Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pls Help .

Started by Figgy , May 03 2005 02:00 AM

  • Please log in to reply

#1
Figgy
Posted 03 May 2005 - 02:00 AM

Figgy

    New Member

  • Member
  • Pip
  • 2 posts
Here is my log .

Logfile of HijackThis v1.99.1
Scan saved at 3:58:22 PM, on 5/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\System32\RUNDLL32.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\windows\System32\devldr32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\SingTel Magix\Magix RAS Session Manager\Magix RAS Session Manager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAP\DAP.exe
D:\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Magix] "C:\Program Files\SingTel Magix\Magix RAS Session Manager\Magix RAS Session Manager.exe" "Magix"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [VirtualDrive] "D:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [Microsoft Video Capture Controls] NTFIX.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSN] msn.exe
O4 - HKCU\..\Run: [Msn Update Manager] MsnUpdate.exe
O4 - HKCU\..\Run: [fourbat] C:\DOCUME~1\Figgy\APPLIC~1\BOOBBR~1\birdelse.exe
O4 - HKCU\..\RunServices: [Msn Update Manager] MsnUpdate.exe
O4 - HKCU\..\RunServices: [MSN] msn.exe
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: VirtualDrive Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101024884575
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: ASP.NET Admin Service (aspnet_admin) - Unknown owner - C:\windows\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IpReleaseNT - Unknown owner - C:\Program Files\SingTel Magix\Magix RAS Session Manager\IpReleaseNT.exe
O23 - Service: MySql - Unknown owner - D:/Program Files/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

Advertisements

#2
Metallica
Posted 03 May 2005 - 08:06 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,004 posts
Hi Figgy,

The file you asked about is most likely LOP (probably came with MessengerPlus).

Before we start can you please disable AdWatch and SpywareGuard so they don't interfere with our fixes.

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O4 - HKCU\..\Run: [Microsoft Video Capture Controls] NTFIX.exe

O4 - HKCU\..\Run: [MSN] msn.exe
O4 - HKCU\..\Run: [Msn Update Manager] MsnUpdate.exe
O4 - HKCU\..\Run: [fourbat] C:\DOCUME~1\Figgy\APPLIC~1\BOOBBR~1\birdelse.exe
O4 - HKCU\..\RunServices: [Msn Update Manager] MsnUpdate.exe
O4 - HKCU\..\RunServices: [MSN] msn.exe

O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe <= No need to run that everytime, just now and then to check for updates, maybe once a week

Reboot into safe mode and delete:
C:\DOCUMENTS AND SETTINGS\Figgy\APPLICATION DATA\BOOBBR~1 <= foldername abbreviated but delete the one holding birdelse.exe <= entire folder

Boot normally.
Download and unzip to one folder:
http://metallica.gee...com/findlop.zip

Inside the folder find findlop.bat

Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post along with the new HijackThis log

Regards,
  • 0

#3
Figgy
Posted 04 May 2005 - 06:18 AM

Figgy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
here the new log =((((

Logfile of HijackThis v1.99.1
Scan saved at 8:16:28 PM, on 5/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\System32\RUNDLL32.EXE
C:\Program Files\SingTel Magix\Magix RAS Session Manager\Magix RAS Session Manager.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\wuauclt.exe
C:\windows\system32\notepad.exe
C:\windows\System32\devldr32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Magix] "C:\Program Files\SingTel Magix\Magix RAS Session Manager\Magix RAS Session Manager.exe" "Magix"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [VirtualDrive] "D:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Microsoft Video Capture Controls] NTFIX.exe
O4 - HKCU\..\Run: [Msn Update Manager] MsnUpdate.exe
O4 - HKCU\..\Run: [fourbat] C:\DOCUME~1\Figgy\APPLIC~1\BOOBBR~1\birdelse.exe
O4 - HKCU\..\Run: [MSN] msn.exe
O4 - HKCU\..\RunServices: [Msn Update Manager] MsnUpdate.exe
O4 - HKCU\..\RunServices: [MSN] msn.exe
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: VirtualDrive Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101024884575
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: ASP.NET Admin Service (aspnet_admin) - Unknown owner - C:\windows\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: IpReleaseNT - Unknown owner - C:\Program Files\SingTel Magix\Magix RAS Session Manager\IpReleaseNT.exe
O23 - Service: MySql - Unknown owner - D:/Program Files/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

here the findlop log

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AC3B831F918035EB.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\figgy\applic~1\boobbr~1\Audio bike bags.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Figgy'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 03/28/2005 18:00:00
NextRun: 05/04/2005 21:00:00
StartError: 0x80070003
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/01/1996
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AD27A72695C05992.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\figgy\applic~1\boobbr~1\Audio bike bags.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Figgy'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 03/28/2005 18:00:00
NextRun: 05/04/2005 21:00:00
StartError: 0x80070003
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/24/2001
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'BBA46E90831FE0E8.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\figgy\applic~1\boobbr~1\Audio bike bags.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Figgy'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 03/28/2005 18:00:01
NextRun: 05/04/2005 21:00:00
StartError: 0x80070003
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/05/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Figgy'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_DISABLED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 1
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 05/03/2005
EndDate: 00/00/0000
StartTime: 17:05
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

sadly the birdelse thingy is still there ...
  • 0

#4
Metallica
Posted 04 May 2005 - 06:38 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,004 posts
It looks as if the files are gone, but the log still needs some work.

Copy the part in bold below into notepad and save it as deltasks.bat , save it to the same folder as findlop.bat:

@echo off
jt /sd AC3B831F918035EB.job
jt /sd AD27A72695C05992.job
jt /sd BBA46E90831FE0E8.job
if exist c:\tasks.txt del c:\tasks.txt
jt /se >>c:\tasks.txt


Disable AdWatch and please don't trun it back on until I tell you to.


Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - HKCU\..\Run: [Microsoft Video Capture Controls] NTFIX.exe
O4 - HKCU\..\Run: [Msn Update Manager] MsnUpdate.exe
O4 - HKCU\..\Run: [fourbat] C:\DOCUME~1\Figgy\APPLIC~1\BOOBBR~1\birdelse.exe
O4 - HKCU\..\Run: [MSN] msn.exe
O4 - HKCU\..\RunServices: [Msn Update Manager] MsnUpdate.exe
O4 - HKCU\..\RunServices: [MSN] msn.exe
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe

Reboot into safe mode and delete:
c:\documents and settings\figgy\application data\boobbr~1 <= foldername abbreviated, delete the entire folder that holds the file Audio bike bags.exe

Post back with a new log.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP