Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Msn Virus

Started by Adam44 , Oct 11 2006 02:37 AM

  • This topic is locked This topic is locked

#1
Adam44
Posted 11 October 2006 - 02:37 AM

Adam44

    Member

  • Member
  • PipPip
  • 11 posts
Hey,

Recently i was on msn messenger, and on of my friends said to me " Hey! Is this you?" with a link beside it. I clicked the link, and moments later, something was installed onto my computer, and now it is running extremely slow. Internet explorer has changed its homepage and, i am getting a number of "Phishing" websites for ebay. I really need my computer for studying. I am at Uni.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:25:08 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\{F04F90AC-09BB-1033-1202-03051220003d}\Update.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\r_server.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Milton\Desktop\Security\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/shtevey
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Windows APCI Verifier] dhcpserv.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Milton\Desktop\Yinstall.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows APCI Verifier] dhcpserv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - Startup: Slide.exe.lnk = C:\Program Files\Slide\Slide.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101982174525
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.co...1.21/tukati.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{677864ED-41CC-4B26-AAE8-1AB00C647872}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{70CB1D38-1E2F-4C54-A479-995974AA5F1E}: NameServer = 203.2.75.132,198.142.0.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{90EE02DC-EFB5-4E4B-9573-04286B3C711A}: NameServer = 192.168.0.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Thanks in advance
Adam
  • 0

Advertisements

#2
JSntgRvr
Posted 11 October 2006 - 05:14 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Adam44 :whistling:

Welcome to Geeks to go.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Download the enclosed file: [attachment=11132:attachment]
Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
    C:\Documents and Settings\Milton\Desktop\Yinstall.exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Ewido is now AVG Antispyware. Please remove Ewido from your installed programs.

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly

Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Perform the following steps in safe mode:
  • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware .
Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Restart back into Windows normally now.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post a fresh Hijackthis log along with the AVG Anti-spyware and ActiveScan reports.
  • 0

#3
Adam44
Posted 12 October 2006 - 07:00 AM

Adam44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey, thanks for the reply

Ive done everything youve asked

Here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:57:23 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Milton\Desktop\Security\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/shtevey
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Windows APCI Verifier] dhcpserv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Windows APCI Verifier] dhcpserv.exe
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Slide.exe.lnk = C:\Program Files\Slide\Slide.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101982174525
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.co...1.21/tukati.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{677864ED-41CC-4B26-AAE8-1AB00C647872}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{70CB1D38-1E2F-4C54-A479-995974AA5F1E}: NameServer = 203.2.75.132,198.142.0.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{90EE02DC-EFB5-4E4B-9573-04286B3C711A}: NameServer = 192.168.0.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Here is the AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:54:02 PM 12/10/2006

+ Scan result:



C:\Documents and Settings\Milton\Local Settings\Temporary Internet Files\Content.IE5\458NO787\Yinstall[1].mp3 -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\Yinstall.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{304F90AC-09BB-1033-1202-03051220003d}\MyToolBar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{F04F90AC-09BB-1033-1202-03051220003d}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{F04F90AC-09BB-1033-1202-03051220003d}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\MSN Messenger\msnmsgr.exe -> Backdoor.Agent.fs : Cleaned with backup (quarantined).
C:\ovvpecjh.exe -> Downloader.Small.ctf : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Desktop\GoogleToolbarInstaller.exe -> Dropper.Inflator.a : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.453:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.502:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.503:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.504:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.78:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.92:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.477:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Counted : Cleaned.
:mozilla.33:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.34:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.35:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.509:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.510:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.511:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.512:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.513:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.514:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.515:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.516:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.517:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.336:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.353:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.354:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.355:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.356:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.357:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.100:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.115:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.116:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.119:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.120:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.121:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.365:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.366:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.367:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.368:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.369:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.370:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.371:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.372:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.373:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.374:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.375:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.376:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.377:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.378:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.379:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.380:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.391:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.392:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.393:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.394:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.428:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.429:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.430:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.442:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.459:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.460:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.461:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.450:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.451:C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\Temp\$_3472452.EXE -> Trojan.Sinowal.az : Cleaned with backup (quarantined).
C:\jttsdgjj.exe -> Trojan.Sinowal.az : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.bd : Cleaned with backup (quarantined).
C:\Documents and Settings\Milton\Local Settings\Temporary Internet Files\Content.IE5\QRBTM990\GFORCE[1].exe -> Worm.VB.ao : Cleaned with backup (quarantined).
C:\WINDOWS\b.exe -> Worm.VB.ao : Cleaned with backup (quarantined).


::Report end

And here is my Active scan report:

Incident Status Location

Virus:trj/torpig.a Disinfected Operating system
Adware:adware/ncase Not disinfected c:\windows\msbb.exe.temp
Adware:adware/dluxde Not disinfected c:\program files\linksw
Adware:adware/sahagent Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt[lb1.netster.com/]
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Milton\Application Data\Mozilla\Firefox\Profiles\u38nrx3a.default\cookies.txt[lb3.netster.com/]
Virus:Trj/Agent.CUO Disinfected C:\ffgwmpsk.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{304F90AC-09BB-1033-1202-03051220003d}\Activate.exe
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{304F90AC-09BB-1033-1202-03051220003d}\Uninst.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\mny.exe
Virus:W32/Netsky.D.worm Disinfected Local Folders\Deleted Items\Re: Here\yours.pif
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: Sex pictures\www.freeporn4all.pif
Hacktool:Exploit/iFrame Not disinfected Local Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Hi\patch3425.pif
Hacktool:Exploit/iFrame Not disinfected Local Folders\Deleted Items\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.D.worm Disinfected Local Folders\Deleted Items\Re: My details\my_details.pif
Virus:W32/Netsky.D.worm Disinfected Local Folders\Deleted Items\Re: Thanks!\message_part2.pif
Virus:W32/Netsky.D.worm Disinfected Local Folders\Deleted Items\Re: Your letter\your_letter.pif
Virus:W32/Bagle.BK.worm!CME-245 Disinfected Local Folders\Deleted Items\Delivery service mail\wsd01.scr
Virus:W32/Bagle.BK.worm!CME-245 Disinfected Local Folders\Deleted Items\You are made active\zupd02.scr
Virus:W32/Netsky.D.worm Disinfected Local Folders\Deleted Items\Re: Your website\your_website.pif
Virus:W32/Sober.AH.worm!CME-681 Disinfected Local Folders\Deleted Items\Your IP was logged\list.zip[File-packed_dataInfo.exe]
Virus:W32/Sober.AH.worm!CME-681 Disinfected Local Folders\Deleted Items\smtp mail failed\mail_body.zip[File-packed_dataInfo.exe]
Virus:W32/Sober.AH.worm!CME-681 Disinfected Local Folders\Deleted Items\You visit illegal websites\list.zip[File-packed_dataInfo.exe]
Hacktool:Exploit/iFrame Not disinfected Local Folders\Inbox\Mail Delivery (failure [email protected])
Virus:W32/Netsky.P.worm Disinfected Local Folders\Inbox\Mail Delivery (failure [email protected])\message.scr
Virus:W32/Netsky.P.worm Disinfected Local Folders\Inbox\Re: Protected Mail System\message.zip[details.txt .pif]
Virus:W32/Netsky.D.worm Disinfected Local Folders\Inbox\Re: Your letter\your_letter.pif
Adware:Adware/CWS.Yexe Not disinfected Local Folders\Norton AntiSpam Folder\[Norton AntiSpam] screen saver\web.exe
Virus:W32/Netsky.D.worm Disinfected Local Folders\Norton AntiSpam Folder\[Norton AntiSpam] Re: Your software\application.pif
  • 0

#4
JSntgRvr
Posted 12 October 2006 - 11:51 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Adam44 :whistling:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Windows APCI Verifier] dhcpserv.exe
O4 - HKLM\..\RunServices: [Windows APCI Verifier] dhcpserv.exe

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Run Killbox.exe. Paste the following locations into Killbox one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click no...and proceed with the next file. Once you get to the last one click YES and it will reboot.

c:\windows\msbb.exe.temp
c:\program files\linksw\
C:\Windows\System32\dhcpserv.exe

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Post a fresh Hijackthis log and let me know how is the computer doing?
  • 0

#5
Adam44
Posted 12 October 2006 - 07:25 PM

Adam44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey, thanks again for the reply, Ive done everything u asked, and the computer is definatly running faster, but is still a bit on the slow side, is there anything else i can do to speed it up?

Here is my new HLT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:24:03 AM, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Milton\Desktop\Security\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/shtevey
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O4 - Startup: Slide.exe.lnk = C:\Program Files\Slide\Slide.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101982174525
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.co...1.21/tukati.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{677864ED-41CC-4B26-AAE8-1AB00C647872}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{70CB1D38-1E2F-4C54-A479-995974AA5F1E}: NameServer = 203.2.75.132,198.142.0.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{90EE02DC-EFB5-4E4B-9573-04286B3C711A}: NameServer = 192.168.0.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

#6
JSntgRvr
Posted 13 October 2006 - 09:54 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Adam44 :whistling:

I see entries for McAfee and Norton, but no services related to these. Which Antivirus is active in your computer?

1. Open HijackThis, click Config, click Misc Tools
2. Click "Open Uninstall Manager"
3. Click "Save List" (generates uninstall_list.txt)
4. Click Save, copy and paste the results in your next post.
  • 0

#7
JSntgRvr
Posted 22 October 2006 - 01:33 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP