LMAO its ok we will try to help in greater detail... this is the bit where you try to understand whats going on, please do not think I am talking down to you.... im trying to explain as simple as I can

------

Your hijack this log has at number 4 the following information :-

O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

The file mssvcc.exe relates to a "worm" on your computer known as W32/Rbot-BJV

This worm copys itself to the following location on your computer:
• %SYSDIR%\mssvcc.exe
It runs from this location and then deletes itself most of the time.

The worm then needs to run after the machine is restarted in order to infect your computer further and it does this by placing the following information in the Windows registry : (the windows registry is what controls how things run and start on your computer, specific settings and so on)

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• "msconfig38"="mssvcc.exe"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services]
• "msconfig38"="mssvcc.exe"

The following registry keys are changed:

– [HKLM\SOFTWARE\Microsoft\Ole]
Old value:
• "EnableDCOM"="%user defined settings%"
New value:
• "EnableDCOM"="N"

– [HKLM\SYSTEM\CurrentControlSet\Control\Lsa]
Old value:
• "restrictanonymous"=dword:%user defined settings%
"restrictanonymoussam"=dword:%user defined settings%
New value:
• "restrictanonymous"=dword:00000001
"restrictanonymoussam"=dword:00000001


In order to ensure its propagation the worm attemps to connect to other machines as described below. (NOTE : This means machines in contact with this laptop through a network enviroment may also be infected)

It drops copies of itself to the following network shares:
• IPC$
• C$
• ADMIN$

It uses the following login information in order to gain access to the remote machine:

– The following list of usernames:
• adm; admin; administrador; administrat; administrateur; administrator;
admins; computer; database; db2; dba; default; guest; oracle; owner;
root; staff; student; teacher; wwwadmin

– The following list of passwords:
• 007; 123; 1234; 12345; 123456; 1234567; 12345678; 123456789;
1234567890; 2000; 2001; 2002; 2003; 2004; access; accounting;
accounts; asd; backup; bill; bitch; blank; bob; brian; changeme;
chris; cisco; compaq; control; data; databasepass; databasepassword;
db1; db1234; db2; dbpass; dbpassword; default; dell; demo; domain;
domainpass; domainpassword; eric; exchange; fred; fuck; george; god;
guest; hell; hello; home; homeuser; ian; ibm; internet; intranet; jen;
joe; john; kate; katie; lan; lee; linux; login; loginpass; luke; mail;
main; mary; mike; neil; nokia; none; null; oem; oeminstall; oemuser;
office; orainstall; outlook; pass; pass1234; passwd; password;
password1; peter; pwd; qaz; qwe; qwerty; root; sam; server; sex;
siemens; slut; sql; sqlpassoainstall; sue; susan; system; technical;
test; unix; user; web; win2000; win2k; win98; windows; winnt; winpass;
winxp; www; zxc

The worm also makes use of the following issues in Windows you need to fix the problems by downloading the updates associated with them, the exploits are described below although not all of them are applicable to your computer. You simply need to download the updates posted by Thrush

– MS02-061 (Elevation of Privilege in SQL Server Web)
– MS03-026 (Buffer Overrun in RPC Interface)
– MS03-039 (Buffer Overrun in RPCSS Service)
– MS03-049 (Buffer Overrun in the Workstation Service)
– MS04-007 (ASN.1 Vulnerability)
– MS04-011 (LSASS Vulnerability)

This worm also has the ability to use your system for attacks on other users in what is called a distributed denial-of-service attack (DDOS), to do this the system has to provide information about itself and present itself for remote control it does this by connecting to the following IRC (Internet Relay Chat) servers :

Server: **********.slateit1703.info
Port: 8080
Channel: #final,#finaldownload
Nickname: USA|%six-digit random character string%
Password: he.he

Server: **********.3071tietals.info
Port: 8080
Channel: #final,#finaldownload
Nickname: USA|%six-digit random character string%
Password: he.he

This worm has the ability to collect and send information such as:
• CPU speed
• Current user
• Details about drivers
• Free disk space
• Free memory
• Malware uptime
• Information about the network
• Size of memory
• Information about the Windows operating system

Furthermore it has the ability to perform actions such as:
• connect to IRC server
• Launch DDoS ICMP flood
• Launch DDoS SYN flood
• Launch DDoS UDP flood
• Disable DCOM
• Disable network shares
• disconnect from IRC server
• Download file
• Enable DCOM
• Enable network shares
• Execute file
• Join IRC channel
• Kill process
• Leave IRC channel
• Open remote shell
• Perform network scan
• Restart system
• Start spreading routine
• Terminate malware
• Updates itself
• Upload file

A backdoor (UDP port 69) onto your system will be created and made available for remote access this is used for a FTP (File Transfer Protocol) server which can be used to upload files to your machine.

If you understand that then we can move onto removing it and all aspects of it... does this help or do I need to go even more simpler... I can