1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware keeps reappearing...

Discussion in 'Virus & Other Malware Removal' started by No Ledge, Jul 10, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. No Ledge

    No Ledge Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    12
    I don't know why but my laptop was suddenly hit with some spyware and along with it came a few others. Now Ad-Aware and Windows Defender pick it up and delete it, but after a while it comes back again. I tried switching off System Restore but my laptop's still running extremely slow. I desperately need it, as it's the core of my studio, so i don't want to wipe the hard drive or anything.

    Can anyone please help me?

    Peace
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. No Ledge

    No Ledge Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    12
    ^Thanks. I'll do that now(or ASAP) will probably take a while to do it
     
  4. No Ledge

    No Ledge Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    12
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:42:07, on 11/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\kbcnvmot.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...I3KzlSwxu0fm0ufl/ooHkLNtMZKAb2dTAR+b4cyz9rTyQ
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    R3 - URLSearchHook: (no name) - - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Fifa Soccer 06 crack.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CTHotKeys] "C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" -STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\omnmfxwg.dll",realset
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\KAAMIL~1\APPLIC~1\WNSXS~1\cmd.exe" -vt ndrv
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kastrosspace.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128613867483
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\kbcnvmot.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 12800 bytes


    I'm by no means an expert but from looking at it i don't really see anything that's wrong. However, i just realised from looking at that, that qttask means quick time task. I didn't know this before(i know it probably seems obious to you) and what i noticed when going to the task manager is that Qttask uses up most of the computer's cpu, in mnumbers of around 99. If i were to uninstall quick time, would the computer move faster? Is it possible that quick time was infected?

    Anyway, you'll know better than me, so please give your advice :)

    Peace
     
  5. No Ledge

    No Ledge Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    12
    Help anyone?
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Why post 5, it took you 12 hours to reply

    If you have vundofix, remove it and get the current version

    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Please let Vundo finish its thing, sometimes it can take multiple passes
    ====================
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This can take a while!
     
  7. No Ledge

    No Ledge Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    12
    Hi Jack This Log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:24:02, on 12/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...I3KzlSwxu0fm0ufl/ooHkLNtMZKAb2dTAR+b4cyz9rTyQ
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\bvykbveo.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Fifa Soccer 06 crack.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CTHotKeys] "C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" -STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\KAAMIL~1\APPLIC~1\WNSXS~1\cmd.exe" -vt ndrv
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kastrosspace.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128613867483
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: gebbaxx - gebbaxx.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 13572 bytes

    SAS Log
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/12/2007 at 12:20 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 02:02:00

    Memory items scanned : 583
    Memory threats detected : 3
    Registry items scanned : 6447
    Registry threats detected : 64
    File items scanned : 55335
    File threats detected : 107

    Trojan.Mezzia/Resident
    C:\WINDOWS\SYSTEM32\WININD32.DLL
    C:\WINDOWS\SYSTEM32\WININD32.DLL

    Trojan.IBM/Shell
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\IBM00002.DLL
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\IBM00002.DLL
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\IBM00001.DLL

    Trojan.Downloader-NewJuan/VM
    C:\WINDOWS\SYSTEM32\BVYKBVEO.DLL
    C:\WINDOWS\SYSTEM32\BVYKBVEO.DLL

    MyWay Search Assistant Computers
    HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
    HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
    HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
    HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
    HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
    C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL
    HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
    HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
    HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
    HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
    HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
    HKU\S-1-5-21-3307374327-1003148621-1463829088-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

    Unclassified.Unknown Origin
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

    Trojan.IP6FW/Rootkit
    HKLM\System\ControlSet001\Services\Ip6Fw
    C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
    HKLM\System\ControlSet003\Services\Ip6Fw
    HKLM\System\CurrentControlSet\Services\Ip6Fw

    Trojan.Net-K163
    HKLM\System\ControlSet001\Services\NDnet1
    C:\WINDOWS\SYSTEM32\KSYS.SYS
    HKLM\System\ControlSet003\Services\NDnet1
    HKLM\System\CurrentControlSet\Services\NDnet1

    Rootkit.RunTime2
    HKLM\System\ControlSet001\Services\runtime2
    C:\WINDOWS\SYSTEM32\DRIVERS\RUNTIME2.SYS
    HKLM\System\ControlSet003\Services\runtime2
    HKLM\System\CurrentControlSet\Services\runtime2
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\runtime2.sys
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\runtime2.sys

    Trojan.Downloader-Win/GHY
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\winind32

    Adware.Tracking Cookie
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][3].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected]fo[1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Abida Huda\Cookies\abida [email protected][1].txt
    C:\Documents and Settings\Abida Huda\Cookies\abida [email protected][2].txt
    C:\Documents and Settings\Abida Huda\Cookies\abida [email protected][2].txt
    C:\Documents and Settings\Abida Huda\Cookies\abida [email protected][1].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][1].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][2].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][2].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][1].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][2].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][2].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][2].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][2].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][1].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][1].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][1].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][2].txt
    C:\Documents and Settings\Abida Huda\Cookies\[email protected][1].txt
    C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][3].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Cookies\[email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Local Settings\Temp\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Local Settings\Temp\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Local Settings\Temp\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Local Settings\Temp\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Local Settings\Temp\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Local Settings\Temp\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Local Settings\Temp\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Local Settings\Temp\Cookies\kaamil [email protected][2].txt
    C:\Documents and Settings\Kaamil Ahmed\Local Settings\Temp\Cookies\kaamil [email protected][1].txt
    C:\Documents and Settings\Kaamil Ahmed\Local Settings\Temp\Cookies\kaamil [email protected][1].txt

    Adware.MovieLand/MediaPipe
    HKLM\Software\ITBILL
    HKLM\Software\ITBILL#PROV
    HKLM\Software\ITBILL#Product
    HKLM\Software\ITBILL#ProductFamily
    HKLM\Software\ITBILL#TRAFFIC_TYPE
    HKLM\Software\MediaPipe
    HKLM\Software\MediaPipe\Prefs
    HKLM\Software\MediaPipe\Prefs#version
    HKLM\Software\MediaPipe\Prefs#ItBill
    HKLM\Software\MediaPipe\Prefs#ProductFamily
    HKLM\Software\MediaPipe\Prefs#Country
    HKLM\Software\MediaPipe\Prefs#Provider
    HKLM\Software\MediaPipe\Prefs#TRAFFIC_COUNTRY
    HKLM\Software\MediaPipe\Prefs#TRAFFIC_PROGRAM
    HKLM\Software\MediaPipe\Prefs#TRAFFIC_SOURCE
    HKLM\Software\MediaPipe\Prefs#TRAFFIC_SUBSOURCE
    HKLM\Software\MediaPipe\Prefs#JOIN_FORM_ID
    HKLM\Software\MediaPipe\Prefs\ItBill
    HKLM\Software\MediaPipe\Prefs\ItBill#Provider
    C:\DOCUMENTS AND SETTINGS\KAAMIL AHMED\LOCAL SETTINGS\TEMP\MPDL.EXE

    Trojan.NetMon/DNSChange
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

    Trojan.Unknown Origin
    HKLM\SOFTWARE\Microsoft\MSSMGR
    HKLM\SOFTWARE\Microsoft\MSSMGR#Data
    HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
    HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#PID
    HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
    HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
    C:\DOCUMENTS AND SETTINGS\KAAMIL AHMED\3.TMP
    C:\DOCUMENTS AND SETTINGS\KAAMIL AHMED\LOCAL SETTINGS\TEMP\WIN5C.TMP.EXE~
    C:\WINDOWS\QWRTAW4\KQLQUQB.VBS
    C:\WINDOWS\SYSTEM32\WTSICOMSV.EXE
    C:\WINDOWS\TEMP\WINE6.TMP.EXE

    Adware.Elite Media
    C:\WINDOWS\etb\etb.ini
    C:\WINDOWS\etb

    Adware.ClickSpring/Outer Info Network
    C:\Program Files\Outerinfo\Terms.rtf
    C:\Program Files\Outerinfo
    C:\Documents and Settings\Kaamil Ahmed\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\Kaamil Ahmed\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Kaamil Ahmed\Start Menu\Programs\Outerinfo

    Trojan.Rootkit-TnCore
    C:\WINDOWS\SYSTEM32\DRIVERS\CORE.SYS

    Unclassified.System Live Protect
    C:\WINDOWS\SYSTEM32\LIVEPROTECTSETUP.EXE

    Trojan.Downloader-Gen/Win
    C:\WINDOWS\SYSTEM32\SVCP.CSV

    Trojan.Downloader-Gen
    C:\WINDOWS\SYSTEM32\WINSUB.XML

    Trojan.Downloader-SVCHost/Fake
    C:\WINDOWS\TEMP\WINED.TMP.EXE

    Trojan.Downloader-Gen/Inst2
    C:\WINDOWS\TEMP\WINEF.TMP.EXE

    Vundo Log

    VundoFix V6.5.4

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 09:55:56 12/07/2007

    Listing files found while scanning....

    C:\windows\system32\atlhxmej.dll
    C:\windows\system32\ddcbxus.dll
    C:\windows\system32\fccyaxu.dll
    C:\windows\system32\fpfrvqmw.ini
    C:\WINDOWS\system32\gebbaxx.dll
    C:\windows\system32\gtvvgdvt.exe
    C:\windows\system32\gwxfmnmo.ini
    C:\windows\system32\omnmfxwg.dll
    C:\windows\system32\onqltlgy.ini
    C:\windows\system32\ppqss.bak1
    C:\windows\system32\ppqss.bak2
    C:\windows\system32\ppqss.ini
    C:\windows\system32\ppqss.ini2
    C:\windows\system32\ppqss.tmp
    C:\windows\system32\rbhqjowv.ini
    C:\windows\system32\ssqpp.dll
    C:\WINDOWS\system32\vwojqhbr.dll
    C:\windows\system32\wmqvrfpf.dll
    C:\windows\system32\ygltlqno.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\atlhxmej.dll
    C:\windows\system32\atlhxmej.dll Has been deleted!

    Attempting to delete C:\windows\system32\ddcbxus.dll
    C:\windows\system32\ddcbxus.dll Has been deleted!

    Attempting to delete C:\windows\system32\fccyaxu.dll
    C:\windows\system32\fccyaxu.dll Has been deleted!

    Attempting to delete C:\windows\system32\fpfrvqmw.ini
    C:\windows\system32\fpfrvqmw.ini Has been deleted!

    Attempting to delete C:\windows\system32\gtvvgdvt.exe
    C:\windows\system32\gtvvgdvt.exe Has been deleted!

    Attempting to delete C:\windows\system32\gwxfmnmo.ini
    C:\windows\system32\gwxfmnmo.ini Has been deleted!

    Attempting to delete C:\windows\system32\omnmfxwg.dll
    C:\windows\system32\omnmfxwg.dll Has been deleted!

    Attempting to delete C:\windows\system32\onqltlgy.ini
    C:\windows\system32\onqltlgy.ini Has been deleted!

    Attempting to delete C:\windows\system32\ppqss.bak1
    C:\windows\system32\ppqss.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\ppqss.bak2
    C:\windows\system32\ppqss.bak2 Has been deleted!

    Attempting to delete C:\windows\system32\ppqss.ini
    C:\windows\system32\ppqss.ini Has been deleted!

    Attempting to delete C:\windows\system32\ppqss.ini2
    C:\windows\system32\ppqss.ini2 Has been deleted!

    Attempting to delete C:\windows\system32\ppqss.tmp
    C:\windows\system32\ppqss.tmp Has been deleted!

    Attempting to delete C:\windows\system32\rbhqjowv.ini
    C:\windows\system32\rbhqjowv.ini Has been deleted!

    Attempting to delete C:\windows\system32\ssqpp.dll
    C:\windows\system32\ssqpp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vwojqhbr.dll
    C:\WINDOWS\system32\vwojqhbr.dll Has been deleted!

    Attempting to delete C:\windows\system32\wmqvrfpf.dll
    C:\windows\system32\wmqvrfpf.dll Has been deleted!

    Attempting to delete C:\windows\system32\ygltlqno.dll
    C:\windows\system32\ygltlqno.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    --------------------------

    Thanks, for the help. Windows defender still picks up something called Trojan:Win32/Fotomoto.A It deletes it but then picks it up again within seconds. It says where the file is but when i look for the file it's not there.
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Does this entry tell you anything about using P2P - remove all P2P programs

    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Fifa Soccer 06 crack.exe
    ===================
    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    ==================

    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...TAR+b4cyz9rTyQ

    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\bvykbveo.dll (file missing)

    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Fifa Soccer 06 crack.exe

    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe

    O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\KAAMIL~1\APPLIC~1\WNSXS~1\cmd.exe" -vt ndrv

    O20 - Winlogon Notify: gebbaxx - gebbaxx.dll (file missing)

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\Temp\startdrv.exe
    C:\WINDOWS\system32\Fifa Soccer 06 crack.exe


    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/594151

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice