well my neice sent me or a file thru msn or should i say her comp sent me a file & like an idiot i opened it & that's where the story begins, ive got many things on my comp & cant get rid of them, ive done a full system restore on my comp & have downloaded the follwing AVG,ANTIVIR PE CLASSIC,AD-WARE SE PERSONAL,SPYBOT S&D,CCLEANER,HIJACK THIS,BFU,KILLBOX,COMBOFIX, & SMITREM, but have had no luck with getting all the crap off my comp below is a log off hijack this im not to sure if this will help but ive read a few other topic's & i think thats what ppl post.
Logfile of HijackThis v1.99.1
Scan saved at 19:19:00, on 13/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Mr & Mrs Montana\Desktop\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D98AC03D-F460-48BC-853E-927A79F6F32D}: NameServer = 80.225.248.50 80.225.253.50
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\q668lgju16o8.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Windows Windows Sheduler (Microsoft Windows Scheduled Tasker) - Unknown owner - C:\WINDOWS\eiRecvr.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
& BELOW IS MY AVG REPORT
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:33:27 13/10/2006
+ Scan result:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XAJO9S3\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fp8q03l5e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lvjs0917e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[1132] C:\WINDOWS\system32\wehip6.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[1620] C:\WINDOWS\system32\wehip6.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XAJO9S3\wack[1].exe/rmsyrup.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\wacky32.exe/rmsyrup.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lviss.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\WINDOWS\system32\setup_06172.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\WINDOWS\system32\setup_60733.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Documents and Settings\Mr & Mrs Montana\Cookies\mr & mrs montana@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mr & Mrs Montana\Cookies\mr & mrs [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mr & Mrs Montana\Cookies\mr & mrs [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mr & Mrs Montana\Cookies\mr & mrs montana@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Mr & Mrs Montana\Cookies\mr & mrs montana@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mr & Mrs Montana\Cookies\mr & mrs [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Any replies will be grately appriceated ( however u spell that lol)
thanks guys xxxx