I've spent almost all day trying to remopve this blasted virus from my machine but haven't had any luck! I was wondering if anyone could help PLEASE!
Here is my log file from Hijack
Logfile of HijackThis v1.99.1
Scan saved at 14:20:09, on 21/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A7A237F-2497-A933-FB3E-771277E546C7} - C:\WINDOWS\System32\drnbcklm.dll
O2 - BHO: (no name) - {5A2F6A8A-7102-7D47-9FE5-94F94823CF27} - C:\WINDOWS\System32\wajdtnvc.dll (file missing)
O2 - BHO: (no name) - {8A71D05A-5F68-424B-CD9A-F88B9C52E963} - C:\WINDOWS\System32\yfcckvty.dll
O2 - BHO: (no name) - {D6C0A84A-3FE6-5C70-649A-A13562BB77E2} - C:\WINDOWS\System32\qimfwwsw.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eeu.exe] C:\WINDOWS\TEMP\eeu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7} - http://vad.mainentrypoint.com/dialer/bin/CE13861/dialer_activex.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\windows: NameServer = 69.57.146.14,69.57.147.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE91928-74BA-4ECB-A6A0-C422ABB27002}: NameServer = 69.57.146.14,69.57.147.175
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
O17 - HKLM\System\CS1\Services\Tcpip\..\windows: NameServer = 69.57.146.14,69.57.147.175
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: igvhnzkqxmjz (MsUpdate6) - Unknown owner - C:\WINDOWS\System32\msupd6.exe (file missing)
I hope someone can help me! I've read other forums and I can't seem to work out what i need to do!
Cheers
Rosey