Tech Support Forum - View Single Post - http://www.theguardservices.com/ Has taken over my IE.

esafarloo · 04-20-2006, 02:07 PM

Sup, thanks man, very kind, really appreciate it, thanks for your time!, i think its done the trick, IE goes to Msn.com as its homepage as it should now.

I was a bit sleepy when i did the fixture, a newb mistake there lol and i accidentally did the:

"Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection."

Twice and accidentally overwrote the original log produced, yes i know, im a idiot. The original log had i think a few directories in the systems 32 folder, if i remember correctly, not too sure, i dont know if that was good or bad.

Anyways, as requested:

SmitFraudFix v2.33b

Scan done at 15:07:17.85, 20/04/2006
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 16:23:29, 20/04/2006
+ Report-Checksum: DB25FE24

+ Scan result:

HKLM\SOFTWARE\Microsoft\VisualStudio\Analyzer\Events\{6C736D71-BCBF-11D0-8A23-00AA00B58E10} -> Adware.CoolWebSearch : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Babgen Safarloo\Application Data\Mozilla\Firefox\Profiles\2nbp0huv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup

::Report End

PANDA ACTIVESCAN

Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\RICHED20.dll
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Emil Safarloo\Favorites\Antivirus Test Online.url
Adware:adware/spywarequake Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Emil Safarloo\Cookies\emil safarloo@ad.yieldmanager[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.xmts.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.date.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.com.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[sel.as-eu.falkag.net/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[www.myaffiliateprogram.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\Cache\633285D9d01[Process.exe]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Emil Safarloo\Application Data\Mozilla\Firefox\Profiles\t4sdw85n.default\cookies.txt[]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Emil Safarloo\Cookies\emil safarloo@ad.yieldmanager[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Emil Safarloo\Desktop\SmitfraudFix.zip[Process.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Emil Safarloo\My Documents\Downloads from Aol and other internet\Smiley Central\Beta\SmileyCentralBetaSetup1.1.1.12-1.exe
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\Documents and Settings\Emil Safarloo\My Documents\EMIL\susetup.exe[SERVUDAEMON.EXE]
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\Documents and Settings\Emil Safarloo\My Documents\EMIL\susetup.exe[SERVUTRAY.EXE]
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\Documents and Settings\Emil Safarloo\My Documents\EMIL\susetup.exe[SERVUPERFCOUNT.DLL]
Potentially unwanted tool:Application/ServUBased.N Not disinfected C:\Documents and Settings\Emil Safarloo\My Documents\EMIL\susetup.exe[SERVUADMIN.EXE]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Emil Safarloo\My Documents\Random Stuff not yet backed up - May require movin files about!\Program Files\MSN Messenger\riched20.dll
Hacktool:HackTool/EvID Not disinfected C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe
Virus:Trj/Nsis.B Disinfected C:\Program Files\Common Files\Synacast\SynaLive\uninst.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Logfile of HijackThis v1.99.1
Scan saved at 20:47:00, on 20/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PicoZip\PicoZipTray.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\aw_player52\awswaxf.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B9E3143-7CFD-4560-B341-064C6BE265B3}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe

<b> I used HijackThis Analyzer as well</b> (incase it helps you!)

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 20:47:00, on 20/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\PicoZip\PicoZipTray.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\HijackThis.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\aw_player52\awswaxf.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B9E3143-7CFD-4560-B341-064C6BE265B3}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe

End of HijackThis Analyzer Log.
===========================================================================================================================

thanks, i think that’s everything, lol.

O btw, <b>Yesterday i realised i was paying 50p a month to my ISP (Tesco broadband UK) for this security package witch they had send me but i hadn’t installed/used it before so i decided to install it yesterday, i was asked to reboot my computer so i did however, when Xp loaded and came to the blue login screen, the computer automatically rebooted, not allowing me to log into XP, it did this 4 times and on the 5th time, i went into safe mode and uninstalled the security software that tesco (my isp) had sent me and it did the trick, i was able to login into windows, i was really worried, so happy i managed to fix the problem though.</b>

Thanks again friend