Please check Page 2

Hi, I got 1/many messages from my firends on MSN that I should check out a file... I was foolish enough to open it... after many encouraging auto messages from my pals over the MSN, SO I opened it and now every 30secs my MSN mEssenger keeps sending IMs to my friends about that virus file.
Also every 5minutes or so my Kaspesky tells me I've got a virus and then it resolves the problem, and 5 minutes after it does it again :(
My HijackThis Log reads:
Also should ad, that my computer gave me popups with http://web.links4all.biz/ and still had the ToolBar888 even though I have uninstalled it via CCleaner, Just in case here is a newer HJT LOG:
-
Logfile of HijackThis v1.99.1
Scan saved at 21:34:35, on 17-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\CyberLink\Shared files\RichVideo.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Edward Hansen\Xinstall.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Opera\Opera.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\MSN Messenger\msgs.exe
C:\Programmer\Fælles filer\{98F20E2E-0AF9-1030-0811-05022106002d}\Update.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\EDWARD~1\APPLIC~1\PPATCH~1\chkdsk.exe
C:\Documents and Settings\Edward Hansen\Application Data\?dobe\m?iexec.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Edward Hansen\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {4111AC64-1CD1-1176-A2A3-1743B163F290} - C:\WINDOWS\system32\bveepzpv.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4111AC64-1CD1-1176-A2A3-1743B163F290} - C:\WINDOWS\system32\bveepzpv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmer\ToolBar888\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmer\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Edward Hansen\Xinstall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iana] "C:\DOCUME~1\EDWARD~1\APPLIC~1\PPATCH~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [Lcomw] C:\Documents and Settings\Edward Hansen\Application Data\?dobe\m?iexec.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151089028752
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6584C042-C610-4AD5-A43E-46AA5A8C32FE}: NameServer = 57.6.21.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{939F8317-2707-478A-ACE8-15A4A2A2E182}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

__

PLease help, I need urgent help so I can share the solution to my friends before this gets out of hand, how to remove this realy *** virus/malware
_
PS the link to the virus is http://www.uglyphotos.net /photo223.PIF
Do not open the file once downloaded, I hold no responcibility.
[B]NOTE: I seperated part of the link as to avoid users automatically clicking on the link, downloading and being infected-J$3457

hi deadly please do the following steps (in order):Make sure that you can see hidden files.
Click Start.
Click My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Uncheck the Hide file extensions for known file types.
Click OK.

then First download ewido anti-spyware from HERE (http://www.ewido.net/en/download/) and save that file to your desktop.
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need to run ewido and update the definition files.
On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close ewido anti-spyware and reboot your computer into Safe Mode (http://www.bleepingcomputer.com/forums/index.php?showtutorial=61).
Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
Ewido will now begin the scanning process, be patient this may take a little time.
Ewido will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close ewido & post that report in next reply

Hi, Thanks for the fast reply, here is the eWido Log:
-
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:00:47 18-09-2006

+ Scan result:



C:\Programmer\Fælles filer\{98F20E2E-0AF9-1030-0811-05022106002d}\Update.exe -> Adware.Agent : No action taken.
C:\Programmer\Fælles filer\{98F20E2E-0AFA-1030-0811-05022106002d}\Update.exe -> Adware.Agent : No action taken.
C:\Documents and Settings\Edward Hansen\mt-uninstaller.exe -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\bveepzpv.dll -> Adware.PurityScan : No action taken.
C:\Programmer\ToolBar888 -> Adware.Softomate : No action taken.
C:\Programmer\ToolBar888\Activate.exe -> Adware.Softomate : No action taken.
C:\Programmer\ToolBar888\MyToolBar.dll -> Adware.Softomate : No action taken.
C:\Programmer\ToolBar888\Uninst.exe -> Adware.Softomate : No action taken.
C:\Documents and Settings\Edward Hansen\3.exe/dev.exe -> Backdoor.Rbot.biz : No action taken.
C:\Documents and Settings\Edward Hansen\Lokale indstillinger\Temporary Internet Files\Content.IE5\HE8IZ1F8\3[1].exe/dev.exe -> Backdoor.Rbot.biz : No action taken.
C:\Documents and Settings\Edward Hansen\Lokale indstillinger\Temp\installer.exe -> Dropper.PurityScan.q : No action taken.
C:\Documents and Settings\Edward Hansen\Lokale indstillinger\Temporary Internet Files\Content.IE5\HE8IZ1F8\Xinstall[1].exe -> Heuristic.Win32.Morphine-Crypted : No action taken.
C:\Programmer\MSN Messenger\Xinstall.exe -> Heuristic.Win32.Morphine-Crypted : No action taken.
C:\WINDOWS\system32\Xinstall.exe -> Heuristic.Win32.Morphine-Crypted : No action taken.
C:\Documents and Settings\Edward Hansen\Lokale indstillinger\Temporary Internet Files\Content.IE5\74J8H3EJ\speedtest2[1].dll -> Not-A-Virus.Downloader.Win32.InsTool.a : No action taken.
C:\WINDOWS\Downloaded Program Files\speedtest2.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : No action taken.
C:\Programmer\Cheat Engine\dbk32.sys -> Rootkit.Small : No action taken.
C:\Documents and Settings\Edward Hansen\Cookies\edward hansen@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.


::Report end
-
But the Evil Toolbar 888 is still there, and my Windows Messenger is still not functunal.


-
Plus I have added a HJT repport again.
-
Logfile of HijackThis v1.99.1
Scan saved at 21:16:48, on 18-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\CyberLink\Shared files\RichVideo.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Edward Hansen\Application Data\?dobe\m?iexec.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Edward Hansen\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {4111AC64-1CD1-1176-A2A3-1743B163F290} - C:\WINDOWS\system32\bveepzpv.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4111AC64-1CD1-1176-A2A3-1743B163F290} - C:\WINDOWS\system32\bveepzpv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmer\ToolBar888\MyToolBar.dll (file missing)
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmer\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Edward Hansen\Xinstall.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Lcomw] C:\Documents and Settings\Edward Hansen\Application Data\?dobe\m?iexec.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151089028752
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6584C042-C610-4AD5-A43E-46AA5A8C32FE}: NameServer = 57.6.21.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{939F8317-2707-478A-ACE8-15A4A2A2E182}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

do you use MSN messenger OR windows messenger? people usually confuse the 2 as the same but there seperate and windows messenger is known to be associated with spyware but please do the following: run the following scanner, it basically scans for spyware A-Z and if/when spyware's detected it'll prompt you to either ignore or remove obviously click remove, it won't create a report at the end so don't worry about that but if possible please me know if and what it found along with a new hjt log after a fresh reboot after running this scanner--->http://www.xblock.com/download/xclean_micro.exe

X-Cleaner Micro has Found:
-
Detected CoolWebSearch:
Registry Keys (1) :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks , _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

-

Detected GameSpy Arcade:
Registry Keys (Software) (2) :
HKEY_LOCAL_MACHINE\Software\GameSpy
HKEY_CURRENT_USER\Software\GameSpy

-

Okay I have rebooted and as soon as I got into windows I got a nice little virus warning with !Update!...some numbers virus.
888 toolbar is still there and I can't uninstall it :( because CCLeaner & Controll panel uninstaller tells me that the uninstaller is gone.
Anyway here is my HJT repport:
-

Logfile of HijackThis v1.99.1
Scan saved at 21:28:51, on 18-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Edward Hansen\Application Data\?dobe\m?iexec.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\CyberLink\Shared files\RichVideo.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Opera\Opera.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Edward Hansen\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {4111AC64-1CD1-1176-A2A3-1743B163F290} - C:\WINDOWS\system32\bveepzpv.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4111AC64-1CD1-1176-A2A3-1743B163F290} - C:\WINDOWS\system32\bveepzpv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmer\ToolBar888\MyToolBar.dll (file missing)
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmer\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Edward Hansen\Xinstall.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Lcomw] C:\Documents and Settings\Edward Hansen\Application Data\?dobe\m?iexec.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151089028752
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6584C042-C610-4AD5-A43E-46AA5A8C32FE}: NameServer = 57.6.21.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{939F8317-2707-478A-ACE8-15A4A2A2E182}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

PS: I am using the new "Windows Live Messenger" (The Microsoft Windows Vista substitute for the MSN Messenger)
PS: Even though the 888 Toolbar is still there in the Toolbars that can be activated, it can not be opened(Shown) and I can't uninstall it.
PS: I have a vierd program in my startup and running processes MSIexec.exe wich is wierd because it looks like a installer...
PS: The virus being found every time I start my computer is called "!update-4295[1].0000"

Open hijackthis 1.99.1
- Click the Config... button, then go to the Misc Tools section.
- Click on Open Uninstall Manager. You'll see a list of programs.
- Click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

Hi, here is the list:

3DMark06
Ad-Aware SE Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop Elements 4.0
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe Stock Photos 1.0
Alive MP3 WAV Converter version 3.0.2.8
AsusUpdate
Battlefield 2(TM)
Battlefield 2: Special Forces
CCleaner (remove only)
Cheat Engine 5.2
CP210x USB to UART Bridge Controller
Creative Audio Console
Darkstar One
DefilerPak 1.22 (Remove Only)
Engelsk Large
Evil Genius V1.01
ewido anti-spyware 4.0
FlashFXP v3.2.0 (Build 1080) Scene Edition
Fraps (remove only)
Gyldendals Røde Ordbøger Dansk-Engelsk/Engelsk-Dansk Ordbog
Hide IP Platinum 2.2
High Definition Audio Driver Package - KB835221
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Hotfix til Windows XP (KB914440)
iColorFolder
IGN Download Manager 2.2.1
J2SE Runtime Environment 5.0 Update 7
Kaspersky Anti-Virus Personal
KhalSetup
LEGO Star Wars
LEGO Star Wars II
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech SetPoint
Marvell Miniport Driver
MediaTickets by OIN
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - DAN
Microsoft Base Smart Card Crypto-udbyder
Microsoft Office Professional Edition 2003
Microsoft Plus! for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual C++ 2005 Redistributable
mIRC
MSXML 4.0 SP2 Parser and SDK
Nero 7 Ultra Edition
Norton Ghost 10.0
NVIDIA Drivers
Oblivion
Opdatering til Windows XP (KB894391)
Opdatering til Windows XP (KB898461)
Opdatering til Windows XP (KB900485)
Opdatering til Windows XP (KB904942)
Opdatering til Windows XP (KB908531)
Opdatering til Windows XP (KB910437)
Opdatering til Windows XP (KB916595)
Opdatering til Windows XP (KB920872)
Opdatering til Windows XP (KB922582)
Opera 9.01
Politikens Tysk-Dansk-Tysk
PortTrigger 1.0.57
Postal 2 Apocalypse Weekend Expansion Pack
Postal 2 Share The Pain
PowerDVD
PowerISO
Quake 4(TM)
QuickTime Alternative 1.71 Beta 2
Q-Xpress Installer 1.1.4
RealPlayer
Realtek High Definition Audio Driver
Registry Mechanic 5.2
Samsung Mobie USB Driver Installer
Samsung Mobile USB Modem Software
Samsung PC Studio 2.0 PIM & File Manager
Security Update til Microsoft .NET Framework 2.0 (KB917283)
SereneScreen Marine Aquarium 2.6
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player 10 (KB917734)
Sikkerhedsopdatering til Windows Media Player 9 (KB917734)
Sikkerhedsopdatering til Windows XP (KB890046)
Sikkerhedsopdatering til Windows XP (KB893756)
Sikkerhedsopdatering til Windows XP (KB896358)
Sikkerhedsopdatering til Windows XP (KB896422)
Sikkerhedsopdatering til Windows XP (KB896423)
Sikkerhedsopdatering til Windows XP (KB896424)
Sikkerhedsopdatering til Windows XP (KB896428)
Sikkerhedsopdatering til Windows XP (KB899587)
Sikkerhedsopdatering til Windows XP (KB899589)
Sikkerhedsopdatering til Windows XP (KB899591)
Sikkerhedsopdatering til Windows XP (KB900725)
Sikkerhedsopdatering til Windows XP (KB901017)
Sikkerhedsopdatering til Windows XP (KB901214)
Sikkerhedsopdatering til Windows XP (KB902400)
Sikkerhedsopdatering til Windows XP (KB904706)
Sikkerhedsopdatering til Windows XP (KB905414)
Sikkerhedsopdatering til Windows XP (KB905749)
Sikkerhedsopdatering til Windows XP (KB908519)
Sikkerhedsopdatering til Windows XP (KB911280)
Sikkerhedsopdatering til Windows XP (KB911562)
Sikkerhedsopdatering til Windows XP (KB911567)
Sikkerhedsopdatering til Windows XP (KB911927)
Sikkerhedsopdatering til Windows XP (KB912919)
Sikkerhedsopdatering til Windows XP (KB913580)
Sikkerhedsopdatering til Windows XP (KB914388)
Sikkerhedsopdatering til Windows XP (KB914389)
Sikkerhedsopdatering til Windows XP (KB916281)
Sikkerhedsopdatering til Windows XP (KB917159)
Sikkerhedsopdatering til Windows XP (KB917344)
Sikkerhedsopdatering til Windows XP (KB917422)
Sikkerhedsopdatering til Windows XP (KB917953)
Sikkerhedsopdatering til Windows XP (KB918439)
Sikkerhedsopdatering til Windows XP (KB918899)
Sikkerhedsopdatering til Windows XP (KB919007)
Sikkerhedsopdatering til Windows XP (KB920214)
Sikkerhedsopdatering til Windows XP (KB920670)
Sikkerhedsopdatering til Windows XP (KB920683)
Sikkerhedsopdatering til Windows XP (KB920685)
Sikkerhedsopdatering til Windows XP (KB921398)
Sikkerhedsopdatering til Windows XP (KB921883)
Sikkerhedsopdatering til Windows XP (KB922616)
Skype 2.5
Softick PPP 2.21 (remove only)
SoulSeekkor's TQ Defiler
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Star Wars®: Knights of the Old Republic (TM)
Steam
System Requirements Lab
TI Connect 1.6
Titan Quest
Unlocker 1.8.4
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

Please perform an online virus scan with F-Secure Online Scanner.

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-secure.com/enu/home/ols3.shtml

Click the F-Secure Online Scanner Next Generation Beta link.
When prompted, choose to install the software.
After the software has installed, click Accept.
Click Custom Scan and check the option for Scan inside archives, then click Start.
The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread, along with a new HijackThis log.

Aprox how long time will it take on a 76GB harddisk? (yes it is full)

Aprox how long time will it take on a 76GB harddisk? (yes it is full)
not sure exactly but my best guess is couple hours..gotta be patient so your system can get clean :wink:

Yay, it finished and removed 2 Malware(s), here's the repport:
-
Scanning Report
Tuesday, September 19, 2006 17:21:12 - 20:34:40

Computer name: EDWARD
Scanning type: Scan target for viruses, rootkits, spyware
Target: C:\
Result: 2 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
Statistics
Scanned:
Files: 233420
System: 4669
Not scanned: 194
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
x
Èl‡AGEFILE.SYS
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_830.DAT
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\VAXSCSI.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\PROGRAMMER\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[1].RMB
C:\PROGRAMMER\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[2].RMB
C:\PROGRAMMER\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[3].RMB
C:\PROGRAMMER\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[4].RMB
C:\PROGRAMMER\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[5].RMB
C:\PROGRAMMER\OPERA\MAIL\INDEXER\INDEXER_64.DAT
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_INTRO.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_MENU.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_MENU_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB1.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB1_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB2.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB2_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB3.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB3_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB4.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB4_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB5.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB5_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB6.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_MENU_TO_SUB6_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE1.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE1_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE2.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE2_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE3.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE3_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE4.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE4_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE5.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE5_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE6.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\TOWERS\TOWERS_TITLE6_REV.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\MONITORS\MONITORS.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\MONITORS\MONITORS_INTRO.MP3
C:\PROGRAMMER\NERO\NERO 7\NERO VISION\3DANIMATIONS\MENUS\4_3\MONITORS\MONITORS_MENU_TO_MÞ
M
Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-09-19
F-Secure Libra: 2.4.1, 2006-09-16
F-Secure Orion: 1.2.37, 2006-09-19
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-08-14
F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Bad news, after the restart/reboot I still get the virus warning, it's as if the virus keeps reconstructing itself :/

nice job now please do the following-->Next, your version of Sun Java is outdated and should be updated.
Download the offline installer from HERE (http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=22&PartDetailId=jre-1.5.0_08-oth-JPR&SiteId=JSC&TransactionId=noreg).
Accept the License Agreement
Select "Windows Offline Installation, Multi-language".
Save the file to your Desktop.
Next, uninstall your currently installed version from Add or Remove Programs.
If you have older versions listed uninstall them also. If you simply update to the new version,
it leaves the older version(s) still installed, complete with previous vulnerabilities.
- Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2
Restart your system.
Install the new version by double-clicking on the file you downloaded.

Done, What next doc :P ?

lets clear out your temp files, see if that improves anything or maybe even stop those annoying error message;) -->Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
If you use Firefox browser, do this also:
Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
Click Opera at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

I cleaned it, and it deleted 7 megabytes of something. But I could not choose Opera on top, it was greyed out.. maybee it's because I use a newer version than the program recognises.. ? I will try to reboot now
EDIT: It did not help on the "!Update" virus :( Even though it was found in IE's temp.

PS: Also something I have noticed, I get popups at random, abbout Casino, Pornography, Free XXX Cams Now, Buy Cheap CDs and stuff like that, wich makes the PC unsafe for miniors :( Oh god this virus is a B****

NOTE: CHECK PAGE 2:P

i know you prolly have done so already but just making sure...have you scanned with adaware SE & spybot ?

also please try the following-->download Cleanup 4.5 (http://www.stevengould.org/downloads/cleanup/CleanUp451.exe)

NOTE: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! If you don't already know, you're probably not using XP64, but you can download & run this tool to find out for sure.....http://www.kellys-korner-xp.com/regs...p_whichcpu.exe (http://www.kellys-korner-xp.com/regs_edits/xp_whichcpu.exe)
Run Cleanup! using the following configuration:

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins
Delete Cookies
Delete Prefetch files (if present)
Cleanup! All Users
Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click OK
Press the CleanUp! button to start the program.. Do NOT Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

What do you mean by "deletes EVERYTHING out of your temp/temporary folders" what does it delete exactly, so I know what to take backup of

Okay, I flyshed all my temporary files, Lets hope my PC remembered to wipe itself :P
GOnna reboot & let you know how it's going.

:( After reboot I still had that !update virus, and it was in my PC's temp folder

What do you mean by "deletes EVERYTHING out of your temp/temporary folders" what does it delete exactly, so I know what to take backup of
just temp files/folders that contain files like temp internet files, cookies, etc..i'm going to research this further and will be back with more info
PS:also deadly could you please take a screenshot of this update virus message and attach it to your next reply as it may help me better

OKay I will

Oh my GOD! it's gone, I think it was by combining all of the programs that you mentioned in 1 reboot that did it.. Lol i just got pissed and ran all of the cleaning programs :P
I will post a HJT just to be shure that it all is gone ok?
-

Logfile of HijackThis v1.99.1
Scan saved at 16:48:38, on 20-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Programmer\ewido anti-spyware 4.0\Run ewido.exe
C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Java\jre1.5.0_08\bin\jusched.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\CyberLink\Shared files\RichVideo.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Opera\Opera.exe
C:\Documents and Settings\Edward Hansen\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {4111AC64-1CD1-1176-A2A3-1743B163F290} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4111AC64-1CD1-1176-A2A3-1743B163F290} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\Run ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151089028752
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6584C042-C610-4AD5-A43E-46AA5A8C32FE}: NameServer = 57.6.21.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{939F8317-2707-478A-ACE8-15A4A2A2E182}: NameServer = 193.162.153.164,194.239.134.83
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

PS: What is svchost.exe & smss.exe I always wanted to know that :P
PPS: Will it be safe to install Windows Live Messenger again? because it got uninstalled with all of the Scanning and stuff.

really?That's good but please first do a system scan only in HJT and fix *check* the following lines (make sure NO windows are open during the fix except for hjt itself) then reboot and post new log-->R3 - URLSearchHook: (no name) - {4111AC64-1CD1-1176-A2A3-1743B163F290} - (no file)
O2 - BHO: (no name) - {4111AC64-1CD1-1176-A2A3-1743B163F290} - (no file)
those are both windows processes all legit:wink:

OKay, Here is the fresh repport:
-

Logfile of HijackThis v1.99.1
Scan saved at 17:24:34, on 20-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programmer\ewido anti-spyware 4.0\Run ewido.exe
C:\Programmer\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\CyberLink\Shared files\RichVideo.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Edward Hansen\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\Run ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151089028752
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6584C042-C610-4AD5-A43E-46AA5A8C32FE}: NameServer = 57.6.21.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{939F8317-2707-478A-ACE8-15A4A2A2E182}: NameServer = 193.162.153.164,194.239.134.83
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

yes it is safe to re install windows LM, hows the pc behaving now? log is clean:thumbsup:

It behaving great!!! Thank you very much for Curing it !!! Man this is awesome! I would hug you! It's running like... even better than before the virus!
PS: Im gonna install Messenger and tell all my firends what to do! :D
PPS: don't you think it could be a great idea to post all of your replies on a manual on how to delete the Messenger virus? Because alot of people got that virus, I mean even my friends all the way in Chile got it.

i appreciate that idea of my posts in this thread becoming a manual but that wouldn't be a good idea in itself only because EACH and every computer is different especially on infections each computer has to be approached with a different set of instructions legion so if they need help tell them to register and we'd be glad to help them as for you though please follow these steps to prevent malware...Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
How to use Ad-Aware to remove Spyware (http://www.bleepingcomputer.com/forums/?showtutorial=48) <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware (http://www.bleepingcomputer.com/forums/?showtutorial=43) <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:
Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html) <= SpywareBlaster will prevent spyware from being installed.
Spywareguard (http://www.wilderssecurity.net/spywareguard.html) <= SpywareGuard offers realtime protection from spyware installation attempts.
IE/Spyad (http://www.bleepingcomputer.com/tutorials/tutorial53.html) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:
AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG (http://www.grisoft.com/) or Anti-Vir (http://www.free-av.com/), or a shareware version like Norton or Kapersky, this is a must have.
Firewall<= A firewall (http://www.google.com/search?hl=en&lr=&q=define%3Afirewall&btnG=Search) is definatley a must have. Two good free versions are Kerio (http://www.sunbelt-software.com/Kerio.cfm) and ZoneLabs (http://www.zonelabs.com/store/content/home.jsp).
More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox (http://www.mozilla.org/products/firefox/), however Opera (http://www.opera.com/) and SlimBrowsers (http://www.flashpeak.com/sbrowser/) are good as well.

And also see TonyKlein's good advice
So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
PS:Also Legion to make sure all previous infected restore points are flushed out as to prevent re infection please do the following to creat a new restore point and flush out all the old one's...right click my computer>select properties>system restore tab>check turn off system restore>reboot then repeat the same steps only UNcheck turn off system restore then voila! a new restore point will be created..please reply once more to this thread and i'll mark it resolved:smiles:

Re: "Firewall<= A firewall is definatley a must have. Two good free versions are Kerio and ZoneLabs." I've got a router with a firewall in it, do I still need a software firewall?

Re: "Firewall<= A firewall is definatley a must have. Two good free versions are Kerio and ZoneLabs." I've got a router with a firewall in it, do I still need a software firewall?
i highly recommend you do as the FW in the router protects your home network itself but NOT so much your computer this is where the software FW comes into place it protects the computer itself..that being said can i mark this resolved?:bigggrin:

Yes shure ofcource :D the problem is solved and the virus is done for :D

glad to hear it:thumbsup: your welcome and this thread is now resolved/locked and please if you have any future malware problems post a new thread:smiles: