Need help Bad. My computer is like one big virus

Discussion in 'Windows - Virus and spyware problems' started by chico1984, Feb 12, 2006.

  1. chico1984

    chico1984 Member

    Joined:
    Feb 12, 2006
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    Hey guys
    I need help pretty bad, and ANY help would be much appreciated.My computer is like a mass virus, I keep getting annoying pop ups all the time, the computer is running REAL slow and worst of all is when im browsing the net, every minute or two the page will be re-directed to some other site, and the page goes half/quarter the size, does that make sense?

    I am a complete newbie to computers(incase you didnt notice). I have run a adaware scan,

    Anyhows I have tried running a adaware scan, spybot search and destroy with no help. I read the stickied threads and downloaded some of the programs mentioned. Here is the report thingy for hijackthis program

    Logfile of HijackThis v1.99.1
    Scan saved at 06:25:47, on 13/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Videora\Videora.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\progra~1\mcafee\MCAFEE~1\masalert.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\BitTornado\btdownloadgui.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSearch.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [DesktopDavey2] C:\Program Files\Rippleffect\Desktop Davey\Davey.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [kuko] c:\stub_113_4_0_4_0.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx
    O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0015/ukiq0015.cab
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843066.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/FunBuddyIconsFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
    O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\p0p6la7s1d.dll
    O20 - Winlogon Notify: winqxd32 - C:\WINDOWS\SYSTEM32\winqxd32.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

    Thanx guys, its much appreciated.
    Damien
     
  2. Rawe

    Rawe Member

    Joined:
    Feb 13, 2006
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    Let's get started.

    Notice that this is the first fix we'll do; not the only one.

    * Please download http://www.atribune.org/ccount/click.php?id=7 (Look2Me-Destroyer.exe)
    to your desktop.
    * Close all windows before continuing.
    * Double-click [bold]Look2Me-Destroyer.exe[/bold] to run it.
    * Put a check next to [bold]Run this program as a task.[/bold]
    * You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click [bold]OK[/bold]
    * When Look2Me-Destroyer re-opens, click the [bold]Scan for L2M[/bold] button, your desktop icons will disappear, this is normal.
    * Once it's done scanning, click the [bold]Remove L2M[/bold] button.
    * You will receive a [bold]Done Scanning[/bold] message, click [bold]OK[/bold].
    * When completed, you will receive this message: [bold]Done removing infected files! Look2Me-Destroyer will now shutdown your computer[/bold], click [bold]OK[/bold].
    * Your computer will then shutdown.
    * Turn your computer back on.
    * Please post the contents of C:\[bold]Look2Me-Destroyer.txt[/bold] and a new HiJackThis log.

    *If you receive a message from your Firewall about this program accessing the Internet, please allow it.

    If you receive a [bold]runtime error '339'[/bold] please download MSWINSCK.OCX from the link below and place it in your [bold]C:\Windows\System32[/bold] Directory.
    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
     
    Last edited: Feb 13, 2006
  3. chico1984

    chico1984 Member

    Joined:
    Feb 12, 2006
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    Sup dude
    I really appreciate the help.
    Ok I have run the look2me-destroyer and carried out what you said to do. Where do I find the look2me-destroyer log? Anyhows Here is my latest hijackthis log(done after I run that look2me program).

    Like I said many thanx for the help dude. I work nights so I will do what you tell me as soon as I get home and when I wake up again.....nights suck. I am only telling you this incase your thinking I am trying to help him but he's replying hours later.

    Ps// I havent mentioned yet and I dont know if it will be any help but
    Most of these BIG problems happened when my brother downloaded a key gen thingy (I believe), thats when the computer went out of control.

    Thanx dude

    Logfile of HijackThis v1.99.1
    Scan saved at 20:00:50, on 13/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Videora\Videora.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\progra~1\mcafee\MCAFEE~1\masalert.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSearch.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [DesktopDavey2] C:\Program Files\Rippleffect\Desktop Davey\Davey.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [kuko] c:\stub_113_4_0_4_0.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx
    O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0015/ukiq0015.cab
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843066.cab
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
    O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: winqxd32 - C:\WINDOWS\SYSTEM32\winqxd32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
     
  4. Rawe

    Rawe Member

    Joined:
    Feb 13, 2006
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    16
    Hi again,

    Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

    Please download Ewido Anti-malware:
    http://www.ewido.net/en/download/
    it is a free version of the program.

    1. Install Ewido Anti-malware
    2. When installing, under "Additional Options" uncheck..
    * Install background guard
    * Install scan via context menu
    3. Launch Ewido, there should be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files.
    * On the left hand side of the main screen click update.
    * Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")

    If you are having problems with the updater, you can use this link to manually update Ewido.

    http://www.ewido.net/en/download/updates/

    Once the updates are installed do the following:

    Please reboot your computer in Safe Mode by doing the following:
    [bold]1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.[/bold]

    Once in Safe Mode, open Ewido,

    * Click on scanner
    * Click on Complete System Scan and the scan will begin.
    * You will be prompted to clean the first infection.
    * Select "Perform action on all infections", then proceed.
    * Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    * Click Save report.
    * Save the report .txt file to your desktop or a location where you can find it easily.

    Close Ewido Anti-malware.

    Reboot Windows into Normal Mode, then post the Ewido log along with a fresh HijackThis log. =)
     
  5. chico1984

    chico1984 Member

    Joined:
    Feb 12, 2006
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    Sup dude
    Once again many thanx for the help. Much appreciated.
    Ok something is deffo working coz I aint getting re-directed(hijacked) to any dodgy sites anymore which is awesome. Getting a few pop ups but its %700000 better than it was, so thanx for that.

    Heres my latest scan for hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 05:45:09, on 15/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Videora\Videora.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\progra~1\mcafee\MCAFEE~1\masalert.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [DesktopDavey2] C:\Program Files\Rippleffect\Desktop Davey\Davey.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [kuko] c:\stub_113_4_0_4_0.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx
    O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0015/ukiq0015.cab
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843066.cab
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
    O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: winqxd32 - winqxd32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

    [bold]and heres my scan for ewido[bold]

    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 05:28:34, 15/02/2006
    + Report-Checksum: E6E1D7A3

    + Scan result:

    HKLM\SOFTWARE\ASDPLUGIN -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\ASDPLUGIN\restore -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\ASDPLUGIN\restore\DefaultInternet -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\ASDPLUGIN\restore\EnableAutodial -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\ASDPLUGIN\restore\InternetProfile -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\ASDPLUGIN\restore\Start Page -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{804DB5C7-31E6-4885-850A-F1941B58A4C7} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{D240DC29-C093-4388-B71F-A7103C796B0C} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{804DB5C7-31E6-4885-850A-F1941B58A4C7} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge -> Adware.BroadCastPC : Cleaned with backup
    HKU\.DEFAULT\Software\MultiMPP -> Adware.BetterInternet : Cleaned with backup
    HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\DelFin -> Adware.Delfin : Cleaned with backup
    HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{804DB5C7-31E6-4885-850A-F1941B58A4C7} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D240DC29-C093-4388-B71F-A7103C796B0C} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Multimpp -> Adware.BetterInternet : Cleaned with backup
    HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Premium Web Service -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Premium Web Service\Content Browser -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-436374069-842925246-1343024091-1004\Software\Premium Web Service\Content Browser\Settings -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-18\Software\MultiMPP -> Adware.BetterInternet : Cleaned with backup
    [244] C:\WINDOWS\system32\winqxd32.dll -> Downloader.Agent.aej : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.94:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.103:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.104:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.137:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    :mozilla.139:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    :mozilla.152:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.153:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.156:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.161:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.162:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.163:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.165:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.175:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.178:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.179:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.180:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.183:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.187:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.188:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.189:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.191:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
    :mozilla.193:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.196:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.197:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.198:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.200:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    :mozilla.207:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.212:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
    :mozilla.213:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
    :mozilla.214:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
    :mozilla.215:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
    :mozilla.216:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
    :mozilla.217:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1j96jeai.Default User1\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Admin\Cookies\admin@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Admin\Cookies\admin@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Admin\Cookies\admin@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Admin\Cookies\admin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Admin\Cookies\admin@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Admin\Cookies\admin@lsfnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Admin\Cookies\admin@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Admin\Cookies\admin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Admin\Cookies\admin@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Admin\Desktop\WinAntiSpyware2006FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
    C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@lsfnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admin@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Georgia\Cookies\georgia@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Phil\Cookies\phil@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Phil\Cookies\phil@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Program Files\Messenger Plus! 2\Setup.dat/70000011.exe -> Downloader.Swizzor.g : Error during cleaning
    C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHUninstaller.exe -> Adware.NavExcel : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\20041106192004.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted -> Adware.NewDotNet : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\20041106192004.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted_x -> Adware.NewDotNet : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\20041106192004.zip/Program Files/newdot~1/newdotnet6_38.to_be_deleted -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup
    C:\WINDOWS\system32\AdService.dll -> Downloader.Agent.aej : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
    C:\WINDOWS\system32\in10b6s.dll -> Dropper.Small.abe : Cleaned with backup
    C:\WINDOWS\system32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : Error during cleaning
    C:\WINDOWS\system32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Error during cleaning
    C:\WINDOWS\system32\msbb321.dll -> Adware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\winqxd32.dll -> Downloader.Agent.aej : Cleaned with backup
    C:\WINDOWS\winsysban7.exe -> Hijacker.VB.le : Cleaned with backup
    C:\WINDOWS\winsysupd7.exe -> Downloader.VB.wg : Cleaned with backup


