PDA

View Full Version : CoolWeb Dialer - HJT log



Illusion
2006-08-10, 20:26
Hey everyone, I have been trying all day to remove a dialer I have got but now I'm at my last resorts really.

It creates a network connection named CoolWeb everytime I turn my computer on, with a number of 0.

I've ran Spybot SaD in safe mode and I deleted everything, and that didn't change anything.

And the connection just keeps on trying to connect to the net, every 10 mins I hear my modem (64k, unplugged) clicking, trying to connect.

I've tried many spyware etc removal tools, and online tools also, but that changed nothing.

Here are my log files:

Logfile of HijackThis v1.99.1
Scan saved at 18:17:06, on 10/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\{04045A93-0A6C-2057-0622-05071604002c}\Update.exe
C:\WINDOWS\system32\SMANTE~1\RGEDIT~1.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\slrundll.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Qkbe] C:\WINDOWS\system32\SMANTE~1\RGEDIT~1.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\chkdsk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Hopefully I can get this sorted

Illusion
2006-08-10, 20:27
I can't edit, but I forgot to mention that I deleted the cool.exe file from /system32 folder but that also changed nothing.

LonnyRJones
2006-08-16, 02:57
Welcome to the forum Illusion

It appears you don't use an onboard antivirus program, why is that ?

Its been a few days post back with a new hijackthis log.

Illusion
2006-08-17, 19:23
I have installed and kept many AV programs, I just couldn't keep any open at that time because my computer was slowing down too much thanks to all the removal programs I have apparently protecting my computer :(

LonnyRJones
2006-08-18, 02:43
Never have more than one antivirus program installed and leave it running all the time.

And that fresh log ?

Illusion
2006-08-18, 12:00
Logfile of HijackThis v1.99.1
Scan saved at 09:56:27, on 18/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\slrundll.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

LonnyRJones
2006-08-18, 16:14
Start Hijackthis and place a check next to these items If there.
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O20 - AppInit_DLLs:

====================================
Hit fix checked and close Hijackthis. (disregard the hijackthis backup error)

Manualy delete these folders and files
C:\Program Files\Common Files\{04045A93-0A6C-2057-0622-05071604002c}
C:\WINDOWS\system32\SYMANTEC
C:\WINDOWS\system32\cool.exe
C:\WINDOWS\system32\chkdsk.dll

Run your Updated antivirus program in safe mode.

Install SpywareBlaster (By JavaCool): http://www.javacoolsoftware.com/spywareblaster.html

Are there any problems now ?

Illusion
2006-08-18, 21:53
OK i've done that and now it seems as if I have more infections.

I keep getting my modem trying to connect to the net from a dialler, but this time not CoolWeb. That's even after I apparently deleted the infected file every time I boot up.

I did AV scan, and it couldn't delete anything, but only quarantine the infected files.

I download the program and that doesn't seem to have done anything either.


Logfile of HijackThis v1.99.1
Scan saved at 19:48:06, on 18/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

LonnyRJones
2006-08-19, 02:52
Fix these items using Hijackthis
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab (http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab)
O20 - AppInit_DLLs:
=========================================

Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

Illusion
2006-08-19, 12:43
Luca - 06-08-19 10:32:52.17
ComboFix 06.08.18 - Running from: C:\Documents and Settings\Luca

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Y1123OU.exe
C:\Program Files\Common Files\{04045A93-0A6B-2057-0622-05071604002c}
C:\Program Files\Common Files\{04045A93-0A6C-2057-0622-05071604002c}


((((((((((((((((((((((((((((((( Files Created from 2006-07-19 to 2006-08-19 ))))))))))))))))))))))))))))))))))


2006-08-18 18:27 118,784 C:\WINDOWS\system32\MSSTDFMT.DLL
2006-08-17 17:24 274,432 C:\WINDOWS\system32\imon.dll
2006-08-17 12:26 12,820 C:\WINDOWS\system32\ysafyiqt.exe
2006-08-17 12:26 12,308 C:\WINDOWS\system32\iecyfwdw.exe
2006-08-12 01:33 40,973 C:\WINDOWS\system32\fccccde.dll
2006-08-11 14:38 717,095 C:\WINDOWS\system32\jlkkj.bak2
2006-08-10 14:35 267,375 C:\WINDOWS\system32\jlkkj.bak1
2006-08-10 14:34 573,492 C:\WINDOWS\system32\jkklj.dll
2006-08-09 22:08 151,552 C:\WINDOWS\system32\pxwma.dll
2006-08-07 15:22 974,848 C:\WINDOWS\system32\mfc70.dll
2006-08-07 15:22 487,424 C:\WINDOWS\system32\msvcp70.dll
2006-08-07 15:22 237,568 C:\WINDOWS\system32\lame_enc.dll
2006-08-07 15:22 1,700,352 C:\WINDOWS\system32\GdiPlus.dll
2006-08-02 15:25 57,344 C:\WINDOWS\system32\WNASPINT.DLL
2006-08-02 01:19 856,064 C:\WINDOWS\system32\xvidcore.dll
2006-08-02 01:19 579,090 C:\WINDOWS\system32\x264vfw.dll
2006-08-02 01:19 5,120 C:\WINDOWS\system32\ff_vfw.dll
2006-08-02 01:19 217,088 C:\WINDOWS\system32\xvidvfw.dll
2006-08-02 01:19 1,415,680 C:\WINDOWS\system32\WMV9VCM.dll
2006-08-02 01:15 221,184 C:\WINDOWS\system32\wmpns.dll
2006-08-01 17:04 139,536 C:\WINDOWS\system32\javaee.dll
2006-07-31 19:21 109,568 C:\WINDOWS\system32\pxinsi64.exe
2006-07-31 19:21 108,544 C:\WINDOWS\system32\pxcpyi64.exe
2006-07-31 17:18 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-07-31 17:13 117,760 C:\WINDOWS\system32\xmllite.dll
2006-07-31 13:47 1,262,956 C:\WINDOWS\system32\XMNT2001.EXE
2006-07-31 12:56 86,016 C:\WINDOWS\system32\YPcservice.exe
2006-07-31 12:56 155,703 C:\WINDOWS\system32\ypclsp.dll
2006-07-31 12:55 84,992 C:\WINDOWS\system32\ATL70.DLL
2006-07-31 12:55 65,536 C:\WINDOWS\system32\YCRWin32.dll
2006-07-31 12:55 344,064 C:\WINDOWS\system32\msvcr70.dll
2006-07-31 12:55 24,576 C:\WINDOWS\system32\msxml3a.dll
2006-07-31 12:54 947,472 C:\WINDOWS\system32\msjava.dll
2006-07-31 12:54 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-07-31 12:54 49,424 C:\WINDOWS\system32\clspack.exe
2006-07-31 12:54 46,352 C:\WINDOWS\setdebug.exe
2006-07-31 12:54 404,752 C:\WINDOWS\system32\javart.dll
2006-07-31 12:54 313,856 C:\WINDOWS\system32\dx3j.dll
2006-07-31 12:54 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-07-31 12:54 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-07-31 12:54 187,152 C:\WINDOWS\system32\javacypt.dll
2006-07-31 12:54 172,304 C:\WINDOWS\system32\jview.exe
2006-07-31 12:54 171,792 C:\WINDOWS\system32\wjview.exe
2006-07-31 12:54 171,280 C:\WINDOWS\system32\jit.dll
2006-07-31 12:54 154,384 C:\WINDOWS\system32\msawt.dll
2006-07-31 12:54 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-07-31 12:54 113 C:\WINDOWS\system32\zonedon.reg
2006-07-31 12:54 113 C:\WINDOWS\system32\zonedoff.reg
2006-07-19 00:14 520,192 C:\WINDOWS\system32\DivXsm.exe
2006-07-19 00:13 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-07-19 00:13 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-07-19 00:13 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-07-19 00:09 90,112 C:\WINDOWS\system32\dpl100.dll
2006-07-19 00:09 778,240 C:\WINDOWS\system32\divx_xx0c.dll
2006-07-19 00:09 778,240 C:\WINDOWS\system32\divx_xx07.dll
2006-07-19 00:09 761,856 C:\WINDOWS\system32\divx_xx11.dll
2006-07-19 00:09 620,180 C:\WINDOWS\system32\DivX.dll
2006-07-19 00:09 593,920 C:\WINDOWS\system32\dpuGUI11.dll
2006-07-19 00:09 57,344 C:\WINDOWS\system32\dpv11.dll
2006-07-19 00:09 53,248 C:\WINDOWS\system32\dpuGUI10.dll
2006-07-19 00:09 344,064 C:\WINDOWS\system32\dpus11.dll
2006-07-19 00:09 294,912 C:\WINDOWS\system32\dpu11.dll
2006-07-19 00:09 294,912 C:\WINDOWS\system32\dpu10.dll
2006-07-19 00:09 200,704 C:\WINDOWS\system32\dtu100.dll
2006-07-19 00:09 12,288 C:\WINDOWS\system32\DivXWMPExtType.dll
2006-07-19 00:09 118,784 C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-19 10:34 -------- d-------- C:\Program Files\Common Files
2006-08-19 10:12 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-18 18:34 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-18 17:41 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-18 17:37 717095 ---hs---- C:\WINDOWS\system32\jlkkj.bak2
2006-08-17 18:09 -------- d-------- C:\Program Files\vso
2006-08-17 18:06 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-17 18:02 -------- d-------- C:\Program Files\Avi2Dvd
2006-08-17 18:01 -------- d-------- C:\Documents and Settings\Luca\Application Data\Vso
2006-08-17 17:55 -------- d-------- C:\Program Files\ESET
2006-08-17 17:23 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-08-17 17:23 274432 --a------ C:\WINDOWS\system32\imon.dll
2006-08-17 16:21 -------- d-------- C:\Documents and Settings\Luca\Application Data\AdobeUM
2006-08-17 12:26 12820 --a------ C:\WINDOWS\system32\ysafyiqt.exe
2006-08-17 12:26 12308 --a------ C:\WINDOWS\system32\iecyfwdw.exe
2006-08-17 00:30 -------- d-------- C:\Documents and Settings\Luca\Application Data\Adobe
2006-08-17 00:23 -------- d-------- C:\Program Files\Adobe
2006-08-17 00:18 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-17 00:11 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-08-13 17:33 -------- d-------- C:\Program Files\Spyware Doctor
2006-08-12 01:33 40973 --------- C:\WINDOWS\system32\fccccde.dll
2006-08-11 20:58 60416 --a------ C:\WINDOWS\system32\drivers\amupdcof.sys
2006-08-11 18:30 -------- d-------- C:\Documents and Settings\Luca\Application Data\PC Tools
2006-08-11 14:03 -------- d-------- C:\Program Files\Lavasoft
2006-08-11 14:03 -------- d-------- C:\Documents and Settings\Luca\Application Data\Lavasoft
2006-08-10 21:58 -------- d-------- C:\Program Files\Windows Defender
2006-08-10 20:46 -------- d-------- C:\Program Files\McAfee
2006-08-10 16:43 -------- d-------- C:\Documents and Settings\Luca\Application Data\CopyToDvd
2006-08-10 16:21 -------- d-------- C:\Documents and Settings\Luca\Application Data\Registry Booster
2006-08-10 14:45 -------- d-------- C:\Program Files\Uniblue
2006-08-10 14:35 267375 ---hs---- C:\WINDOWS\system32\jlkkj.bak1
2006-08-10 14:34 573492 ---hs---- C:\WINDOWS\system32\jkklj.dll
2006-08-10 14:16 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-10 13:57 81920 --a------ C:\Documents and Settings\Luca\Application Data\ezpinst.exe
2006-08-10 13:57 7176 --a------ C:\Documents and Settings\Luca\Application Data\pcouffin.cat
2006-08-10 13:57 47360 --a------ C:\Documents and Settings\Luca\Application Data\pcouffin.sys
2006-08-10 13:57 34 --a------ C:\Documents and Settings\Luca\Application Data\pcouffin.log
2006-08-10 13:57 1144 --a------ C:\Documents and Settings\Luca\Application Data\pcouffin.inf
2006-08-10 00:18 -------- d---s---- C:\Documents and Settings\Luca\Application Data\Microsoft
2006-08-09 22:32 -------- d-------- C:\Documents and Settings\Luca\Application Data\Pegasys Inc
2006-08-08 10:47 -------- d-------- C:\Documents and Settings\Luca\Application Data\Ahead
2006-08-07 01:12 -------- d-------- C:\Program Files\Security Task Manager
2006-08-07 01:02 -------- d-------- C:\Program Files\Windows Media Player
2006-08-07 01:02 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-08-07 01:02 -------- d-------- C:\Program Files\DivX
2006-08-07 01:02 -------- d-------- C:\Program Files\BT Yahoo!
2006-08-06 22:14 -------- d-------- C:\Documents and Settings\Luca\Application Data\CyberLink
2006-08-06 21:44 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-06 21:40 -------- d-------- C:\Program Files\Nero
2006-08-06 19:46 -------- d-------- C:\Program Files\WinAVIVideoConverter
2006-08-04 12:26 -------- d-------- C:\Program Files\WinRAR
2006-08-02 17:30 -------- d-------- C:\Program Files\MSN Messenger
2006-08-02 15:25 57344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2006-08-02 01:20 -------- d-------- C:\Documents and Settings\Luca\Application Data\Media Player Classic
2006-08-02 01:19 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-08-02 01:19 -------- d-------- C:\Documents and Settings\Luca\Application Data\Real
2006-08-01 22:53 -------- d-------- C:\Documents and Settings\Luca\Application Data\Sun
2006-08-01 22:52 -------- d-------- C:\Program Files\Java
2006-08-01 22:50 -------- d-------- C:\Program Files\Common Files\Java
2006-08-01 01:30 -------- d-------- C:\Program Files\Outlook Express
2006-08-01 01:30 -------- d-------- C:\Program Files\Common Files\System
2006-07-31 19:30 -------- d-------- C:\Program Files\PCEye2000
2006-07-31 19:28 -------- d-------- C:\Program Files\Internet Explorer
2006-07-31 17:38 -------- d-------- C:\Program Files\SmartFTP Client 2.0
2006-07-31 17:38 -------- d-------- C:\Documents and Settings\Luca\Application Data\SmartFTP
2006-07-31 17:37 -------- d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files
2006-07-31 14:06 -------- d-------- C:\Program Files\EwisoftWeb
2006-07-31 14:06 -------- d-------- C:\Program Files\DIFX
2006-07-31 14:06 -------- d-------- C:\Program Files\Ahead
2006-07-31 13:47 -------- d-------- C:\Program Files\PowerQuest
2006-07-31 13:46 -------- d-------- C:\Documents and Settings\Luca\Application Data\Mozilla
2006-07-31 13:45 -------- d-------- C:\Documents and Settings\Luca\Application Data\Thunderbird
2006-07-31 13:10 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-31 13:01 -------- d-------- C:\Program Files\Yahoo!
2006-07-31 12:56 -------- d-------- C:\Documents and Settings\Luca\Application Data\Macromedia
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --------- C:\WINDOWS\system32\hlink.dll
2006-07-19 00:14 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-07-19 00:13 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-19 00:13 20640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-07-19 00:13 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-07-19 00:13 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-19 00:13 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-19 00:13 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-07-19 00:09 90112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-07-19 00:09 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-07-19 00:09 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-07-19 00:09 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-07-19 00:09 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-07-19 00:09 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-07-19 00:09 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-07-19 00:09 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-07-19 00:09 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-07-19 00:09 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-07-19 00:09 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-07-19 00:09 200704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-19 00:09 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-07-19 00:09 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-17 17:19 579090 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-07-10 16:38 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-07-10 16:38 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-07-05 20:02 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-06-23 21:31 11648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-06-23 09:28 5512704 --------- C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28 47616 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28 454144 --------- C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28 223744 --a------ C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28 179200 --------- C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28 155648 --a------ C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41 172544 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40 78848 --a------ C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40 40960 --a------ C:\WINDOWS\system32\url.dll
2006-06-23 05:39 99328 --a------ C:\WINDOWS\system32\occache.dll
2006-06-23 05:39 39424 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:34 81920 --a------ C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34 50688 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34 372736 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34 228864 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34 167936 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33 54272 --a------ C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33 41984 --a------ C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33 121856 --a------ C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30 11776 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29 55296 --------- C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27 251392 --------- C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46 377856 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45 48640 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41 172032 --a------ C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18 23552 --------- C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18 20480 --------- C:\WINDOWS\system32\normaliz.dll
2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

Illusion
2006-08-19, 12:43
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDriveAutoRun"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\""
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{5A3E97DD-2A08-48BC-8F43-C0DEABC90266}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Yahoo! Help.lnk]
"backup"="C:\\WINDOWS\\pss\\BT Yahoo! Help.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BTYAHO~1\\Help\\bin\\matcli.exe -boot"
"item"="BT Yahoo! Help"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
"backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\sistray.exe "
"item"="Utility Tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^Luca^Start Menu^Programs^Startup^Mozy Status.lnk]
"backup"="C:\\WINDOWS\\pss\\Mozy Status.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Mozy\\mozystat.exe "
"item"="Mozy Status"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\EzPrint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezprint"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark P910 Series\\ezprint.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\f203a762.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="f203a762"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\f203a762.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\lxbymon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbymon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark P910 Series\\lxbymon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McAgent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\McRegWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcregwiz"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\Agent\\mcregwiz.exe /autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\BTYAHO~1\\Help\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\noftomlr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kfeniwhq"
"hkey"="HKLM"
"command"="C:\\kfeniwhq.bat"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Otso]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchost"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\COMMON~1\\CROSOF~1.NET\\svchost.exe\" -vt yazb"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\PCEyeLic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pceye2000"
"hkey"="HKLM"
"command"="C:\\Program Files\\PCEye2000\\pceye2000.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Power2GoExpress]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Power2GoExpress"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\PrevxOne]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PXConsole"
"hkey"="HKLM"
"command"="C:\\Program Files\\Prevx1\\PXConsole.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Qkbe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RGEDIT~1"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\SMANTE~1\\RGEDIT~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SiSUSBRG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SiSUSBrg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SiSUSBrg.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Uniblue Registry Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryBooster"
"hkey"="HKCU"
"command"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"iPodService"=dword:00000003

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccccde
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060819-103148-599
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 19/08/2006 10:35:21.26
ComboFix.txt

LonnyRJones
2006-08-19, 14:03
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.


REGEDIT4
;
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\f203a762.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\noftomlr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Otso]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Qkbe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccccde]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklj]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32]
;

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
Restart your PC.

Submit each of these files and let us know the results
http://www.virustotal.com/flash/index_en.html
C:\WINDOWS\system32\ysafyiqt.exe
C:\WINDOWS\system32\iecyfwdw.exe
C:\WINDOWS\system32\fccccde.dll
C:\WINDOWS\system32\pxwma.dll
C:\WINDOWS\system32\xvidvfw.dll
C:\WINDOWS\system32\ypclsp.dll

Illusion
2006-08-20, 14:25
Vundo fix :



VundoFix V6.1.0

Checking Java version...

Java version is 1.5.0.6

Scan started at 12:02:42 20/08/2006

Listing files found while scanning....

C:\WINDOWS\system32\fccccde.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.bak2
C:\WINDOWS\system32\jlkkj.ini2
C:\WINDOWS\system32\iecyfwdw.exe
C:\WINDOWS\system32\ysafyiqt.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fccccde.dll
C:\WINDOWS\system32\fccccde.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jkklj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlkkj.bak2
C:\WINDOWS\system32\jlkkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlkkj.ini2
C:\WINDOWS\system32\jlkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\iecyfwdw.exe
C:\WINDOWS\system32\iecyfwdw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ysafyiqt.exe
C:\WINDOWS\system32\ysafyiqt.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.0

Checking Java version...

Java version is 1.5.0.6

Scan started at 12:07:02 20/08/2006

Listing files found while scanning....

C:\WINDOWS\system32\fccccde.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fccccde.dll
C:\WINDOWS\system32\fccccde.dll Has been deleted!

Performing Repairs to the registry.
Done!


I didn't quite know what you meant by submit these files so I didn't do anything incase it was the wrong thing.

LonnyRJones
2006-08-20, 16:26
Good work with vundofix
Go to this website
http://www.virustotal.com/flash/index_en.html (http://www.virustotal.com/flash/index_en.html)

near the top is a "browse" button you can then navigate to a file and "send" it
C:\WINDOWS\system32\ysafyiqt.exe
C:\WINDOWS\system32\iecyfwdw.exe
C:\WINDOWS\system32\fccccde.dll
C:\WINDOWS\system32\pxwma.dll
C:\WINDOWS\system32\xvidvfw.dll
C:\WINDOWS\system32\ypclsp.dll

Illusion
2006-08-21, 01:32
Excellent help, then dialler is gone and my system seems much better.

Thanks.

LonnyRJones
2006-08-21, 02:40
Not finished untill we check those suspect file's and do a fallowup

Fallowup:
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

Illusion
2006-08-21, 16:12
I've had a look at both pages but they seem totally alien to me lol, I don't understand properly what to do

Illusion
2006-08-21, 16:17
Sorry can't edit.

I've done what it says, what should I expect from it?

LonnyRJones
2006-08-28, 20:41
"what should I expect from it?"

Illusion Read the article's again, they explain it very well.

Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).