Hi. I am a complete novice when it comes to do with anything computer related but someone recommended this forum.
I think I must have a problem with my computer as it takes forever to turn on, shut down, switch web pages etc and sometimes it just freezes. It usually makes a noise like a video fast forwarding (is this normal).
Any suggestions (other than physical violence to the thing - however tempting!) would be very gratefully received.

I have downloaded HijackThis and saved the log

Logfile of HijackThis v1.99.1
Scan saved at 17:17:42, on 09/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\winhlp.exe
C:\Windows\mscsvc.exe
C:\Windows\osrwin32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin Net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wpds.exe] C:\Windows\system32\doriot.exe
O4 - HKLM\..\Run: [winshost.exe] C:\Windows\system32\winshost.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [winhlp.exe] C:\Windows\winhlp.exe
O4 - HKLM\..\Run: [mscsvc.exe] C:\Windows\mscsvc.exe
O4 - HKLM\..\Run: [windhost.exe] C:\Windows\osrwin32.exe
O4 - HKLM\..\Run: [sm] C:\Windows\sm_exe.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [firewall_anti] C:\Windows\firewall_anti.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [wpds.exe] C:\Windows\system32\doriot.exe
O4 - HKCU\..\Run: [winshost.exe] C:\Windows\system32\winshost.exe
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - http://webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125154514088
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt03.com/dialer/internazionale_ver4.CAB
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1131287A-98BC-406A-ABEE-0EA656B7F46B}: NameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{1131287A-98BC-406A-ABEE-0EA656B7F46B}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe

Hello

Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
O4 - HKLM\..\Run: [wpds.exe] C:\Windows\system32\doriot.exe
O4 - HKLM\..\Run: [winshost.exe] C:\Windows\system32\winshost.exe
O4 - HKLM\..\Run: [winhlp.exe] C:\Windows\winhlp.exe
O4 - HKLM\..\Run: [mscsvc.exe] C:\Windows\mscsvc.exe
O4 - HKLM\..\Run: [windhost.exe] C:\Windows\osrwin32.exe
O4 - HKLM\..\Run: [sm] C:\Windows\sm_exe.exe
O4 - HKLM\..\Run: [firewall_anti] C:\Windows\firewall_anti.exe
O4 - HKCU\..\Run: [wpds.exe] C:\Windows\system32\doriot.exe
O4 - HKCU\..\Run: [winshost.exe] C:\Windows\system32\winshost.exe
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binarie...ia32_EN_XP.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt03.com/dialer/internazionale_ver4.CAB
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Install atleast a free anti virus program, update the do a full system scan...
Dont make the common mistake of installing more than one.
AVG Anti-Virus-Free: http://www.grisoft.com/us/us_dwnl_free.php
AntiVir Personal Edition: http://www.free-av.com/
avast! 4 Home - Free antivirus software :
http://www.asw.cz/eng/free_virus_protectio.html

Only after that:
Post a fresh hijackthis log please, be sure to mention any current problems.

LonnyRJones - thank you so much for your help.

Regarding the anti virus programs you mentioned, is it ok to install one of these (any one you prefer?) as well as having spybot s&d and Ad-Aware SE Personal installed?

AVG is what Ive been using, yes SpyBot ,Ad-aware and a anti-virus (later a firewall) are essential.

Hi. I have installed and run AVG but it says I still have 45 infections which it seems it cannot remove (most seem to be a worm - bagle).

Thanks again for your help and advice. Here is the last HijackThis log I just did:

Logfile of HijackThis v1.99.1
Scan saved at 14:08:45, on 11/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin Net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - http://webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125154514088
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4667/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1131287A-98BC-406A-ABEE-0EA656B7F46B}: NameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{1131287A-98BC-406A-ABEE-0EA656B7F46B}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe

Hi

Where are the files is cannot delete and what are the names of them ?

My next suggestion is to run avg while in safe mode, do a full scan.
provided it is updated.

Click here if needed (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx) For instructions.

How is it going Adson.

Hi. Sorry for the delay in replying, I've been away from home for the last week.

I still seem to have the problems unfortunately. Here is a copy of the AVG file I have just done in safe mode:



Partition table (MBR) Reading error Error
Boot sector of disk C: Reading error Error
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned
System registry exefile\shell\open\command Scanned
System registry scrfile\shell\open\command Scanned
System registry scrfile\shell\config\command Scanned
System registry batfile\shell\open\command Scanned
System registry cmdfile\shell\open\command Scanned
System registry comfile\shell\open\command Scanned
System registry piffile\shell\open\command Scanned
System registry giffile\shell\open\command Scanned
System registry htmlfile\shell\open\command Scanned
System registry htafile\shell\open\command Scanned
System registry jpegfile\shell\open\command Scanned
System registry txtfile\shell\open\command Scanned
System registry regfile\shell\open\command Scanned
System registry cplfile\shell\cplopen\command Scanned
System registry Word.Document.8\shell\open\command Scanned
System registry WordPad.Document.1\shell\open\command Scanned
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe ok Quick checked
C:\Program Files\Common Files\Real\Update_OB\realsched.exe ok Quick checked
C:\Program Files\Internet Explorer\iexplore.exe ok Quick checked
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE ok Quick checked
C:\Program Files\QuickTime\qttask.exe ok Quick checked
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ok Quick checked
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe ok Quick checked
C:\WINDOWS\System32\mshta.exe ok Quick checked
C:\Windows\Cpqdiag\CPQDFWAG.EXE ok Quick checked
C:\Windows\regedit.exe ok Quick checked
C:\Windows\system32\ctfmon.exe ok Quick checked
C:\Windows\system32\rundll32.exe ok Quick checked
C:\Windows\system32\shell32.dll ok Quick checked
C:\Windows\system32\shimgvw.dll ok Quick checked
C:\Windows\system32\kernel32.dll ok Quick checked
C:\Windows\system32\wsock32.dll ok Quick checked
C:\Windows\system32\user32.dll ok Quick checked
C:\Windows\system32\shell32.dll ok Quick checked
C:\Windows\system32\ntoskrnl.exe ok Quick checked
C:\Windows\system32\drivers\etc\hosts ok Quick checked
C:\Documents and Settings\Adson Santos\Local Settings\Application Data\IM\Identities\{8523498E-0BA4-4D82-AC6E-0FB9F57D9289}\Message Store\Attachments\price2.zip:\Loader\doc_01.exe Virus identified I-Worm/Bagle.BK Infected, Embedded object
C:\Documents and Settings\Adson Santos\Local Settings\Application Data\IM\Identities\{8523498E-0BA4-4D82-AC6E-0FB9F57D9289}\Message Store\Attachments\price2.zip Virus identified I-Worm/Bagle.BK Infected, Archive
C:\Documents and Settings\Adson Santos\Local Settings\Application Data\IM\Identities\{8523498E-0BA4-4D82-AC6E-0FB9F57D9289}\Message Store\Attachments\price_new.zip:\Loader\doc_01.exe Virus identified I-Worm/Bagle.BK Infected, Embedded object
C:\Documents and Settings\Adson Santos\Local Settings\Application Data\IM\Identities\{8523498E-0BA4-4D82-AC6E-0FB9F57D9289}\Message Store\Attachments\price_new.zip Virus identified I-Worm/Bagle.BK Infected, Archive
C:\WINDOWS\1126039.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\1142202.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\1144165.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\1235857.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\1284366.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\1319897.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\1330372.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\1504423.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\1678713.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\1715556.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\23919955.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\24403710.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\24706556.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\251411.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\26418607.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\3801205.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\438911.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\50397828.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\504595.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\550141.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\550842.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\634662.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\716229.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\722518.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\759421.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\803144.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\820359.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\827229.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\842601.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\849331.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\849811.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\868448.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\927824.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\937798.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\940862.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\948293.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\949335.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\964326.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\994540.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\system32\winb2.exe Virus found I-Worm/Bagle Infected
C:\WINDOWS\system32\wind2ll2.exe Virus found I-Worm/Bagle Infected
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned
System registry exefile\shell\open\command Scanned
System registry scrfile\shell\open\command Scanned
System registry scrfile\shell\config\command Scanned
System registry batfile\shell\open\command Scanned
System registry cmdfile\shell\open\command Scanned
System registry comfile\shell\open\command Scanned
System registry piffile\shell\open\command Scanned
System registry giffile\shell\open\command Scanned
System registry htmlfile\shell\open\command Scanned
System registry htafile\shell\open\command Scanned
System registry jpegfile\shell\open\command Scanned
System registry txtfile\shell\open\command Scanned
System registry regfile\shell\open\command Scanned
System registry cplfile\shell\cplopen\command Scanned
System registry Word.Document.8\shell\open\command Scanned
System registry WordPad.Document.1\shell\open\command Scanned
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe ok Quick checked
C:\Program Files\Common Files\Real\Update_OB\realsched.exe ok Quick checked
C:\Program Files\Internet Explorer\iexplore.exe ok Quick checked
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE ok Quick checked
C:\Program Files\QuickTime\qttask.exe ok Quick checked
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ok Quick checked
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe ok Quick checked
C:\WINDOWS\System32\mshta.exe ok Quick checked
C:\Windows\Cpqdiag\CPQDFWAG.EXE ok Quick checked
C:\Windows\regedit.exe ok Quick checked
C:\Windows\system32\ctfmon.exe ok Quick checked
C:\Windows\system32\rundll32.exe ok Quick checked
C:\Windows\system32\shell32.dll ok Quick checked
C:\Windows\system32\shimgvw.dll ok Quick checked

Hi
I suggest you run both of these tools after deleting all stored email's in outlook
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle@mm.removal.tool.html

Stinger: http://vil.nai.com/vil/stinger/

Adson are we done here?

I will try those out and let you know what happens. Thanks

I've run these programs and then done another AVG scan which is still coming up with 43 viruses (all I-worm Bagle). I have repeated this several times but the 43 viruses are always there.
Also, now when I run a Spybot scan I keep getting lots (43 I suppose) of warnings from AVG Resident Shield saying VIRUS DETECTED! and gives me the option of deleting the files or moving them to vault but also warns that doing so could mean the operating system may not work properly. What should I do?

Hi
Did either of those tools find bagle or anything for that matter ?
Did you delete all stored email's in outlook ?

This might show us a hidden run, Go start run and past this bolded line in and hit ok or press enter
Start /min Hijackthis.exe /autolog

another hiajckthis log will open, post it please

Yes, I deleted the messages from Outlook.

I pasted the link into the run box but when i pressed start it said it could not find Start.

Should I just do another hijack this scan?

My mistake

Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.


Start /min Hijackthis.exe /autolog

Run check.bat and post that hjt log

Ok thanks, I did that and here are the results

Logfile of HijackThis v1.99.1
Scan saved at 22:47:31, on 25/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Windows\explorer.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin Net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [logon.exe] C:\Windows\System32\logon.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - http://webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125154514088
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4667/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe

Oh, and if it is of any use, this is the latest Stinger scan

McAfee AVERT Stinger Version 2.5.9 built on Nov 22 2005

Copyright (C) 2005 Networks Associates Technology, Inc. All Rights Reserved.

Virus data file v1000 created on Nov 22 2005.

Ready to scan for 54 viruses, trojans and variants.



Scan initiated on Wed Jan 25 20:13:51 2006

C:\Documents and Settings\Adson Santos\Local Settings\Application Data\IM\Identities\{8523498E-0BA4-4D82-AC6E-0FB9F57D9289}\Message Store\Attachments\price2.zip\DOC_01.EXE

Found the W32/Bagle.dldr.gen virus !!!

C:\Documents and Settings\Adson Santos\Local Settings\Application Data\IM\Identities\{8523498E-0BA4-4D82-AC6E-0FB9F57D9289}\Message Store\Attachments\price2.zip could not be repaired.

C:\Documents and Settings\Adson Santos\Local Settings\Application Data\IM\Identities\{8523498E-0BA4-4D82-AC6E-0FB9F57D9289}\Message Store\Attachments\price_new.zip\DOC_01.EXE

Found the W32/Bagle.dldr.gen virus !!!

C:\Documents and Settings\Adson Santos\Local Settings\Application Data\IM\Identities\{8523498E-0BA4-4D82-AC6E-0FB9F57D9289}\Message Store\Attachments\price_new.zip could not be repaired.

Number of clean files: 148120

Number of infected files: 2

Hi

That HJT log didnt show what i expected, thats a good thing.

Can you delete the contents of that attachments folder manualy ?
In order to get there first Reconfigure Windows XP to show hidden files/extension's:
Open any folder, Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Apply to confirm. Click OK.
=============================
Where are the items AVG is still seeing ?

Hi

I've followed your instructions on the hidden files/extensions.

What do I have to do to delete the contents of that attachments folder manually ?

Sorry, what do you mean where are the items AVG is still seeing? Should I do another AVG scan and post it?

Hi

Navigate there using an explorer folder, an easy way is to copy the bolded line below
C:\Docume~1\Adson Santos\Locals~1\Applic~1\IM\Identities\{8523498E-0BA4-4D82-AC6E-0FB9F57D9289}\Message Store\Attachments

Go start run then paste that in and hit enter once there delete the entire contents of that attachments folder

Panda provides a good report

Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Save the report and post it back here please if there are any that it is unable to deal with.

Hi. I deleted everything from the attachments folder and the did the Panda ActiveScan as you suggested. Here ae the results:

Incident Status Location Adware:adware/gator Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\bundle.inf
Adware:adware/sahagent Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\bundletracking.asp
Adware:adware/msview Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\MSView.inf
Adware:adware/p2pnetworking Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\p2psetup.exe
Spyware:spyware/whazit Not disinfected C:\WINDOWS\SYSTEM32\cards.ico
Adware:adware/ezula Not disinfected C:\WINDOWS\SYSTEM32\ezStubi.dll
Dialer:dialer.b Not disinfected C:\WINDOWS\SYSTEM32\mseggrpid.dll
Adware:adware/igetnet Not disinfected C:\WINDOWS\SYSTEM32\NLNP!3.exe
Adware:adware/ist.istbar Not disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM32\FLEOK
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Adware:Adware/IGetNet Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\BHO001.DLL.dat
Adware:Adware/MSView Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\MSView.inf
Adware:Adware/P2PNetworking Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\p2psetup.exe
Adware:Adware/IGetNet Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\RSP001.DLL.dat
Virus:Trj/Downloader.L Disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\susp.inf
Virus:Trj/SubSearch.I Disinfected C:\Documents and Settings\All Users\Application Data\IEService\IEService.dll
Virus:Trj/SubSearch.I Disinfected C:\Documents and Settings\All Users\Application Data\IEService\IEService.exe
Dialer:Dialer.XS Not disinfected C:\Program Files\Common Files\Totem Shared\Update\DialerOffline.dll.010
Dialer:Dialer.OK Not disinfected C:\Program Files\Hijackthis\backups\backup-20060111-010101-637.inf
Virus:Trj/Mitglieder.BO Disinfected C:\RECYCLER\S-1-5-21-3088433937-1417818515-3399203189-1004\Dc153.zip[doc_01.exe]
Virus:Trj/Mitglieder.BO Disinfected C:\RECYCLER\S-1-5-21-3088433937-1417818515-3399203189-1004\Dc154.zip[doc_01.exe]
Virus:Trj/Downloader.L Disinfected C:\WINDOWS\inf\susp.inf
Virus:Trj/SubSearch.I Disinfected C:\WINDOWS\system\IEService.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\Agent.dll
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@offeroptimizer[1].txt
Virus:Trj/Downloader.CHU Disinfected C:\WINDOWS\system32\ctbv2.dll
Adware:Adware/eZula Not disinfected C:\WINDOWS\system32\ezStubi.dll
Adware:Adware/SaveNow Not disinfected C:\WINDOWS\system32\Freeze.dll
Adware:Adware/IGetNet Not disinfected C:\WINDOWS\system32\NLNP!3.exe
Adware:Adware/IGetNet Not disinfected C:\WINDOWS\system32\NLNP13.dll
Adware:Adware/MSView Not disinfected C:\WINDOWS\system32\nostalgia.dll
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\SHAgent.dll
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\system32\UKVideo2-uninstall.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\xmltok.dll

Hi

Download System Security Suite.
http://www.igorshpak.net/
If that site is unavailable use this link please
http://forums.subratam.org/index.php?act=Attach&type=post&id=25013
Extract it from the zip file and run setup.exe
after the install you can delete setup.exe and the downloaded zip file
Start the program Check all the boxes under the 'Items to Clear' tab and click
'Clear Selected Items'. You will be prompted to reboot, do so.

Then manualy delete these files and folders
C:\Documents and Settings\All Users\Application Data\IEService
C:\Program Files\Common Files\Totem Shared
C:\WINDOWS\SYSTEM32\cards.ico
C:\WINDOWS\SYSTEM32\ezStubi.dll
C:\WINDOWS\SYSTEM32\mseggrpid.dll
C:\WINDOWS\SYSTEM32\NLNP!3.exe
C:\WINDOWS\system32\ezStubi.dll
C:\WINDOWS\system32\Freeze.dll
C:\WINDOWS\system32\NLNP!3.exe
C:\WINDOWS\system32\NLNP13.dll
C:\WINDOWS\system32\nostalgia.dll
C:\WINDOWS\system32\SHAgent.dll
C:\WINDOWS\system32\UKVideo2-uninstall.exe
C:\WINDOWS\system32\xmltok.dll

How did that go ?

Hi,

I did that and then did a Panda scan which said I had 27 adware and 2 diallers (but no viruses...yipee!). I wanted to save the log to post here but could not work out how do do that (there was no option given at the end of the scan nor when right clicking).

Do you suggest anything else?

Many thanks.

Are there any current problems ?

The Panda Activescan says I still have 23 spyware and 2 diallers. Do you know how I can get rid of these?? I tried Spybot S&D abd Ad-Aware Se Personal but they do not show any spyware (neither does AVG).

Here is the result of the Panda activescan:

Incident Status Location

Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM32\Agent.dll
Spyware:spyware/whazit Not disinfected C:\WINDOWS\SYSTEM32\fiz1
Adware:adware/ist.istbar Not disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM32\FLEOK
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@ad.yieldmanager[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@ad.yieldmanager[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Dialer:Dialer.OK Not disinfected C:\Program Files\Hijackthis\backups\backup-20060111-010101-637.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\Agent.dll
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@offeroptimizer[1].txt

Hi

Can you manualy delete these items ?
C:\WINDOWS\SYSTEM32\Agent.dll
C:\WINDOWS\SYSTEM32\fiz1
C:\PROGRAM FILES\COMMON FILES\Totem Shared < folder
C:\WINDOWS\SYSTEM32\FLEOK

Thanks. I've done that.

I noticed in the activescan that there were lots of cookies listed. Should I delete all cookies?

Thanks for all your help.

Hi.

I've just done another Panda scan and it is still saying I have 22 spyware and 2 diallers. Here is the log file

Incident Status Location

Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM32\sahagent1001.exe
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@ad.yieldmanager[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@ad.yieldmanager[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Dialer:Dialer.OK Not disinfected C:\Program Files\Hijackthis\backups\backup-20060111-010101-637.inf
Adware:Adware/SAHAgent Not disinfected C:\RECYCLER\S-1-5-21-3088433937-1417818515-3399203189-1004\Dc5.dll
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@offeroptimizer[1].txt

Hi

C:\WINDOWS\SYSTEM32\sahagent1001.exe < delete that file

Clear Internet Explorers's cache
1. In Control Panel, open Internet Options.
2. Click the General tab, and then under Temporary Internet files, click Delete Files.
3. In the Delete Files dialog box, click to select the Delete all offline content check box.
4. wait for the hourglass to disapear
optional , use the delete cookies button
5. Click OK.

Let use know of any problems

Not to worry about the other items in the panda scan unless new files show, other that cookies

Hi Lonny,

Thanks for all your help - my computer is now virus free and down from 23 malware to just 3 and 2 dialers.

I see that sahagent keeps popping up its ugly head! Do I need to worry about these last few problems or is there away to get rid of them?

Here is the latest panda activescan:

ncident Status Location

Adware:adware/sahagent Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\lsp_.dll
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
Dialer:Dialer.OK Not disinfected C:\Program Files\Hijackthis\backups\backup-20060111-010101-637.inf
Spyware:Cookie/OfferOptimizer

Download "Registry Search Tool" (RegSrch.vbs) from here
http://www.billsway.com/vbspage/
start it and paste in

66BD1BD0-3655-42E4-8CE9-16D3613B0B25

hit ok, wait, then when wordpad opens copy that back here please
Note: Your antivirus script protection might interfear, its safe, please allow it to run.
do the same for
sahagent

What filesharring programs do you have installed ?

; Registry search results for string "66BD1BD0-3655-42E4-8CE9-16D3613B0B25" 01/02/2006 17:56:37

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\ProxyStubClsid]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\TypeLib]

How do I do the same thing for sahagent - do I just paste in the name sahagent of is there a string of code to use? I tried by just putting the word sahagent and it said there were no instances of it.

How can I find out what file sharing programs are installed on my computer? I use Real Player almost everyday to watch television programs (is that a file sharing program). :confused: Sorry for my ignorance :o

; Registry search results for string "66BD1BD0-3655-42E4-8CE9-16D3613B0B25" 01/02/2006 17:56:37

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\ProxyStubClsid]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\TypeLib]

How do I do the same thing for sahagent - do I just paste in the name sahagent of is there a string of code to use? I tried by just putting the word sahagent and it said there were no instances of it.

How can I find out what file sharing programs are installed on my computer? I use Real Player almost everyday to watch television programs (is that a file sharing program?) :confused: Sorry for my ignorance :o

Hi

Lets swicth gears and install Ewido
Please download Ewido AntiMalware it is a free version of the program.
Install Ewido AntiMalware
http://www.ewido.net/en/download/
Launch Ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful")
Note: Your firewall may say "Antimalware wants to access the internet" It may not say Ewido.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates
http://www.ewido.net/en/download/updates/
When the trial runs out you can continue to use the program but without its resident protection.

Click on scanner.
Click on Complete System Scan and the scan will begin.
If Ewido finds anything, it will pop up a notification. You can select "remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Ewido automatically saves the report here on every scan:
(default program installation folder)
C:\Program Files\ewido\security suite\Reports
Now close Ewido AntiMalware and post that report

Hi Lonny,
I downloaded Ewido but am having problems running it as the scan finds 9 problems, getting through 18.2% of the scan and does not progress any further. I have tried running it several times and even left it running overnight but the same thing always happens. I have also noticed that since downloading Ewido my computer has become much slower and very noisy (the fan is constantly on). Any suggestions?

Hi. I've noticed something in called Thumbs.db in MyPictures that I had not seen before. I've deleted it (it says its a system file) but it always reappears somewhere else. Any idea what this is and if it is something malicious?
Thanks, Adson.

Hi
Thumbs.db and other odd looking files become visible when you set windows to show hidden files foles and extension's, leave them alone.

Try running Ewido while in safe mode, Run SpyBot then ad-aware and finaly your antivirus programs to while there (one at a time)

Reboot into safe mode
Click Start, click Run, type msconfig in the Open box, and then click OK.
click the boot.ini tab > Tick [X]/Safeboot, apply > OK and restart windows.


runs those scans one at a time

Restart back to normal By unchecking [ ]/safeboot in msconfig
hit apply then OK and let windows restart
When windows has restarted place a check in the
[X] dont show this message or launch the system configurations utlity when windows starts.

Still with us Adson?

This topic will now be archived to prevent others with similar issues posting in it.

Re-opened upon request, Lonny pmed.

Hi. I am still having problems. Even in safe mode ewido will only run to 18.3% and then stops.

Can you post another avg log, like this one
http://forums.spybot.info/showpost.php?p=8373&postcount=8
We only need to see infected files though

Hi, there are no infections showing on the AVG scan but the panda activescan shows 21 spyware and 1 dialer:

Incident Status Location

Adware:adware/sahagent Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\lsp_.dll
Adware:adware/fastfind Not disinfected Windows Registry
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@anm.co[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@belnk[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@clickbank[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@cs.sexcounter[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@dist.belnk[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@ig.com[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@outster[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@anm.co[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@belnk[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@clickbank[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@cs.sexcounter[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@dist.belnk[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@ig.com[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@outster[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[1].txt
Dialer:Dialer.OK Not disinfected C:\Program Files\Hijackthis\backups\backup-20060111-010101-637.inf
Spyware:Cookie/OfferOptimizer

Run it click >"config" then "misc tools" >"delete file on reboot"
(exact spelling counts!!! so dont browse to the file)
Copy/Paste these into the File name box then click Open,
C:\WINDOWS\DOWNLOADED PROGRAM FILES\lsp_.dll
answer yes to the prompt to reboot the pc.

Does ewido show an error ? if so quote it for us
Is ewido the only problem ?

Hi, when you say run it do you mean avg or ewido? Thanks

Sorry, run hijackthis

Hi. There is no error message on ewido, it appears to be running but the progress bar stops at 18.1% even after leaving it running like this overnight.

I did as you suggested and here is the hijackthis log that I just run after it rebooted:

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin Net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [logon.exe] C:\Windows\System32\logon.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - http://webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125154514088
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4667/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Scan with hijackthis place a check next to >
O4 - HKLM\..\RunServices: [logon.exe] C:\Windows\System32\logon.exe
hit fix checked and restart your PC
Manualy delete C:\Windows\System32\logon.exe
Make & Post another log after using the pc for a few hours

Hi. I could not manually delete C:\windows\system32\logon.exe as I couldn't find it.

Here is the hijackthis log:

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin Net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - http://webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125154514088
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4667/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Hi
Are there any current problems ?

Hi
Are there any current problems ?
Adson? This has been a long topic, it would be nice to know if everything is running alright. :)

This topic will now be archived.

Thank you Lonny.