    ::Report End

    Many thanks dude
     
  6. Rawe

    Rawe Member

    Joined:
    Feb 13, 2006
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    Run a scan with HijackThis and check the following objects for removal;

    [bold]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0015/ukiq0015.cab
    O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843066.cab
    O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.49/output/100039/uk/dbgames/dsldbaccess.exe
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
    O20 - Winlogon Notify: winqxd32 - winqxd32.dll (file missing)[/bold]

    Now close ALL open windows except for HijackThis and hit [bold]FIX CHECKED[/bold].

    Next,

    Please reboot your computer in Safe Mode by doing the following:
    [bold]1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.[/bold]

    Once in Safe Mode, go to -> Start -> Control Panel - Add/Remove Programs and uninstall the following entries if present:

    [bold]Ares
    Messenger Plus! 2[/bold]

    Navigate to, and delete the following files/folders if present:

    [bold]C:\Program Files\Messenger Plus! 2\
    C:\Program Files\Ares\[/bold]

    Empty recycle bin.

    Now reboot back into normal Windows.

    Once rebooted,

    * Please go to here; http://virusscan.jotti.org/

    * Copy and paste the following file path into the [bold]"File to upload & scan"[/bold] box on the top of the page:

    [bold]c:\stub_113_4_0_4_0.exe[/bold]

    * Click on the submit button

    * Please post the results in your next reply.

    Now do this same step again, for the following file:

    [bold]C:\Program Files\Videora\Videora.exe[/bold]

    Post the results along with a fresh HijackThis log. =)
     
    Last edited: Feb 15, 2006
  7. chico1984

    chico1984 Member

    Joined:
    Feb 12, 2006
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    Sup Dude
    Sorry I was too busy to reply yesterday. And many thanx for sticking around to help me out, much appreciated.

    Ok I have done what you told me to again. Heres the scan for the videro
    File: Videora.exe.config1
    Status:
    OK
    MD5 30f52358ef60176c9a03584d0dd2690b
    Packers detected:
    -
    Scanner results
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    UNA
    Found nothing
    VBA32
    Found nothing

    Dude I cant find this file/folder anywhere, so I havent scanned that yet. c:\stub_113_4_0_4_0.exe

    And heres a fresh hijackthis report

    Logfile of HijackThis v1.99.1
    Scan saved at 20:19:24, on 16/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Videora\Videora.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\progra~1\mcafee\MCAFEE~1\masalert.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [DesktopDavey2] C:\Program Files\Rippleffect\Desktop Davey\Davey.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [kuko] c:\stub_113_4_0_4_0.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx
    O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

    Many thanx dude
    Damien
     
  8. Rawe

    Rawe Member

    Joined:
    Feb 13, 2006
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    16
    Run a scan with HijackThis and check the following objects for removal:

    [bold]O4 - HKCU\..\Run: [kuko] c:\stub_113_4_0_4_0.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB[/bold]

    Now close all open windows except for HijackThis and hit [bold]FIX CHECKED[/bold]. Reboot.

    1) Please download the http://www.downloads.subratam.org/KillBox.zip (KillBox by Option^Explicit)

    In the event you already have Killbox, this is a new version that I need you to download

    2) Save it to your desktop.

    3) Run [bold]Killbox.exe[/bold].

    4) Select "[bold]Delete on Reboot[/bold]".

    5) Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

    [bold]c:\stub_113_4_0_4_0.exe[/bold]

    6) Return to Killbox, go to the [bold]File[/bold] menu, and choose "[bold]Paste from Clipboard[/bold]".

    7) Click the red-and-white "[bold]Delete File[/bold]" button. Click "Yes" at the Delete on Reboot prompt. If your computer does not restart automatically, please restart it manually.

    Reboot.

    Post back with a fresh log.. Let me know how's your system running. =)
     
  9. chico1984

    chico1984 Member

    Joined:
    Feb 12, 2006
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    Sup Dude
    You are a legend. Your help was much appreciated and I think all problems are solved. I havent had a pop-up since I can remember, My browser hasnt been hijacked since your first advice, the computer is running very smoothe. This computer as been a mess for a very long time and I didnt think there was any hope, but props to you.

    If there is anything I can do for you then hit me up,if you need any invites ECT.

    Once again many thanks dude :)

    Ps// Have you got any special advice/tips on how to keep the computer running very smoothe?

    Heres a fresh hijackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 05:30:28, on 19/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Videora\Videora.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\progra~1\mcafee\MCAFEE~1\masalert.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\HJT\HijackThis.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [DesktopDavey2] C:\Program Files\Rippleffect\Desktop Davey\Davey.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpamExtract] C:\PROGRA~1\SPAMEX~1\oeSpamExtractLdr.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx
    O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Microsoft® JavaScript® Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console - {50B44764-5BFE-46AF-9235-9CE9D6450550} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
     
    Last edited: Feb 18, 2006
  10. Rawe

    Rawe Member

    Joined:
    Feb 13, 2006
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    16
    Your log looks great, good job =)

    Of course I have some instructions how to prevent spyware etc..

    Let's clear out your restore points now.

    Disable System Restore;

    [bold]1. Click Start > Programs > Accessories > Windows Explorer
    2. Right-click My Computer, and then click Properties.
    3. Click the System Restore tab.
    4. Check the "Turn off System Restore"
    5. Click Apply. An message shows up.
    6. Click "Yes" to do this.
    7. Confirm with "Ok".

    Reboot.

    Enable System Restore;

    1. Click Start.
    2. Right-click My Computer, and then click Properties.
    3. Click the System Restore tab.
    4. Uncheck the "Turn off System Restore" check box.
    5. Click Apply, and then click "OK".[/bold]

    Be sure to set a new restore point.

    Here's some tips for future to prevent spyware;

    Detect and Remove Programs:

    * How to use Ad-Aware to remove Spyware (http://www.bleepingcomputer.com/forums/?showtutorial=48) <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
    * How to use Spybot to remove Spyware (http://www.bleepingcomputer.com/forums/?showtutorial=43) <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

    Prevention Programs:

    * Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html) <= SpywareBlaster will prevent spyware from being installed. (My favourite)
    * Spywareguard (http://www.wilderssecurity.net/spywareguard.html) <= SpywareGuard offers realtime protection from spyware installation attempts.
    * MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    * Google Toolbar: (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.

    Other necessary Programs:

    * [bold]AntiVirus Program[/bold] <= An AntiVirus program is a must! Whether it is a free version like AVG (http://www.grisoft.com/) or Anti-Vir (http://www.free-av.com/), or a shareware version like Norton or Kaspersky, this is a must have.
    * [bold]Firewall[/b] <= A firewall is definatley a must have. Two good free versions are Sygate (http://www.sygate.com/) and ZoneLabs (http://www.zonelabs.com/store/content/home.jsp).
    * [bold]More Secure Browser[/bold] <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox (http://www.mozilla.com).
    * EULAlyzer by Javacool (http://www.javacoolsoftware.com/eulalyzer.html) <= No need to read End user license agreements when installing software--

    # Discover potentially hidden behavior about the software you're going to install
    # Pick up on things you missed when reading license agreements
    # Keep a saved database of the license agreements you view
    # Instant results - super-fast analysis in just a second

    And also see TonyKlein's good advice;
    So how did I get infected in the first place? (http://castlecops.com/postlite7736-.html) (My favourite)
     

Share This Page