Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

lop spyware - remove


  • Please log in to reply

#1
Dominicc2003

Dominicc2003

    Member

  • Member
  • PipPipPip
  • 120 posts
Hey good geeks! :tazz:
I read one of your topics - http://www.geekstogo...VED-t41198.html about removing lop spyware fully and I have the same problem as that man.

Do you think my logs will be the same as his? I have windows XP and i got my spyware from MSN messenger "plus".

I don't have norton internet security 2005 because my mum put it on her laptop, disabling it on my PC ;)

I'm about to do the same process as in the forum, cross your fingers for me!
:)
  • 0

Advertisements


#2
POADB

POADB

    Visiting Staff

  • Member
  • PipPip
  • 46 posts
Here's what you can do....

AdAware SE v1.06

Download, install, update, configure and run a scan with Ad-aware SE v1.06:
  • Download and Install AdAware SE Personal, keeping the default options. However, some of the settings will need to be changed before your first scan.
  • Close ALL windows except Ad-Aware SE.
  • Click on the ‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
  • Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
    • In the ‘General’ window make sure the following are selected in green:
      • Under [Safety]:
        • Automatically save log-file
      • Automatically quarantine objects prior to removal
      • Safe Mode (always request confirmation)
    • Under [Definitions]:
      • Prompt to update outdated definitions - set the [number of days]
  • Click on the ‘Scanning’ button on the left and select in green:
    • Under [Driver, Folders & Files]:
      • Scan Within Archives
    • Under Select drives & folders to scan:
      • choose all hard drives
    • Under [Memory & Registry]: all green
      • Scan Active Processes
      • Scan Registry
      • Deep Scan Registry
      • Scan my IE favorites for banned URL’s
      • Scan my Hosts file
  • Click on the [‘Advanced’] button on the left and select in green:
    • Under [Shell Integration]:
      • Move deleted files to recycle bin
    • Under [Logfile Detail Level]: all green
      • include addtional object information
      • DESELECT - include negligible objects information
      • include environment information
    • Under [Alternate Data Streams]:
      • Don't log streams smaller than 0 bytes
      • Don't log ADS with the following names: [CA_INOCULATEIT]
  • Click the ‘Tweak’ button and select in green:
    • Under [Scanning Engine]:
      • Unload recognized processes during scanning
      • Scan registry for all users instead of current user only
    • Under [Cleaning Engine]:
      • Let Windows remove files in use at next reboot
    • Under [Log Files]:
      • Include basic Ad-aware SE settings in logfile
      • Include additional Ad-aware SE settings in logfile
      • Please do not Select: Include Module list in logfile
  • Click on ‘Proceed’ to save the settings.
  • Click ‘Start’
  • Choose 'Perform Full System Scan'
  • DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
  • Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
  • If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
  • Right-click on the list and choose [Select All]
  • Click the [Next] button to finish removing the items that were found
  • When finished, REBOOT to complete the removal of what Ad-Aware SE found
~~~~~~~~~~~~~~~

Download Spybot S&D.
  • After you have installed it, Click on the Search for Updates button. Install any updates that are available.
  • Go to the Mode menu and choose Advanced Mode.
  • Next click on Immunize to your left.
  • In the ensuing window, Click the Immunize button (green cross) on top to Immunize your computer - you should do this each time there is an update.
  • Click on the 'Spybot-S&D' option on the top left to go back to the main screen.
  • Click on the Check for Problems button. Let it run the scan.
  • If it finds something, Select all those in RED and hit the Fix Selected Problems button.
  • Exit Spybot.
If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.


~~~~~~~~~~~~~~~

After running the above programs, download HiJackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HiJackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose [Do a system scan and save a logfile].
2. If you don't get the intro screen, just hit [Scan] and then click on [Save log].
3. Post the HiJackThis.log file here. Do not fix anything in HiJackThis since they may be harmless.
  • 0

#3
Dominicc2003

Dominicc2003

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Thanks, i'll post the log some time tomorrow, right now i'm thinking about making a program to do stuff...

Very vague at the moment :tazz:

I vill b back!
  • 0

#4
Dominicc2003

Dominicc2003

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Ok, did what you said, the Hijack THI!log is below, i also have one from Ad-Aware SE if you need, just ask...




Logfile of HijackThis v1.99.1
Scan saved at 09:53:37, on 15/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Integrator.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pvuhzmfml...AE/EuDcOVaI.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...e all lop&meta=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B382B122-8328-E0AE-1987-7A96F9361858} - C:\DOCUME~1\Dominic\APPLIC~1\CREATI~1\Nurb Roam.exe (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Absolute StartUp monitor] C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Does Readme] C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\Datebikelive.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .MP4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#5
POADB

POADB

    Visiting Staff

  • Member
  • PipPip
  • 46 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Create a new Folder and call it LOP
Download and unzip the following to the LOP folder you just created:
http://metallica.gee...com/findlop.zip

Inside the folder find findlop.bat
Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pvuhzmfml...AE/EuDcOVaI.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...e all lop&meta=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B382B122-8328-E0AE-1987-7A96F9361858} - C:\DOCUME~1\Dominic\APPLIC~1\CREATI~1\Nurb Roam.exe (file missing)
O4 - HKCU\..\Run: [Does Readme] C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\Datebikelive.exe


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\DOCUME~1\Dominic\APPLIC~1\CREATI~1\Nurb Roam.exe
C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\Datebikelive.exe

Reboot
and run a new HijackThis scan. Save the log file and post it here.

Perform an online scan in Internet Explorer with Panda ActiveScan
  • Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  • Click On 'Scan Now'
  • Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  • Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  • If it finds any malware, it will offer you a report. Click on see report
  • Then click Save report
  • Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
  • 0

#6
Dominicc2003

Dominicc2003

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Ok, some problems but did what i could:

Overview:
Below, are the logs.
Most of the things that were detected by HJT have re-appeared.
Panda active scan didn't work even though i have plenty of disk-space, free RAM and have active-X alowed (my pop-up blocker is disabled too along with the windows one) [ Therefore i haven't got a log of that] :'(
In the folder "Anticlock", i have loads of other weird-sounding files, should i just delete the whole folder?

I am very greatful woth your help so far :tazz:

1. Findlop log:

===============================================

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Tune-up Application Start.job'
[TRACE] Printing all job properties

ApplicationName: 'walign'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'mleo'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 03/05/2005 19:00:00
NextRun: 09/03/2005 9:00:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 1
KillIfGoingOnBatteries = 1
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

8 Triggers

Trigger 0:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ...W...
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 09:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ...W...
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 14:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 2:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ...W...
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 19:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 3:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ...W...
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 23:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 4:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ......A
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 09:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 5:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ......A
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 14:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 6:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ......A
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 19:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 7:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ......A
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 23:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'user1'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 08/16/2005 19:48:00
NextRun: 08/16/2005 23:48:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 08/16/2005
EndDate: 00/00/0000
StartTime: 23:48
MinutesDuration: 1440
MinutesInterval: 240
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AC51CF0C919241D0.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\user1\applic~1\anticl~1\platform size fork.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'user1'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 08/13/2005 20:59:59
NextRun: 08/16/2005 20:00:00
StartError: 0x80070003
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/15/1998
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'XoftSpy.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\XoftSpy\XoftSpy.exe'
Parameters: '-t'
WorkingDirectory: 'C:\Program Files\XoftSpy'
Comment: 'Runs XoftSpy at Scheduled Time.'
Creator: 'Dominic'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_NOT_SCHEDULED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers


[TRACE] Activating job 'A59A8A9C918505D8.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\dominic\applic~1\anticl~1\platform size fork.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Dominic'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 08/15/2005 17:00:05
NextRun: 08/16/2005 20:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/14/2001
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


===============================================
===============================================

2. Hi jack this scan (after reboot)

===============================================

Logfile of HijackThis v1.99.1
Scan saved at 20:07:42, on 16/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Integrator.exe
C:\Documents and Settings\Dominic\My Documents\test33.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hgdvkjqjj...E/EuDcOVaI.html
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Absolute StartUp monitor] C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Does Readme] C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\Datebikelive.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

===============================================
===============================================

3. No PANDA log availible as stated in the overveiw :)


THANKS 4 ALL YOUR GR8 HELP SO FAR! :)
  • 0

#7
POADB

POADB

    Visiting Staff

  • Member
  • PipPip
  • 46 posts
OK - the investigating tools seemed to have paid off - lets see if we can kill LOP :tazz:

Save the next instructions in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. You should not have any browsers on.

If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.

It is also important you don't miss a step and perform everything in the right order!!. .


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

Unplug your computer from the Internet when you have finished downloading


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Go to Control Panel > Scheduled Tasks > and delete the following:

AC51CF0C919241D0.job
A59A8A9C918505D8.job


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Enable the viewing of Hidden files
  • From Windows Explorer, go to Tools>Folder Options>View tab.
  • Enable the option for `Show hidden files and folder´
  • Disable the option for `Hide file extensions for known types´
  • Disable the option for `Hide protected operating system files´
  • Click Yes to confirm & then click OK
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hgdvkjqjj...E/EuDcOVaI.html O4 - HKCU\..\Run: [Does Readme] C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\Datebikelive.exe


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Locate and delete the following folder(s), if present:
  • C:\DOCUME~1\Dominic\APPLIC~1\ANTICLOCK\

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


REBOOT

Do an online scan at one of the following sites:Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:
  • HiJackThis
  • Online scan
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
  • 0

#8
Dominicc2003

Dominicc2003

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Do i have to do ALL this (apart from the online stuff) oin safe mode?

Even the trend micro scan?
  • 0

#9
POADB

POADB

    Visiting Staff

  • Member
  • PipPip
  • 46 posts
My instructions don't include Safe Mode. Everything in the above is in Normal Mode unless otherwise stated. :tazz:
  • 0

#10
Dominicc2003

Dominicc2003

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Antispyware log (Trend Micro)

=====================================================

Started Scanning
Internet Cookies
Found 'qksrv.net' in 'Internet Explorer Cache'
Found 'adultfriendfinder.com' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'hitbox.com' in 'Internet Explorer Cache'
Found 'serving-sys.com' in 'Internet Explorer Cache'
Found 'advertising.com' in 'Internet Explorer Cache'
Found 'trafficmp.com' in 'Internet Explorer Cache'
Found 'as-us.falkag.net' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'apmebf.com' in 'Internet Explorer Cache'
Found 'mediaplex.com' in 'Internet Explorer Cache'
Found 'zedo.com' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Found 'adopt.hotbar.com' in 'Internet Explorer Cache'
Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Found 'hypertracker.com' in 'Internet Explorer Cache'
Found 'spylog.com' in 'Internet Explorer Cache'
Found 'revenue.net' in 'Internet Explorer Cache'
Found 'bluestreak.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'servedby.advertising.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'stats1.clicktracks.com' in 'Internet Explorer Cache'
Found 'statcounter.com' in 'Internet Explorer Cache'
Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Found 'ads.cc214142.com' in 'Internet Explorer Cache'
Found 'as1.falkag.de' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Internet URL Shortcuts
Files and Directories
Found 'skin.cfx' in 'C:\Documents and Settings\Dominic\My Documents\money\60c-per-hr'
Found 'LimeWire20.dll' in 'C:\Documents and Settings\Dominic\My Documents\limewire'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Dominic\My Documents\money\60c-per-hr\skin.cfx' in shortcut areas.
Checking for 'C:\Documents and Settings\Dominic\My Documents\money\60c-per-hr\skin.cfx' in startup areas.
Cleaning 'C:\Documents and Settings\Dominic\My Documents\money\60c-per-hr\skin.cfx'
Finished Cleaning


=====================================================

Hijack this log (new) :

=====================================================

Logfile of HijackThis v1.99.1
Scan saved at 10:29:43, on 17/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Integrator.exe
C:\HJT\HijackThis.exe

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Absolute StartUp monitor] C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Does Readme] C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\Datebikelive.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

=====================================================

All the online scans didn't seem to work and i finally managed to do about half of one and got the following results (none were cleaned, no option to) :


