\Owner\My Documents\Jamie\aaa.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Owner\My Documents\Jamie\ccsetup123.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Owner\My Documents\Jamie\ccsetup123.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Owner\My Documents\Jamie\ccsetup123.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\wrar342.exe/data.rar/Default.SFX Infected: Trojan.Win32.Pakes skipped
C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\wrar342.exe/data.rar Infected: Trojan.Win32.Pakes skipped
C:\Documents and Settings\Owner\My Documents\Jamie\JAMIES\Jamie-Stuff\wrar342.exe RarSFX: infected - 2 skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\21C2884C-45AE-461A-9CBA-C53A4D\FBC1AB8A-36A1-4BCF-A6D9-1A8300 Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\6122DFF2-B409-47A4-A71B-B986ED\ACA6EB4A-0FDE-4B08-87F3-68D3BF Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\9EE9F816-8C51-4573-8297-790AE3\6B8CCF76-AEF4-4CC9-98BA-1556AF Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\B17477FC-9120-42F2-AE0A-E2367A\D7A66248-E460-4740-8700-BF531C Infected: not-a-virus:AdWare.Win32.Chiem.a skipped
C:\Program Files\SwiftSwitch\wSwiftSwitch.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Program Files\WinRAR\Default.SFX Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\SCKeyLogFree.exe/data0008 Infected: Trojan-Spy.Win32.Agent.cd skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\SCKeyLogFree.exe/data0009 Infected: Trojan-Spy.Win32.Agent.cd skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\SCKeyLogFree.exe/data0010 Infected: Trojan-Spy.Win32.Agent.cd skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\SCKeyLogFree.exe/data0011 Infected: Trojan-Spy.Win32.Agent.cd skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\SCKeyLogFree.exe NSIS: infected - 4 skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe\WPE PRO.exe Infected: Sniffer.Win32.WpePro.a skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe\WpeSpy.dll Infected: Sniffer.Win32.WpePro.a skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe.zip/WPE PRO.exe Infected: Sniffer.Win32.WpePro.a skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe.zip/WpeSpy.dll Infected: Sniffer.Win32.WpePro.a skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\wpe.zip ZIP: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO\WPE PRO.exe Infected: Sniffer.Win32.WpePro.a skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO\WpeSpy.dll Infected: Sniffer.Win32.WpePro.a skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO.zip/WPE PRO.exe Infected: Sniffer.Win32.WpePro.a skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO.zip/WpeSpy.dll Infected: Sniffer.Win32.WpePro.a skipped
C:\RECYCLER\S-1-5-21-1900933369-1853039685-2251345658-1016\Dc1\Jamie\WPEPRO.zip ZIP: infected - 2 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP145\A0048510.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP149\A0051041.exe Infected: HackTool.Win32.VB.ao skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051048.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051048.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051048.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051049.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051049.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051049.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.al skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051049.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051049.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051049.exe CAB: infected - 5 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051052.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051052.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051055.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051056.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051060.exe Infected: not-a-virus:AdWare.Win32.VB.n skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051071.exe/data0001 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051071.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051073.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051073.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051091.exe/data0010 Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051091.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051103.exe Infected: HackTool.Win32.VB.ao skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051495.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051496.exe Infected: not-a-virus:AdWare.Win32.SurfSide.al skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051497.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP150\A0051498.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP157\A0055444.exe Infected: not-a-virus:AdWare.Win32.PowerScan.d skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP165\A0056566.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP165\A0056591.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP165\A0056592.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP165\A0056593.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP165\A0056594.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP165\A0056595.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP165\A0056596.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP180\A0062143.exe Infected: not-a-virus:AdWare.Win32.Lop.ai skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP190\A0068850.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP190\A0068851.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP190\A0068853.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP191\A0068954.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP191\A0068954.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP191\A0068954.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP192\A0070364.exe Infected: HackTool.Win32.VB.ao skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP192\A0071519.exe Infected: IM-Worm.Win32.Chiem.a skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP192\A0071520.exe Infected: not-a-virus:AdWare.Win32.Chiem.a skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP192\A0071522.dll Infected: not-a-virus:AdWare.Win32.Chiem.a skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP192\A0071523.dll Infected: not-a-virus:AdWare.Win32.Chiem.a skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0085494.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0085499.exe Infected: not-a-virus:AdWare.Win32.2Search.h skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0085500.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0085501.exe Infected: not-a-virus:AdWare.Win32.2Search.g skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0085503.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0085550.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0085550.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0085550.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0085608.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0085648.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086711.exe Infected: Trojan-Downloader.Win32.VB.acn skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086715.exe Infected: Trojan-Downloader.Win32.Adload.bf skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086718.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086718.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086718.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086718.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086718.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086718.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086721.exe Infected: Trojan-Downloader.Win32.VB.acn skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086722.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086734.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086830.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086831.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086832.exe/stream/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086832.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086832.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086832.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086833.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086834.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086835.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086835.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086835.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086838.exe Infected: Trojan-Downloader.Win32.Swizzor.cb skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086839.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086842.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086843.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086845.dll Infected: not-a-virus:AdWare.Win32.2Search.f skipped
C:\System Volume Information\_restore{7182866A-7B67-4D45-9C1F-A24DD0248D4C}\RP197\A0086846.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\67PM4TYP\fenice[1].exe Infected: Backdoor.Win32.Rbot.gen skipped
Scan process completed.

HJT:

StartupList report, 10/05/2006, 19:23:23
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Owner\My Documents\My Pictures\HijackThis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark P910 Series\ezprint.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\lxbycoms.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\JAM's Jedi Knight KT v2.0\jamkt.exe
C:\Documents and Settings\Owner\My Documents\My Pictures\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BlueSoleil.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BlockTracker = c:\hp\bin\BlockTracker.exe
hpsysdrv = c:\windows\system\hpsysdrv.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
KBD = C:\HP\KBD\KBD.EXE
StorageGuard = "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz = nwiz.exe /installquiet /keeploaded
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PS2 = C:\WINDOWS\system32\ps2.exe
lxbymon.exe = "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
FaxCenterServer = "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
(Default) =
EzPrint = "C:\Program Files\Lexmark P910 Series\ezprint.exe"
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NVIEW = rundll32.exe nview.dll,nViewLoadHook

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmarque.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

At1.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx
CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\System32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\System32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[RegUserCfgUI Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yregucfg.dll
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/...b?1126266495906

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[Seekford Solutions, Inc.'s ssiPictureUploader Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SSIPIC~1.OCX
CODEBASE = http://img.funtigo.com/images/uploader/ssi...ureUploader.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): System32\DRIVERS\alcan5wn.sys (manual start)
SpeedTouch ADSL Modem ATM Transport: System32\DRIVERS\alcaudsl.sys (manual start)
Service for Avance AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Aunsddpaup: C:\WINDOWS\System32\drivers\msdv.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Bluetooth Audio Service: System32\DRIVERS\blueletaudio.sys (manual start)
BlueSoleil Hid Service: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (autostart)
MAC Bridge: System32\DRIVERS\bridge.sys (manual start)
MAC Bridge Miniport: System32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Bluetooth PAN Network Adapter: System32\DRIVERS\btnetdrv.sys (manual start)
Bluetooth USB For Bluetooth Service: System32\Drivers\btcusb.sys (manual start)
Bluetooth HID Enumerator: System32\DRIVERS\vbtenum.sys (manual start)
Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system)
Bluetooth Network Filter: \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
EagleNT: \??\C:\WINDOWS\System32\drivers\EagleNT.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
GrandTechICNameNT: System32\Drivers\gt680x.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HSFHWBS2: System32\DRIVERS\HSFHWBS2.sys (manual start)
HSF_DP: System32\DRIVERS\HSF_DP.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
lxby_device: C:\WINDOWS\System32\lxbycoms.exe -service (manual start)
Macromedia Licensing Service: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" (manual start)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
MR97310 CIF Dual Mode Camera: System32\DRIVERS\mr97310c.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
nenum13E: \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\nenum13E.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NPPTNT2: \??\C:\WINDOWS\System32\npptNT2.sys (system)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
NEC FireWarden OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
VGA USB Camera: System32\Drivers\ov519vid.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: \SystemRoot\System32\DRIVERS\pciide.sys (disabled)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
PS2: System32\DRIVERS\PS2.sys (manual start)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS AGP Filter: System32\DRIVERS\SISAGP.sys (system)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{69ACAF39-B0F6-4BC8-9D3D-56749DE5BC7D} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32\DRIV

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:17 AM

Posted 10 May 2006 - 01:42 PM

Hi,

I see Kaspersky also flagged some other programs that were downloaded - cracked versions. As I already said before, downloading/installing all these cracked versions infect your system, so you are the one responsible. Also keep in mind, malware damages your system and in most cases it can't be properly fixed anymore, which results in a format and reinstall to fix everything again.

Delete the entire contents of this folder:

C:\Documents and Settings\Owner\Local Settings\Temp

Delete next files (looks like you didn't delete it previously when I asked you):

C:\Documents and Settings\Owner\My Documents\Jamie\aaa.zip
C:\Program Files\SwiftSwitch\wSwiftSwitch.exe

Copy and paste next line in your explorer in the addressbar (not your internet explorer, but explorer)

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\67PM4TYP

This should open the 67PM4TYP-folder.
Delete everything present in that 67PM4TYP folder.

Then delete the contents of your Recyclebin.

I can't see anything suspicious in the Startuplistlog - or an orphaned malware related entry that can cause the freeze at startup, so it could be possible a legit program is causing this.
Can you reboot again and let me know if you still have that problem.
Also, did you delete anything previously I didn't ask you to delete? For example a file looking similar to a file I asked you to delete?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 jamie4k

jamie4k
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 11 May 2006 - 04:13 AM

well i cant remove the program swiftswitch as its a game i play, and its my brother that downloads of this crap i will do this tonite as im in college at the mo.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users