Author Topic: Virus-Worm/VB.SO -Hijackthis Log (Read 6475 times)

The Napster · « **on:** August 06, 2006, 06:52:07 PM »

Newbie here so I know I probably didn't post this correctly, sorry if I did!

My computer is doing some real funky things and I have AVG SoHo 7.1 running with the email scanner going non-stop!

Here is the hijack log if someone can help, much appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 7:35:36 PM, on 8/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B1D44D16-9A3C-91AD-FDA2-6E6162464426} - C:\DOCUME~1\Al\APPLIC~1\Eqreadme\Warn bore.exe (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Al\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - Unknown owner - (no file)
O23 - Service: MCVSRte - Unknown owner - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

guestolo · « **Reply #1 on:** August 06, 2006, 07:31:25 PM »

Can you do the following please

You may be controlling entries on startup with msconfig
I need to see the whole log without interference

Can you go to START>>RUN>>type in
msconfig

Under the Startup tab>>Enable All>>Apply it
Under the General tab ensure Normal startup is selected
Apply it and Close
Reboot the computer

Back in Windows post back with a fresh hijackthis log please

The Napster · « **Reply #2 on:** August 06, 2006, 07:55:50 PM »

Here is the new hijack log:

Another note I'd like to make is I get this annonying message when I start my computer up about not having a legit copy of microsoft xp and it not being geniune with an icon on the task bar that looks like a star or snowflake about being a victim of counterfeting etc...How in the world do I get rid of this? I accidently ran updates and that message appeared.

Anway here is the hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:45:39 PM, on 8/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Hide IP Platinum\hideippla.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jfzfeepoinbuwpkrbgqkdgk.com/WaGnKuT...TMg_8MCGuY.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.76.97.230:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B1D44D16-9A3C-91AD-FDA2-6E6162464426} - C:\DOCUME~1\Al\APPLIC~1\Eqreadme\Warn bore.exe (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Al\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [global admin] C:\DOCUME~1\Al\APPLIC~1\WEBRDR~1\dartgluescr.exe
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - Unknown owner - (no file)
O23 - Service: MCVSRte - Unknown owner - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

THANKS!

guestolo · « **Reply #3 on:** August 06, 2006, 08:15:16 PM »

Can you do the following for me please
Download and unzip to a folder of it's own on desktop
http://metallica.geekstogo.com/findlop.zip

Inside the folder find findlop.bat

Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the contents into your next post.

The Napster · « **Reply #4 on:** August 06, 2006, 08:33:59 PM »

Here you go:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'C309ADC1852F6341.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\al\applic~1\webrdr~1\Platform lies acid.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Al'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/11/2006 13:00:00
NextRun: 08/06/2006 22:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/04/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'McAfee.com Update Check (VAIO-Al).job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe'
Parameters: '/Schedule'
WorkingDirectory: 'C:\PROGRA~1\McAfee.com\Agent'
Comment: 'McAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.'
Creator: 'Al'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 08/06/2006 22:32:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 1
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 08/06/2006
EndDate: 00/00/0000
StartTime: 22:32
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

guestolo · « **Reply #5 on:** August 06, 2006, 08:41:44 PM »

Looks like with the installation of MSN Plus 3 you also installed the SPONSOR which in turn installed adware
Called LOP
One more log please then we will do some fixes on this computer

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy all the contents of the QUOTE below, not including the word "quote"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as direxie.bat

Save this file in the same folder you have findlop.bat
Double click on direxie.bat
A text file will open, Copy>>Paste back here the Whole contents please

Quote

@echo off
jt /sd C309ADC1852F6341.job
if exist c:\tasks.txt del c:\tasks.txt
jt /se >>c:\tasks.txt
cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt

The Napster · « **Reply #6 on:** August 06, 2006, 08:46:55 PM »

Here you go:

Volume in drive C has no label.
Volume Serial Number is 5801-B205

Directory of C:\Documents and Settings\Al\Application Data

02/20/2005 04:28 PM <DIR> BITTOR~1 .BitTornado
03/22/2005 03:42 PM <DIR> Adobe
08/03/2005 10:43 PM <DIR> AdobeUM
03/22/2005 01:49 PM <DIR> Adorons
02/08/2006 06:08 PM <DIR> Ahead
04/09/2005 03:23 PM <DIR> Aim
02/03/2006 12:28 AM <DIR> APPLEC~1 Apple Computer
08/06/2006 08:41 PM <DIR> AVG7
07/27/2006 02:37 PM <DIR> BITTOR~2 BitTorrent
07/12/2005 04:31 PM <DIR> DEEPNE~1 Deepnet Explorer
06/16/2006 09:43 AM <DIR> Eqreadme
11/20/2005 03:06 PM <DIR> GLOBAL~1 GlobalSCAPE
01/22/2006 06:12 PM <DIR> Google
12/06/2005 12:51 PM <DIR> Help
03/14/2005 01:56 PM <DIR> IDENTI~1 Identities
02/23/2005 02:01 PM <DIR> KAZAAL~1 Kazaa Lite
02/17/2005 09:28 PM <DIR> Lavasoft
02/18/2005 01:47 AM <DIR> MACROM~1 Macromedia
08/04/2006 09:39 PM <DIR> MAILWA~1 MailWasherPro
02/17/2005 09:34 PM <DIR> McAfee
03/30/2005 03:02 PM <DIR> MEDIAP~1 Media Player Classic
03/04/2005 03:07 PM <DIR> Mozilla
07/07/2005 12:11 PM <DIR> Netscape
10/25/2005 12:25 AM <DIR> Opera
05/14/2006 11:15 PM <DIR> PCTOOL~1 PC Tools
08/31/2005 07:38 PM <DIR> Real
10/17/2005 03:35 PM <DIR> Shareaza
02/17/2005 09:44 PM <DIR> Sun
05/06/2005 11:17 PM <DIR> Talkback
04/11/2005 01:09 AM <DIR> Tenebril
10/14/2006 02:42 PM <DIR> Tor
04/30/2005 11:52 AM <DIR> ULEADS~1 Ulead Systems
05/03/2006 03:09 PM <DIR> vlc
03/21/2005 06:03 PM <DIR> WEATHE~1 WeatherBug
07/12/2006 11:06 AM <DIR> WEBRDR~1 web rdr new
03/04/2006 11:51 PM <DIR> Yahoo!
07/16/2005 01:33 PM <DIR> YAHOO!~1 Yahoo! Messenger
0 File(s) 0 bytes
37 Dir(s) 17,137,446,912 bytes free
Volume in drive C has no label.
Volume Serial Number is 5801-B205

Directory of C:\Documents and Settings\All Users\Application Data

02/17/2005 09:30 PM <DIR> Adobe
02/03/2006 12:26 AM <DIR> APPLEC~1 Apple Computer
08/06/2006 12:38 AM <DIR> avg7
02/17/2005 09:48 PM <DIR> CYBERL~1 CyberLink
08/06/2006 09:18 PM <DIR> DVDSHR~1 DVD Shrink
05/09/2006 01:45 AM <DIR> Grisoft
06/27/2006 10:30 PM <DIR> Kodak
08/05/2006 10:05 AM <DIR> McAfee
08/05/2006 11:03 PM <DIR> McAfee.com
10/10/2005 02:46 AM <DIR> MESSEN~1 Messenger Plus!
07/22/2006 10:26 AM 1,751 QTSBAN~1 QTSBandwidthCache
05/23/2005 03:13 PM <DIR> QUICKT~1 QuickTime
08/31/2005 07:38 PM <DIR> Real
04/13/2006 10:33 AM <DIR> SAFEDU~1 safedupelogodent
06/16/2006 09:44 AM <DIR> SPYBOT~1 Spybot - Search & Destroy
04/30/2005 11:51 AM <DIR> ULEADS~1 Ulead Systems
08/06/2006 12:30 AM <DIR> WINDOW~1 Windows Genuine Advantage
11/08/2005 08:56 PM <DIR> YAHOO!~1 Yahoo! Companion
1 File(s) 1,751 bytes
17 Dir(s) 17,137,446,912 bytes free
Volume in drive C has no label.
Volume Serial Number is 5801-B205