=====================================================

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, August 17, 2005 10:26:48
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/08/2005
Kaspersky Anti-Virus database records: 135583
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 31343
Number of viruses found: 17
Number of infected objects: 110
Number of suspicious objects: 0
Duration of the scan process: 2563 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP87\A0072809.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP87\A0072810.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP87\A0072811.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP89\A0075073.exe Infected: Trojan-Downloader.Win32.Swizzor.dc
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP89\A0075074.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP89\A0075081.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP89\A0075082.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP89\A0075112.exe Infected: Trojan-Downloader.Win32.Swizzor.dc
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP89\A0075114.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP89\A0075115.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP89\A0075116.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076141.exe Infected: Trojan-Downloader.Win32.Swizzor.dc
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076143.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076144.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076145.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076146.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076147.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076267.exe Infected: Trojan-Downloader.Win32.Swizzor.dc
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076269.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076270.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076271.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076272.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076273.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP90\A0076274.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP91\A0076315.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP91\A0076355.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP91\A0076357.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP91\A0076358.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP91\A0076359.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP91\A0076360.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP91\A0076361.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP91\A0076362.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP91\A0076363.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP93\A0076437.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP93\A0076439.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP93\A0076440.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP93\A0076441.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP93\A0076442.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP93\A0076443.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP93\A0076444.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP93\A0076445.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP93\A0076446.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP99\A0080054.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP100\A0080089.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080317.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080318.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080319.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080320.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080321.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080322.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080323.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080324.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080325.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080404.exe Infected: Trojan-Downloader.Win32.Swizzor.dg
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080406.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080407.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080408.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080409.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080410.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080411.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080413.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080414.exe Infected: Trojan-Downloader.Win32.Swizzor.dj
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080415.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP105\A0081714.hta Infected: Trojan-Dropper.VBS.Zerolin
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP105\A0081715.exe Infected: Trojan.Win32.VB.kc
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP105\A0081716.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP105\A0081717.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP105\A0081718.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP105\A0081719.exe Infected: Trojan.Win32.Crypt.e
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP105\A0081720.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP105\A0081721.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP105\A0081722.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0082460.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0082461.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0082462.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0082463.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0082464.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0082465.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0082466.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0082468.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0082469.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0082470.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083536.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083537.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083538.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083539.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083540.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083541.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083543.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083545.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083547.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083548.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083550.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083551.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083552.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083554.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083555.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083556.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083557.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083588.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP108\A0084691.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP109\A0085702.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP109\A0085703.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP109\A0085704.exe Infected: Trojan-Downloader.Win32.Swizzor.di
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP109\A0085705.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP109\A0085706.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP109\A0085707.exe Infected: Trojan-Downloader.Win32.Swizzor.dr
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP109\A0085709.exe Infected: Trojan-Downloader.Win32.Swizzor.dh
C:\WINDOWS\tcpip32.exe Infected: Trojan-Downloader.Win32.Small.fg
C:\WINDOWS\pkg02.exe Infected: Trojan-Downloader.Win32.Small.fg

Scan was interrupted by user!


==========================================================================================================


Arrrgghh! This is getting so annoying!
  • 0

Advertisements


#11
POADB

POADB

    Visiting Staff

  • Member
  • PipPip
  • 46 posts
It's unfortunate that the scan was stopped. The majority of the results live in System Restore points, which we will flisy once your system is clean.

Delete these two files:

C:\WINDOWS\tcpip32.exe
C:\WINDOWS\pkg02.exe


Download Ewido Security Suite - Install & Update it's database but do not run it yet.

(Please make sure you update ewido)

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


REBOOT TO SAFE MODE
  • Restart the computer. The computer begins processing a set of instructions known as BIOS.
  • As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
  • Continue to do so until the 'Windows Advanced Options' menu appears.
  • Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


** Please disable all other antivirus programs before proceeding.**

Run Ewido:
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click OK
  • Once finished, click the Save report button
  • Save the report to your desktop
Close Ewido
* Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO NORMAL MODE

And re run the FindLOP. The folder C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\ that I asked you to delete seems to have returned.

In your next post I'll need:
  • Ewido Results
  • FindLop Results
  • NEW HJT scan

  • 0

#12
Dominicc2003

Dominicc2003

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
kk, can you stay on?

