Adware[RESOLVED]

colin · November 9, 2006

Hi can oanyone help me please. im having problems with my computer running very slowly. i have run a scan and found that i have something called adware 2search on my computer. I seems to be causing a lot of problems and my scanner tells me it is high risk. yesterday i tried to download and run a new program and the computer said i needed to be an administrator on the computer, even though i already am the administrator. Can anyone please advise mw what to do.

thank you

colin · November 9, 2006

Hi can oanyone help me please. im having problems with my computer running very slowly. i have run a scan and found that i have something called adware 2search on my computer. I seems to be causing a lot of problems and my scanner tells me it is high risk. yesterday i tried to download and run a new program and the computer said i needed to be an administrator on the computer, even though i already am the administrator. Can anyone please advise mw what to do.

thank you

thanks for the advice Noggie heres the hijack this log

Logfile of HijackThis v1.99.1

Scan saved at 15:12:49, on 09/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\svchost.exe

C:\Apps\Powercinema\PCMService.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Norton GoBack\GBTray.exe

C:\Documents and Settings\Colin\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [delcab] C:\drivers\deltreew.exe C:\cabs

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe

O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...682/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{72217243-C00E-45E9-99BF-DF9C1022940C}: NameServer = 194.168.4.100,194.168.8.100

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Advanced System Products, Inc. - (no file)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: SmartLinkService (SLService) - Unknown owner - \??\C:\WINDOWS\system32\slserv.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Edited November 9, 2006 by colin

therock247uk · November 9, 2006

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

colin · November 9, 2006

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please go HERE to run Panda's ActiveScan
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

colin · November 10, 2006

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please go HERE to run Panda's ActiveScan
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Hi thanks very much for your help. Ive tried to follow your instructions. first part with atf cleaner was ok, but i have run into a problem with the next part. after inputing ie-mail nformation etc and trying to run the scan i get the following message

Error on downloading ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,... Try again

i have tried restarting, i have also tried useing both internet explorer and firefox to run the scan, but get the same message. i have also in the past been informed by the computer that i am not an administrator on the machine although i am an accounts show me as administrator. hope you can find time to help further.

thanks very much

colin

therock247uk · November 10, 2006

Can you login as Administrator then try?

colin · November 10, 2006

Can you login as Administrator then try?

Hi i am indicated as an administrator in user accounts on this machine, but during some downloads the download stops and i get the message that only a computer administrator can preform this task.

therock247uk · November 11, 2006

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

colin · November 11, 2006

Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

Thank you that went ok heres the file

KASPERSKY ONLINE SCANNER REPORT

Saturday, November 11, 2006 3:05:58 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 11/11/2006

Kaspersky Anti-Virus database records: 240626

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

C:\

D:\

Scan Statistics

Total number of scanned objects 59974

Number of viruses found 8

Number of infected objects 22 / 0

Number of suspicious objects 0

Duration of the scan process 01:25:46

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-11-11_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\5874C7BA.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\BD4C8A79.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped

C:\Documents and Settings\Colin\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Colin\Desktop\Carl\Desktop\Install-Animated-Emoticons.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\Colin\Desktop\Carl\Desktop\Install-Animated-Emoticons.exe/stream/data0002 Infected: not-a-virus:AdTool.Win32.WinAD.bv skipped

C:\Documents and Settings\Colin\Desktop\Carl\Desktop\Install-Animated-Emoticons.exe/stream Infected: not-a-virus:AdTool.Win32.WinAD.bv skipped

C:\Documents and Settings\Colin\Desktop\Carl\Desktop\Install-Animated-Emoticons.exe NSIS: infected - 3 skipped

C:\Documents and Settings\Colin\Desktop\windowscleanersetup.exe/Stream/data0004 Infected: Trojan-Spy.Win32.KeySend.b skipped

C:\Documents and Settings\Colin\Desktop\windowscleanersetup.exe/Stream Infected: Trojan-Spy.Win32.KeySend.b skipped

C:\Documents and Settings\Colin\Desktop\windowscleanersetup.exe Inno: infected - 2 skipped

C:\Documents and Settings\Colin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Colin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Colin\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Colin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Colin\ntuser.dat Object is locked skipped

C:\Documents and Settings\Colin\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Sandra\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Sandra\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Sandra\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Sandra\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Sandra\Local Settings\Temp\~DF6092.tmp Object is locked skipped

C:\Documents and Settings\Sandra\Local Settings\Temp\~DFA477.tmp Object is locked skipped

C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Sandra\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Sandra\ntuser.dat.LOG Object is locked skipped

C:\gobackio.bin Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) 09-the_game-put_you_on_the_game_(produced_by_timbaland).mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) 50 cent ft mobb deep - outta control (remix).mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) Craig David - I'm Sorry (I Don't Love You No More).mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) DJ Alex k live @ The Pleasure Rooms 16 Jan 2005 Part 2 With .mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) Eminem - When Im Gone.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) Gorillaz - Demon Days - 12 - DARE.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) Gorillaz - Feel Good Inc..mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) Jadakiss - Checkmate (Dissin' 50 Cent).mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) Linkin Park - Somewhere I Belong .mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) Sean Paul - We Be Burning.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) Sean Paul - We Will Be Burning.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) The Game - Put You On The Game.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\(Unverified) The Killers - Mr. Brightside.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Biggie smalls - Hypnotized.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Black Eyed Peas - My Humps.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Craig David - Fill Me In [Ft Usher remix].mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Jay Z - Reasonable Doubt- Brooklyn's finest f Biggie # 3.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Kano - Brown Eyes.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Kano - Ps and Qs.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Kayne West - Gold Diggers.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Mariah Carey - Heartbreaker.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Pleasure Rooms - Cruzin.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Pleasure Rooms - I still believe in ur eyes good.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Pleasure Rooms - Takin Me Higher 1.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Rihanna - If It's Lovin' That You Want.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Simon Webbe - Lay Your Hands.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\The Notorious B.I.G ft P Diddy, Nelly & Jagged Edge (Biggie Duets The Final Chapter) - Nasty Girl.mp3 Object is locked skipped

C:\Program Files\Ares Gold\Downloads\Wigan Pier 49 CD1 - 16 - Right in the night.mp3 Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Hitman Pro\quarantine\2006-10-26_23-44-49.zip Object is locked skipped

C:\Program Files\Hitman Pro\quarantine\2006-10-29_17-00-56.zip Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\RECYCLER\c2\Dc1.jpg Object is locked skipped

C:\RECYCLER\c2\Dc10.jpg Object is locked skipped

C:\RECYCLER\c2\Dc11.wav Object is locked skipped

C:\RECYCLER\c2\Dc116.wma Object is locked skipped

C:\RECYCLER\c2\Dc118.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc119.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc12.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc120.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc13.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc14.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc143.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc15.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc16.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc162.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc18.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc181.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc185.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc186.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc187.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc188.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc19.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc190.lnk Object is locked skipped

C:\RECYCLER\c2\Dc191.exe Object is locked skipped

C:\RECYCLER\c2\Dc192.exe Object is locked skipped

C:\RECYCLER\c2\Dc193.exe Object is locked skipped

C:\RECYCLER\c2\Dc194.lnk Object is locked skipped

C:\RECYCLER\c2\Dc195.lnk Object is locked skipped

C:\RECYCLER\c2\Dc196.exe Object is locked skipped

C:\RECYCLER\c2\Dc197.exe Object is locked skipped

C:\RECYCLER\c2\Dc198.exe Object is locked skipped

C:\RECYCLER\c2\Dc199.lnk Object is locked skipped

C:\RECYCLER\c2\Dc2.jpg Object is locked skipped

C:\RECYCLER\c2\Dc20.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc200.lnk Object is locked skipped

C:\RECYCLER\c2\Dc201.exe Object is locked skipped

C:\RECYCLER\c2\Dc202.lnk Object is locked skipped

C:\RECYCLER\c2\Dc203.exe Object is locked skipped

C:\RECYCLER\c2\Dc21.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc22.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc23.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc24.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc25.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc26.wma Object is locked skipped

C:\RECYCLER\c2\Dc27.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc29.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc3.jpg Object is locked skipped

C:\RECYCLER\c2\Dc30.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc31.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc32.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc33.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc34.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc4.jpg Object is locked skipped

C:\RECYCLER\c2\Dc43.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc44.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc45.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc46.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc47.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc48.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc49.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc5.gif Object is locked skipped

C:\RECYCLER\c2\Dc50.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc51.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc52.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc53.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc54.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc55.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc56.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc57.MP3 Object is locked skipped

C:\RECYCLER\c2\Dc58.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc59.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc6.jpg Object is locked skipped

C:\RECYCLER\c2\Dc60.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc61.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc62.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc63.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc64.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc65.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc66.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc67.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc68.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc69.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc7.gif Object is locked skipped

C:\RECYCLER\c2\Dc70.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc71.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc8.jpg Object is locked skipped

C:\RECYCLER\c2\Dc9.gif Object is locked skipped

C:\RECYCLER\c2\Dc91.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc92.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc93.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc94.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc95.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc96.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc97.mp3 Object is locked skipped

C:\RECYCLER\c2\Dc98.mp3 Object is locked skipped

C:\RECYCLER\e4\Dc20.exe/WISE0013.BIN/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped

C:\RECYCLER\e4\Dc20.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.HelpExpress skipped

C:\RECYCLER\e4\Dc20.exe/WISE0014.BIN/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\RECYCLER\e4\Dc20.exe/WISE0014.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\RECYCLER\e4\Dc20.exe/WISE0014.BIN/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\RECYCLER\e4\Dc20.exe/WISE0014.BIN/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\RECYCLER\e4\Dc20.exe/WISE0014.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\RECYCLER\e4\Dc20.exe/WISE0014.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\RECYCLER\e4\Dc20.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\RECYCLER\e4\Dc20.exe/WISE0015.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\e4\Dc20.exe/WISE0015.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\e4\Dc20.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\RECYCLER\e4\Dc20.exe WiseSFX: infected - 12 skipped

C:\RECYCLER\e4\Dc42.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ak skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

can't imagin how you understand this stuff

thanks again

colin

therock247uk · November 11, 2006

Delete the files. (if present)

C:\Documents and Settings\Colin\Desktop\Carl\Desktop\Install-Animated-Emoticons.exe

C:\Documents and Settings\Colin\Desktop\windowscleanersetup.exe

Then post a new Hijackthis log here in a reply.

colin · November 11, 2006

Delete the files. (if present)
C:\Documents and Settings\Colin\Desktop\Carl\Desktop\Install-Animated-Emoticons.exe
C:\Documents and Settings\Colin\Desktop\windowscleanersetup.exe
Then post a new Hijackthis log here in a reply.

Thank you her it is

Logfile of HijackThis v1.99.1

Scan saved at 23:36:33, on 11/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Norton GoBack\GBPoll.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Apps\Powercinema\PCMService.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Norton GoBack\GBTray.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Documents and Settings\Colin\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

file://C:\APPS\IE\offline\uk.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Packard Bell

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-

7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0

\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-

B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-

Page.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no

file)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-

C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-

Page.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-

FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client

Foundation\CFD.exe

O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32

\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6

"USB001" /M "Stylus C46"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet

Security\osCheck.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3

\MsgPlus.exe"

O4 - HKLM\..\Run: [delcab] C:\drivers\deltreew.exe C:\cabs

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe

/EnsureFileVersions

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background

O4 - Global Startup: Google Updater.lnk = C:\Program

Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton

GoBack\GBTray.exe

O8 - Extra context menu item: Download all by Free Download Manager -

file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download all links using BitComet -

res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download by Free Download Manager -

file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download link using &BitComet -

res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Download selected by Free Download

Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site by Free Download

Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-

4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

(no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)

-

http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -

http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} -

http://www.zuvio.com/opnste/UCSearch.CAB

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcafee.com/molbin/iss-

loc/mcfscan/2,1,0,4682/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{72217243-C00E-45E9-99BF-

DF9C1022940C}: NameServer = 194.168.4.100,194.168.8.100

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online,

Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Advanced System

Products, Inc. - (no file)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

(file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

(file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -

Unknown owner - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation -

C:\Program Files\Norton GoBack\GBPoll.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1

\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. -

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research

Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: SmartLinkService (SLService) - Unknown owner - \??

\C:\WINDOWS\system32\slserv.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot

Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\AppCore\AppSvc32.exe

therock247uk · November 11, 2006

Can you post another log with out workdwrap on in notepad (makes all them spaces and makes it hard to read)

colin · November 12, 2006

hijackthis1111.txt

Can you post another log with out workdwrap on in notepad (makes all them spaces and makes it hard to read)

therock247uk · November 12, 2006

Can you post it as a reply and not as a attachement?

colin · November 12, 2006

Can you post it as a reply and not as a attachement?

thanks here it is

Logfile of HijackThis v1.99.1

Scan saved at 11:38:08, on 12/11/2006