Directory of C:\Program Files

08/06/2006 07:09 PM <DIR> .
08/06/2006 07:09 PM <DIR> ..
02/19/2005 12:33 AM <DIR> ABFSOF~1 ABF software
12/06/2005 01:11 PM <DIR> ABSOLU~1 Absolute GIF Optimizer
03/08/2005 10:33 PM <DIR> ADDRES~1 Address Book Recovery
03/21/2005 05:45 PM <DIR> Adobe
03/22/2005 01:46 PM <DIR> Adorons
07/11/2006 03:06 PM <DIR> Adverts
04/09/2005 03:25 PM <DIR> Agent
02/17/2005 09:38 PM <DIR> Ahead
04/09/2005 03:21 PM <DIR> AIMTOO~1 AIM Toolbar
04/09/2006 05:07 PM <DIR> ALCOHO~1 Alcohol Soft
02/19/2005 12:38 AM <DIR> AMICGA~1 Amic Games
03/09/2005 01:47 PM <DIR> AOD
02/17/2005 09:47 PM <DIR> APPLIC~1 Application X
06/16/2006 02:04 AM <DIR> ATMEGA~1 Atmega Load At Home
10/14/2006 01:40 PM <DIR> AUDIOC~1 Audio Converter
10/17/2005 02:46 PM <DIR> AUDIO-~1 audio-mp3-converter
03/09/2005 01:47 PM <DIR> AWS
07/26/2006 03:47 PM <DIR> BEARSH~1 BearShare
07/21/2006 10:45 PM <DIR> BITTOR~1 BitTorrent
03/06/2006 09:37 PM <DIR> C-Media
12/25/2005 02:36 AM <DIR> Canon
07/30/2006 10:53 PM <DIR> CARDRE~1 CardRecovery
04/24/2006 11:38 AM <DIR> CCleaner
06/27/2006 10:33 PM <DIR> COMMON~1 Common Files
02/17/2005 09:05 PM <DIR> COMPLU~1 ComPlus Applications
02/17/2005 09:48 PM <DIR> CYBERL~1 CyberLink
11/21/2005 09:37 PM <DIR> D-Tools
08/06/2005 09:26 PM <DIR> DEEPNE~1 Deepnet Explorer
11/13/2005 02:23 PM <DIR> DISNEY~1 Disney Interactive
07/26/2006 11:44 AM <DIR> DivX
04/09/2006 01:08 AM <DIR> DVDDEC~1 DVD Decrypter
04/25/2006 12:21 AM <DIR> DVDSHR~1 DVD Shrink
04/07/2006 12:22 PM <DIR> DVDFAB~1 DVDFab Decrypter
04/07/2006 08:33 PM <DIR> ELABOR~1 Elaborate Bytes
10/14/2006 01:40 PM <DIR> Encoder
07/26/2006 11:20 AM <DIR> EWIDOA~1.0 ewido anti-spyware 4.0
11/20/2005 03:05 PM <DIR> GLOBAL~1 GlobalSCAPE
05/03/2006 03:14 PM <DIR> Google
05/09/2006 01:45 AM <DIR> Grisoft
03/25/2006 01:42 AM <DIR> HIDEIP~1 Hide IP Platinum
04/10/2006 07:11 PM <DIR> INCOMP~1 Incomplete
03/02/2005 09:38 PM 298 INSTALL.LOG
04/10/2006 10:29 PM <DIR> INTERA~1 InterActual
06/17/2006 12:06 PM <DIR> INTERN~1 Internet Explorer
06/28/2006 09:39 PM <DIR> iPod
12/06/2005 01:13 PM <DIR> IRFANV~1 IrfanView
06/28/2006 09:40 PM <DIR> iTunes
08/11/2005 06:34 PM <DIR> Java
05/03/2006 01:53 PM <DIR> K-LITE~1 K-Lite Codec Pack
06/24/2006 03:25 PM <DIR> KAZAAL~1 Kazaa Lite Resurrection
06/27/2006 10:32 PM <DIR> Kodak
02/17/2005 09:28 PM <DIR> Lavasoft
05/03/2006 10:10 PM <DIR> LimeWire
08/04/2006 09:10 PM <DIR> MAILWA~1 MailWasher
08/05/2006 11:03 PM <DIR> McAfee.com
10/14/2006 01:41 PM <DIR> MEDIAB~1 Media Box
08/31/2005 07:38 PM <DIR> MEDIAP~1 Media Player Classic
05/24/2005 12:05 PM <DIR> Mercury
02/17/2005 10:05 PM <DIR> MESSEN~1 Messenger
03/22/2006 02:36 AM <DIR> MESSEN~2 MessengerDiscovery
04/28/2006 11:24 AM <DIR> MESSEN~3 MessengerPlus! 3
02/17/2005 09:24 PM <DIR> MICROS~3 Microsoft ActiveSync
02/17/2005 09:11 PM <DIR> MICROS~1 microsoft frontpage
12/20/2005 07:49 PM <DIR> MICROS~4 Microsoft IntelliPoint
03/30/2005 07:22 PM <DIR> MICROS~2 Microsoft Office
02/17/2005 09:07 PM <DIR> MOVIEM~1 Movie Maker
08/06/2006 08:49 PM <DIR> MOZILL~1 Mozilla Firefox
02/17/2005 09:04 PM <DIR> MSN
02/17/2005 09:05 PM <DIR> MSNGAM~1 MSN Gaming Zone
04/24/2006 11:14 AM <DIR> MSNMES~1 MSN Messenger
02/17/2005 09:55 PM <DIR> MUSICM~1 Musicmatch
03/02/2005 09:20 PM <DIR> NETASS~1 NetAssistant
02/17/2005 09:07 PM <DIR> NETMEE~1 NetMeeting
05/25/2006 09:17 PM <DIR> Netscape
03/08/2005 10:43 PM <DIR> OE-MAI~1 OE-Mail Recovery
02/17/2005 09:08 PM <DIR> ONLINE~1 Online Services
05/12/2006 11:41 AM <DIR> Opera
04/17/2006 09:51 AM <DIR> OUTLOO~1 Outlook Express
04/20/2006 01:24 PM <DIR> PALSPY~1 PAL SPYREM
04/29/2006 05:59 PM <DIR> PCFRIE~1 PCFriendly
03/06/2006 09:37 PM <DIR> PCIAUD~1 PCI Audio Applications
12/13/2005 12:15 AM <DIR> Picasa2
06/28/2006 09:50 PM <DIR> QUICKT~1 QuickTime
03/04/2005 01:12 PM <DIR> Real
08/31/2005 08:21 PM <DIR> REALAL~1 Real Alternative
05/20/2006 10:24 AM <DIR> REGIST~1 Registry Mechanic
07/26/2006 05:52 PM <DIR> REGIST~2 RegistryFix
04/07/2006 08:34 PM <DIR> SlySoft
08/05/2006 10:11 AM <DIR> SPAMBU~1 SpamButcher
04/14/2005 02:01 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
05/15/2006 05:23 PM <DIR> SPYWAR~1 Spyware Doctor
04/30/2005 02:31 PM <DIR> SUPERD~1.5 Super DVD Creator 8.5
05/26/2005 12:53 PM <DIR> thriXXX
11/20/2005 03:07 PM <DIR> TimeSink
05/09/2006 10:40 PM <DIR> TopMail
10/17/2005 02:48 PM <DIR> UCmore
04/30/2005 11:51 AM <DIR> ULEADS~1 Ulead Systems
05/03/2006 03:07 PM <DIR> VideoLAN
01/11/2006 04:38 AM <DIR> WEBRDR~1 web rdr new
05/03/2006 03:00 PM <DIR> WINDOW~2 Windows Media Player
02/17/2005 09:05 PM <DIR> WINDOW~1 Windows NT
10/17/2005 02:48 PM <DIR> WinMX
03/27/2006 11:18 AM <DIR> WINQFX~1 winqfx16bit
05/11/2006 04:07 AM <DIR> WinRAR
10/01/2005 01:59 AM <DIR> Xehii
02/17/2005 09:11 PM <DIR> xerox
06/14/2005 12:23 PM <DIR> Yahoo!
07/21/2005 02:52 PM <DIR> ZONELA~1 Zone Labs
1 File(s) 298 bytes
109 Dir(s) 17,137,434,624 bytes free

guestolo · « **Reply #7 on:** August 06, 2006, 08:56:46 PM »

Hi Napster, just sit back for a bit
We've identified the bad guys and some other problems in your log
We should have no problem fixing this

Unfortunately dinner is ready so I have to leave for about half an hour

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />
I'll post back within the hour

Please don't download any more removal tools until I advise it please
I won't be long

The Napster · « **Reply #8 on:** August 06, 2006, 08:59:04 PM »

No problem, take your time, now rush.

I really appreciate the help and look forward to your response when you're ready.

Cheers.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #9 on:** August 06, 2006, 10:15:10 PM »

Can you do the following please

== Download Hoster.zip and unzip it too a folder of it's own
We will need it later

Download and install Windows CleanUp! 4.5.2
We will need it later

CleanUp! attempts to delete files from various temporary directories (including download directories/caches),
as well as emptying the Recycle Bins.
If you make a habit of saving files that you wish to keep in any of these places, they will be deleted when CleanUp! is run.
Please move them too a different location before we run this tool if the above is true
Note: It is generally considered poor practice to use temporary folders or the Recycle Bin to store files you intend to keep.

==Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close Ewido. Do not run it yet.

Save the rest of these instructions to a text file saved to desktop or somewhere you will remember
We will need them for use in safe mode>>Without Internet connection

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer
NOTE: The first time you run CleanUp! it may prompt to run in Demonstration mode
Deny this, we want to run the actual cleanup!!

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Find and send the next folders to the recycle bin
C:\Documents and Settings\Al\Application Data\Eqreadme <-folder
C:\Documents and Settings\Al\Application Data\web rdr new <-folder
C:\Program Files\web rdr new <-folder

==Open Hoster
Then select the "Restore Original Hosts" button and ok the prompt

Ewido Scan

Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jfzfeepoinbuwpkrbgqkdgk.com/WaGnKuT...TMg_8MCGuY.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: (no name) - {B1D44D16-9A3C-91AD-FDA2-6E6162464426} - C:\DOCUME~1\Al\APPLIC~1\Eqreadme\Warn bore.exe (file missing)
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Al\LOCALS~1\Temp\svchost.exe 1
O4 - HKCU\..\Run: [global admin] C:\DOCUME~1\Al\APPLIC~1\WEBRDR~1\dartgluescr.exe

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode
Back in Windows

Post back the following please
1. Run Hijackthis again and post back a fresh log
2. Post the whole report from Ewido's

Could you also let me know what files you find in this folder please
C:\Documents and Settings\All Users\Application Data\safedupelogodent <-this folder, do you know what it's related too?

The Napster · « **Reply #10 on:** August 06, 2006, 10:40:46 PM »

Hi there!

I've read the instructions but I'm lost and have a dumb question when you say "Load Ewido"? What is this exactly? Is there a link?

I just have to step out for about 10 minutes but once I go through all the instructions I will post here ASAP!

Thanks!

guestolo · « **Reply #11 on:** August 06, 2006, 10:48:09 PM »

It appears you installed Ewido, didn't you
Go to START>>All programs
Look for Ewido Networks and open Ewido Anti-Spyware and follow the instructions to make sure it is updated

The Napster · « **Reply #12 on:** August 06, 2006, 11:37:42 PM »

Thanks.

I'm going through the steps now I'll be back with the next report in a few minutes.

The Napster · « **Reply #13 on:** August 07, 2006, 02:07:51 AM »

Wow! That took a while.........

Here is everything I came up with that you requested be done:

The Ewido report:

wido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:41:42 AM 8/7/2006

+ Scan result:

:mozilla.197:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.247realmedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.247realmedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.415:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.466:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.625:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Al\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.145:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.470:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.109:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Al\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.268:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.269:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Al\Cookies\al@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Al\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.113:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adserver : Cleaned.
:mozilla.114:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Adserver : Cleaned.
:mozilla.338:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.339:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.340:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.341:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.342:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.343:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Atdmt : Cleaned.
:mozilla.322:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Bfast : Cleaned.
:mozilla.393:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.178:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned.
:mozilla.179:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned.
:mozilla.181:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned.
:mozilla.387:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.388:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.389:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.390:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.391:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.392:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.580:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Clickbank : Cleaned.
:mozilla.378:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Clickzs : Cleaned.
:mozilla.379:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Clickzs : Cleaned.
:mozilla.211:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Com : Cleaned.
:mozilla.498:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.234:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Al\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned.
:mozilla.112:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned.
:mozilla.530:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.532:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.579:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.599:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.252:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.504:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.511:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.565:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.566:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.89:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.90:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.91:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.92:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.93:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.94:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.95:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.96:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.97:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.188:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Hotlog : Cleaned.
:mozilla.248:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.249:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.250:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.285:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.286:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.287:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.428:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.429:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.430:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Liveperson : Cleaned.
:mozilla.37:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.38:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.523:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.100:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Overture : Cleaned.
:mozilla.101:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Overture : Cleaned.
:mozilla.613:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Paycounter : Cleaned.
:mozilla.128:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.129:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.130:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.131:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.317:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Qksrv : Cleaned.
:mozilla.318:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Qksrv : Cleaned.
:mozilla.102:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.103:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.104:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.593:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.594:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.595:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.596:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.265:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned.
:mozilla.266:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Specificclick : Cleaned.
:mozilla.397:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.398:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.399:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.400:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.401:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.402:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.403:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.404:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.405:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.406:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.407:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.408:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.409:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.410:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.411:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tacoda : Cleaned.
:mozilla.239:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tacoda : Cleaned.
:mozilla.240:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tacoda : Cleaned.
:mozilla.261:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.177:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Trafic : Cleaned.
:mozilla.132:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.133:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.134:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.323:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Web-stat : Cleaned.
:mozilla.324:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Web-stat : Cleaned.
:mozilla.325:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Web-stat : Cleaned.
:mozilla.206:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.556:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.182:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.183:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.184:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.135:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned.
:mozilla.136:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned.
:mozilla.137:C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\2ghswvxm.default\cookies.txt.old -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Al\Cookies\al@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

::Report end

The New Hijackthis report:

Logfile of HijackThis v1.99.1
Scan saved at 2:59:43 AM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - Unknown owner - (no file)
O23 - Service: MCVSRte - Unknown owner - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

And the "C:\Documents and Settings\All Users\Application Data\safedupelogodent <-this folder, do you know what it's related too?"

Is a system file called "mess thunk less" I'm not sure what this is!!!!

That's about it, I'll wait for further instructions and thanks again!

( I still get that message about not having a genuine operating system etc....)

guestolo · « **Reply #14 on:** August 07, 2006, 09:14:18 AM »

Go ahead and delete this folder
C:\Documents and Settings\All Users\Application Data\safedupelogodent <-this folder

Can we update your version of Java please
Open the Windows Control panel and double click to open the Java Icon
Under the General tab>>Delete Files
Leave all selections checked and click OK
Exit

Access add/remove programs and remove all older versions and updates of Java
This includes
J2SE Runtime Environment 5.0 Update 4
You will know which ones they are, they will have a coffee cup icon in front of them

Can you run CleanUp! one more time please
Ensure you are not running it in demo mode
Ewido cleaned a bunch of cookies that should of been removed by CleanUp! the first time

Reboot the computer afterwards

Back in Windows, let's update your version of Java
Go to the following link
http://www.java.com/en/download/manual.jsp
Download the Windows (Offline) installer to desktop
Double click to install and follow the prompts
Once install you can delete the installer from desktop

I see a couple services that are legit but look orphaned
Did you uninstall McAfee Antivirus at one time?
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Does Spamkiller and SpamButcher both work properly

Quote

I still get that message about not having a genuine operating system etc....

Is this a legit version of XP?
That is when you will usually see that prompt at login or logout, if it is an illegal version
We will deal with this last when I'm sure you are all clean

The Napster · « **Reply #15 on:** August 07, 2006, 02:41:13 PM »

Hi there!

All steps complete so far and just to follow-up on a few questions; I did uninstall McAfee Antivirus at one time.

Both Spamkiller and SpamButcher seem to be working ok. However AVG Email Scanner is going non-stop especially when I boot up but it NEVER goes off and I never had that problem with AVG before.

(Another minor problem I'm having lately is scrolling up with my mouse and noitce that the scrolling is almost delayed or slow motion when the page scrolls up)

Here is the Hijackthis log you requested:

ABF Outlook Express Backup
Ad-Aware SE Professional
Address Book Recovery 1.1.1
Adobe Acrobat 6.0 Professional - English, Français, Deutsch
Adobe Photoshop 7.0
Alcohol Soft - Alcohol 120% Toolbar
Alcohol Toolbar
aspi
AVG Anti-Virus 7.1
BitTorrent 4.20.4
Canon CanoCraft CS-P 3.7
Canon ScanGear Toolbox CS
CardRecovery
CCHelp
CCleaner (remove only)
CCScore
CleanUp!
CR2
CuteFTP
DAEMON Tools
DivX
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 2.9.7.5
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
ewido anti-spyware 4.0
ffdshow
Google Desktop Search
Google Toolbar for Firefox
Hide IP Platinum 2.5
HijackThis 1.99.1
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 6
Kazaa Lite Resurrection 0.0.8
K-Lite Codec Pack 2.72 Full
Kodak EasyShare software
KSU
LimeWire 4.9.28
MailWasher Free
McAfee.com SecurityCenter
McAfee.com SpamKiller
Mercury
Messenger Plus! 3 & Sponsor
MessengerDiscovery 3.0.0
Microsoft DirectX Transform optional components
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.6)
MSN Messenger 7.5
Musicmatch® Jukebox
Nero 6 Demo
Notifier
NVIDIA Windows 2000/XP Display Drivers
OE-Mail Recovery 1.7.6
Opera
OTtBP
Outlook Express Backup Genie v1.8
PCDLNCH
PCFriendly
PCI Audio Applications
PCI Audio Driver
Picasa 2
PowerDVD
QuickTime
Real Alternative 1.43
Registry Mechanic 5.0
RegistryFix v5.5
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SFR
SFR2
SpamButcher
Spybot - Search & Destroy 1.3
Spyware Doctor 3.8
TopMail
Ulead DVD MovieFactory 2
Ulead Photo Express 2.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
VideoLAN VLC media player 0.8.4a
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
winqfx16bit
WinRAR archiver
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm Pro

And I'm not using a legit copy of XP and because I did an update I get this awful annoying icon the same place I type in my password to log in to xp! It says "As for genuine microsoft software" and it times out after to request software and I just click notify me later button this all before I can log in my password to xp

Thanks again and I'll be stepping away for a bit but checking back periodically!

guestolo · « **Reply #16 on:** August 07, 2006, 06:10:43 PM »

Can you do the following
I want you to disable your spywareprotection with SpywareDoctor and keep it disabled until I inform you otherwise

To deactivate Spyware Doctor's OnGuard Tools

1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".

I would like to disable your filesharing programs from running on startup and see if it has anything to do with conflicting with AVG email scanner
Could be a port conflict

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Access your add/remove programs and remove
Spybot - Search & Destroy 1.3

Reboot your computer

Back in Windows
Download and Install Spybot 1.4 from
HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete

Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

Reboot the computer if any Red entries were fixed

Back in Windows
Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop and start GMER.exe
Click the Rootkit tab and click the Scan button.

Warning! Please DO NOT select the "Show all" checkbox during the scan.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.

If you're having problems with running GMER.exe, try it in safe mode. This tool works in safe mode. Most other rootkit revealers don't.

Download and save too desktop
F-Secure Blacklight(blbeta.exe)

Double click to run blbeta.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log". Please post that log .

Is AVG's email scanner actually scanning a download?
Does it give any indication what it's doing?

Quote

And I'm not using a legit copy of XP and because I did an update I get this awful annoying icon

Of course, the best course of action to resolve this is too purchase a legit license online
Or buy a legit copy of Windows and do a clean installation

The Napster · « **Reply #17 on:** August 08, 2006, 03:06:03 AM »

Try this again...

I couldn't post the entire reply in one message so I have to break it up into different parts:

Here is Part 1

Hello...

First, I simply deleted Spyware Doctor and that was the end of that!

New spybot installed etc...

I followed all the instructions however, I could not locate O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

when I performed hijack this and a "System scan only" here is that log:

Logfile of HijackThis v1.99.1
Scan saved at 3:11:36 AM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Al\Desktop\gmer.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Part 2 and the GMER split up in parts because it won't all fit in one post....

The Napster · « **Reply #18 on:** August 08, 2006, 03:45:07 AM »

[quote name=\'The Napster\' post=\'170417\' date=\'Aug 8 2006, 02:06 AM\']Try this again...

I couldn't post the entire reply in one message so I have to break it up into different parts:

Here is Part 1

Hello...

First, I simply deleted Spyware Doctor and that was the end of that!
New spybot installed etc...
I followed all the instructions however, I could not locate O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

when I performed hijack this and a "System scan only" here is that log:

Logfile of HijackThis v1.99.1
Scan saved at 3:11:36 AM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Al\Desktop\gmer.exe
C:\Documents and Settings\Al\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mcupdmgr.exe - LT - (no file)
O23 - Service: MCVSRte - LT - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Part 2 and the GMER split up in parts because it won't all fit in one post....[/quote]

Well having nothing but problems posting the entire GMER log so maybe tomorrow you can help me with this or I can send you the txt in an email...

Thanks.

guestolo · « **Reply #19 on:** August 08, 2006, 04:16:58 AM »

I hope you followed my instructions with GMER
Unzip it to the desktop and start GMER.exe
Click the Rootkit tab and click the Scan button.

Warning! Please DO NOT select the "Show all" checkbox during the scan.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.

Also, I need you to post the log from F-Secure Blacklight

Don't quote anything you already posted
Use the space to post the logs!

News:

Author Topic: Virus-Worm/VB.SO -Hijackthis Log (Read 6475 times)