I shouldn't be too long seeing as i already have ewido... :tazz:
  • 0

#13
Dominicc2003

Dominicc2003

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Not much success:
here are the logs:

Ewido log:

=====================================================

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 15:05:44, 17/08/2005
+ Report-Checksum: 7FAD20CF

+ Scan result:

C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP94\A0077000.exe -> TrojanDownloader.Swizzor.ck : Cleaned with backup
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP103\A0080309.exe -> TrojanDownloader.Swizzor.ck : Cleaned with backup
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP105\A0081713.exe -> TrojanDownloader.Small.akz : Cleaned with backup
C:\System Volume Information\_restore{1D5AB1BC-B54A-443C-8B40-3FAA0E9DFCE5}\RP106\A0083533.exe -> TrojanDownloader.Swizzor.ck : Cleaned with backup
C:\Documents and Settings\user1\Cookies\user1@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\user1\Cookies\user1@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\user1\Cookies\user1@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\user1\Cookies\user1@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\user1\Cookies\user1@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\user1\Cookies\user1@microsofteup.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dominic\Desktop\uninstaller\universal_uninstaller.exe -> TrojanDownloader.Swizzor.ck : Cleaned with backup
C:\Documents and Settings\Dominic\Cookies\dominic@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Dominic\Cookies\dominic@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Dominic\Cookies\dominic@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Dominic\Cookies\dominic@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Dominic\Cookies\dominic@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Dominic\Cookies\dominic@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Dominic\Cookies\dominic@ad.adition[2].txt -> Spyware.Cookie.Adition : Cleaned with backup
C:\Documents and Settings\Dominic\Cookies\dominic@e-2dj6wflisic5kkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dominic\Cookies\dominic@ayb.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup


::Report End


==========================================================================================================

Findlop log:

=====================================================

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Tune-up Application Start.job'
[TRACE] Printing all job properties

ApplicationName: 'walign'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'mleo'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 03/05/2005 19:00:00
NextRun: 09/03/2005 9:00:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 1
KillIfGoingOnBatteries = 1
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

8 Triggers

Trigger 0:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ...W...
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 09:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ...W...
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 14:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 2:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ...W...
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 19:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 3:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ...W...
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 23:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 4:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ......A
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 09:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 5:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ......A
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 14:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 6:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ......A
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 19:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 7:
Type: MonthlyDOW
Week: 1
DaysOfTheWeek: ......A
Months: JanFebMarAprMayJunJulAugSepOctNovDec
StartDate: 11/22/1997
EndDate: 00/00/0000
StartTime: 23:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'XoftSpy.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\XoftSpy\XoftSpy.exe'
Parameters: '-t'
WorkingDirectory: 'C:\Program Files\XoftSpy'
Comment: 'Runs XoftSpy at Scheduled Time.'
Creator: 'Dominic'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_NOT_SCHEDULED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers


==========================================================================================================

HiJack this log:

=====================================================

Logfile of HijackThis v1.99.1
Scan saved at 15:09:27, on 17/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Absolute StartUp monitor] C:\Program Files\F-Group\Absolute StartUp\ASMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Does Readme] C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\Datebikelive.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


==========================================================================================================


:tazz: Why wont anything work!?

Thanks 4 help so far :)
  • 0

#14
POADB

POADB

    Visiting Staff

  • Member
  • PipPip
  • 46 posts
Run HJT and fic this entry:

O4 - HKCU\..\Run: [Does Readme] C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\Datebikelive.exe


Then delete the folder:

C:\DOCUME~1\Dominic\APPLIC~1\ANTICLOCK\


Run HJT again, and make sur ethat entry has not returned. Update Adaware and run it, fix anything it finds, and then run another HJT scan and return the log to make sure that sucker has gone. It didn't show up in the FindLOP log this time.
  • 0

#15
Dominicc2003

Dominicc2003

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Good news and bad news:

Bad news:

"O4 - HKCU\..\Run: [Does Readme] C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\Datebikelive.exe" wont disappear.

Medium news:

Only one thing to do with lop was detected by ad-aware, that was just a tracking cookie.

GOOD NEWS! :tazz:

Despite the command "O4 - HKCU\..\Run: [Does Readme] C:\DOCUME~1\Dominic\APPLIC~1\ANTICL~1\Datebikelive.exe" still existing, the folder "ANTICLOCK" doesn't exist, I am positive of this, no search bar or any pop-ups have been appearing so, I think that the "O4..." command will always exist but it's invalid, it tries to run something that doesn't exist.

Therefore, NEARLY ALL LOP is gone! YAY!

My computer is much faster and lags less on counter strike :)

Therefore, i think i don't need any more help.

You've done a really great job and explained it in words that a reasonably clever 12 yr old (me) can understand.

Thanks again :)
Dominic

Edited by Dominicc2003, 17 August 2005 - 02:40 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP