Hey guys I need help pretty bad, and ANY help would be much appreciated.My computer is like a mass virus, I keep getting annoying pop ups all the time, the computer is running REAL slow and worst of all is when im browsing the net, every minute or two the page will be re-directed to some other site, and the page goes half/quarter the size, does that make sense? I am a complete newbie to computers(incase you didnt notice). I have run a adaware scan, Anyhows I have tried running a adaware scan, spybot search and destroy with no help. I read the stickied threads and downloaded some of the programs mentioned. Here is the report thingy for hijackthis program Logfile of HijackThis v1.99.1 Scan saved at 06:25:47, on 13/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Videora\Videora.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\WinZip\WZQKPICK.EXE c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\BitTornado\btdownloadgui.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSearch.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DesktopDavey2] C:\Program Files\Rippleffect\Desktop Davey\Davey.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800" O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [kuko] c:\stub_113_4_0_4_0.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0015/ukiq0015.cab O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843066.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/FunBuddyIconsFWBInitialSetup1.0.0.15.cab O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\p0p6la7s1d.dll O20 - Winlogon Notify: winqxd32 - C:\WINDOWS\SYSTEM32\winqxd32.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Thanx guys, its much appreciated. Damien
Hi, Let's get started. Notice that this is the first fix we'll do; not the only one. * Please download http://www.atribune.org/ccount/click.php?id=7 (Look2Me-Destroyer.exe) to your desktop. * Close all windows before continuing. * Double-click [bold]Look2Me-Destroyer.exe[/bold] to run it. * Put a check next to [bold]Run this program as a task.[/bold] * You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click [bold]OK[/bold] * When Look2Me-Destroyer re-opens, click the [bold]Scan for L2M[/bold] button, your desktop icons will disappear, this is normal. * Once it's done scanning, click the [bold]Remove L2M[/bold] button. * You will receive a [bold]Done Scanning[/bold] message, click [bold]OK[/bold]. * When completed, you will receive this message: [bold]Done removing infected files! Look2Me-Destroyer will now shutdown your computer[/bold], click [bold]OK[/bold]. * Your computer will then shutdown. * Turn your computer back on. * Please post the contents of C:\[bold]Look2Me-Destroyer.txt[/bold] and a new HiJackThis log. *If you receive a message from your Firewall about this program accessing the Internet, please allow it. If you receive a [bold]runtime error '339'[/bold] please download MSWINSCK.OCX from the link below and place it in your [bold]C:\Windows\System32[/bold] Directory. http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Sup dude I really appreciate the help. Ok I have run the look2me-destroyer and carried out what you said to do. Where do I find the look2me-destroyer log? Anyhows Here is my latest hijackthis log(done after I run that look2me program). Like I said many thanx for the help dude. I work nights so I will do what you tell me as soon as I get home and when I wake up again.....nights suck. I am only telling you this incase your thinking I am trying to help him but he's replying hours later. Ps// I havent mentioned yet and I dont know if it will be any help but Most of these BIG problems happened when my brother downloaded a key gen thingy (I believe), thats when the computer went out of control. Thanx dude Logfile of HijackThis v1.99.1 Scan saved at 20:00:50, on 13/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\alg.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Videora\Videora.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSearch.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DesktopDavey2] C:\Program Files\Rippleffect\Desktop Davey\Davey.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800" O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [kuko] c:\stub_113_4_0_4_0.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0015/ukiq0015.cab O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843066.cab O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winqxd32 - C:\WINDOWS\SYSTEM32\winqxd32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Hi again, Please follow the instructions provided, you may want to print out these instructions and use them as a reference. Please download Ewido Anti-malware: http://www.ewido.net/en/download/ it is a free version of the program. 1. Install Ewido Anti-malware 2. When installing, under "Additional Options" uncheck.. * Install background guard * Install scan via context menu 3. Launch Ewido, there should be an icon on your desktop, double-click it. 4. The program will now open to the main screen. 5. When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. 6. You will need to update ewido to the latest definition files. * On the left hand side of the main screen click update. * Then click on Start Update. 7. The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update Ewido. http://www.ewido.net/en/download/updates/ Once the updates are installed do the following: Please reboot your computer in Safe Mode by doing the following: [bold]1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode.[/bold] Once in Safe Mode, open Ewido, * Click on scanner * Click on Complete System Scan and the scan will begin. * You will be prompted to clean the first infection. * Select "Perform action on all infections", then proceed. * Once the scan has completed, there will be a button located on the bottom of the screen named Save report * Click Save report. * Save the report .txt file to your desktop or a location where you can find it easily. Close Ewido Anti-malware. Reboot Windows into Normal Mode, then post the Ewido log along with a fresh HijackThis log. =)
Sup dude Once again many thanx for the help. Much appreciated. Ok something is deffo working coz I aint getting re-directed(hijacked) to any dodgy sites anymore which is awesome. Getting a few pop ups but its %700000 better than it was, so thanx for that. Heres my latest scan for hijackthis Logfile of HijackThis v1.99.1 Scan saved at 05:45:09, on 15/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\System32\wbem\wmiprvse.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Videora\Videora.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Spyware Doctor\swdoctor.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DesktopDavey2] C:\Program Files\Rippleffect\Desktop Davey\Davey.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800" O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [kuko] c:\stub_113_4_0_4_0.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0015/ukiq0015.cab O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843066.cab O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winqxd32 - winqxd32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe [bold]and heres my scan for ewido[bold] ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 05:28:34, 15/02/2006 + Report-Checksum: E6E1D7A3 + Scan result: HKLM\SOFTWARE\ASDPLUGIN -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\ASDPLUGIN\restore -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\ASDPLUGIN\restore\DefaultInternet -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\ASDPLUGIN\restore\EnableAutodial -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\ASDPLUGIN\restore\InternetProfile -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\ASDPLUGIN\restore\Start Page -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{804DB5C7-31E6-4885-850A-F1941B58A4C7} -> Adware.Generic : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{D240DC29-C093-4388-B71F-A7103C796B0C} -> Adware.Generic : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{804DB5C7-31E6-4885-850A-F1941B58A4C7} -> Adware.Generic : Cleaned with backup HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge -> Adware.BroadCastPC : Cleaned with backup HKU\.DEFAULT\Software\MultiMPP -> Adware.BetterInternet : Cleaned with backup HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\DelFin -> Adware.Delfin : Cleaned with backup HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{804DB5C7-31E6-4885-850A-F1941B58A4C7} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D240DC29-C093-4388-B71F-A7103C796B0C} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Multimpp -> Adware.BetterInternet : Cleaned with backup HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Premium Web Service -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Premium Web Service\Content Browser -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Premium Web Service\Content Browser\Settings -> Dialer.Generic : Cleaned with backup HKU\S-1-5-18\Software\MultiMPP -> Adware.BetterInternet : Cleaned with backup [244] C:\WINDOWS\system32\winqxd32.dll -> Downloader.Agent.aej : Cleaned with backup :mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.28:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.31:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.45:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.47:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.48:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.49:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.50:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.51:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.52:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.53:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.54:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.55:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.56:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.58:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.81:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.82:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.94:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.95:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.96:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.99:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.101:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.103:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.104:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.110:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.113:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.114:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.115:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.116:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.124:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.125:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.126:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.127:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup :mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup :mozilla.139:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup :mozilla.152:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.153:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.156:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.161:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.162:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.163:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.164:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.165:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.175:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.178:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.179:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.180:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.182:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.183:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.187:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.188:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.189:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.190:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.191:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.193:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.196:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.197:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup :mozilla.198:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup :mozilla.200:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup :mozilla.207:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.212:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.213:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Starware : Cleaned with backup :mozilla.214:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Starware : Cleaned with backup :mozilla.215:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Starware : Cleaned with backup :mozilla.216:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Starware : Cleaned with backup :mozilla.217:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@lsfnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Admin\Desktop\WinAntiSpyware2006FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@lsfnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Georgia\Cookies\georgia@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Phil\Cookies\phil@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\Phil\Cookies\phil@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Program Files\Messenger Plus! 2\Setup.dat/70000011.exe -> Downloader.Swizzor.g : Error during cleaning C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe -> Adware.NavExcel : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041106192004.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted -> Adware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041106192004.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted_x -> Adware.NewDotNet : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\20041106192004.zip/Program Files/newdot~1/newdotnet6_38.to_be_deleted -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup C:\WINDOWS\system32\AdService.dll -> Downloader.Agent.aej : Cleaned with backup C:\WINDOWS\system32\config\systemprofile\Cookies\system@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup C:\WINDOWS\system32\config\systemprofile\Cookies\system@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup C:\WINDOWS\system32\in10b6s.dll -> Dropper.Small.abe : Cleaned with backup C:\WINDOWS\system32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : Error during cleaning C:\WINDOWS\system32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Error during cleaning C:\WINDOWS\system32\msbb321.dll -> Adware.BargainBuddy : Cleaned with backup C:\WINDOWS\system32\winqxd32.dll -> Downloader.Agent.aej : Cleaned with backup C:\WINDOWS\winsysban7.exe -> Hijacker.VB.le : Cleaned with backup C:\WINDOWS\winsysupd7.exe -> Downloader.VB.wg : Cleaned with backup ::Report End Many thanks dude
Hi, Run a scan with HijackThis and check the following objects for removal; [bold]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0015/ukiq0015.cab O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843066.cab O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB O20 - Winlogon Notify: winqxd32 - winqxd32.dll (file missing)[/bold] Now close ALL open windows except for HijackThis and hit [bold]FIX CHECKED[/bold]. Next, Please reboot your computer in Safe Mode by doing the following: [bold]1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode.[/bold] Once in Safe Mode, go to -> Start -> Control Panel - Add/Remove Programs and uninstall the following entries if present: [bold]Ares Messenger Plus! 2[/bold] Navigate to, and delete the following files/folders if present: [bold]C:\Program Files\Messenger Plus! 2\ C:\Program Files\Ares\[/bold] Empty recycle bin. Now reboot back into normal Windows. Once rebooted, * Please go to here; http://virusscan.jotti.org/ * Copy and paste the following file path into the [bold]"File to upload & scan"[/bold] box on the top of the page: [bold]c:\stub_113_4_0_4_0.exe[/bold] * Click on the submit button * Please post the results in your next reply. Now do this same step again, for the following file: [bold]C:\Program Files\Videora\Videora.exe[/bold] Post the results along with a fresh HijackThis log. =)
Sup Dude Sorry I was too busy to reply yesterday. And many thanx for sticking around to help me out, much appreciated. Ok I have done what you told me to again. Heres the scan for the videro File: Videora.exe.config1 Status: OK MD5 30f52358ef60176c9a03584d0dd2690b Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing Dude I cant find this file/folder anywhere, so I havent scanned that yet. c:\stub_113_4_0_4_0.exe And heres a fresh hijackthis report Logfile of HijackThis v1.99.1 Scan saved at 20:19:24, on 16/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Videora\Videora.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DesktopDavey2] C:\Program Files\Rippleffect\Desktop Davey\Davey.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800" O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [kuko] c:\stub_113_4_0_4_0.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Many thanx dude Damien
Run a scan with HijackThis and check the following objects for removal: [bold]O4 - HKCU\..\Run: [kuko] c:\stub_113_4_0_4_0.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB[/bold] Now close all open windows except for HijackThis and hit [bold]FIX CHECKED[/bold]. Reboot. 1) Please download the http://www.downloads.subratam.org/KillBox.zip (KillBox by Option^Explicit) In the event you already have Killbox, this is a new version that I need you to download 2) Save it to your desktop. 3) Run [bold]Killbox.exe[/bold]. 4) Select "[bold]Delete on Reboot[/bold]". 5) Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C [bold]c:\stub_113_4_0_4_0.exe[/bold] 6) Return to Killbox, go to the [bold]File[/bold] menu, and choose "[bold]Paste from Clipboard[/bold]". 7) Click the red-and-white "[bold]Delete File[/bold]" button. Click "Yes" at the Delete on Reboot prompt. If your computer does not restart automatically, please restart it manually. Reboot. Post back with a fresh log.. Let me know how's your system running. =)
Sup Dude You are a legend. Your help was much appreciated and I think all problems are solved. I havent had a pop-up since I can remember, My browser hasnt been hijacked since your first advice, the computer is running very smoothe. This computer as been a mess for a very long time and I didnt think there was any hope, but props to you. If there is anything I can do for you then hit me up,if you need any invites ECT. Once again many thanks dude Ps// Have you got any special advice/tips on how to keep the computer running very smoothe? Heres a fresh hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 05:30:28, on 19/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Videora\Videora.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ntl\broadband medic\bin\mpbtn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\HJT\HijackThis.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [DesktopDavey2] C:\Program Files\Rippleffect\Desktop Davey\Davey.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800" O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Your log looks great, good job =) Of course I have some instructions how to prevent spyware etc.. Let's clear out your restore points now. Disable System Restore; [bold]1. Click Start > Programs > Accessories > Windows Explorer 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Check the "Turn off System Restore" 5. Click Apply. An message shows up. 6. Click "Yes" to do this. 7. Confirm with "Ok". Reboot. Enable System Restore; 1. Click Start. 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Uncheck the "Turn off System Restore" check box. 5. Click Apply, and then click "OK".[/bold] Be sure to set a new restore point. Here's some tips for future to prevent spyware; Detect and Remove Programs: * How to use Ad-Aware to remove Spyware (http://www.bleepingcomputer.com/forums/?showtutorial=48) <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware. * How to use Spybot to remove Spyware (http://www.bleepingcomputer.com/forums/?showtutorial=43) <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware. Prevention Programs: * Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html) <= SpywareBlaster will prevent spyware from being installed. (My favourite) * Spywareguard (http://www.wilderssecurity.net/spywareguard.html) <= SpywareGuard offers realtime protection from spyware installation attempts. * MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer * Google Toolbar: (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows. Other necessary Programs: * [bold]AntiVirus Program[/bold] <= An AntiVirus program is a must! Whether it is a free version like AVG (http://www.grisoft.com/) or Anti-Vir (http://www.free-av.com/), or a shareware version like Norton or Kaspersky, this is a must have. * [bold]Firewall[/b] <= A firewall is definatley a must have. Two good free versions are Sygate (http://www.sygate.com/) and ZoneLabs (http://www.zonelabs.com/store/content/home.jsp). * [bold]More Secure Browser[/bold] <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox (http://www.mozilla.com). * EULAlyzer by Javacool (http://www.javacoolsoftware.com/eulalyzer.html) <= No need to read End user license agreements when installing software-- # Discover potentially hidden behavior about the software you're going to install # Pick up on things you missed when reading license agreements # Keep a saved database of the license agreements you view # Instant results - super-fast analysis in just a second And also see TonyKlein's good advice; So how did I get infected in the first place? (http://castlecops.com/postlite7736-.html) (My favourite)
