13 replies to this topic

[kijaz]

Hi,

My computer got infected with the Home Search Assistant (HSA) last night. I cannot set my home page anymore. In the Windows Control Panel, there is an entry for Home Search Assistant and Shopping Wizard. When I try to remove these, I am taken to the HSA website and asked to download a removal tool (haven't tried that !).

Here is a copy of my HJ This log. Will really appreciate anyone's help. Thanks very much indeed.

Logfile of HijackThis v1.99.1
Scan saved at 20:03:48, on 11-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\popcorn72.exe
C:\WINDOWS\netyu32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AOL COMPANION\COMPANION.EXE
C:\WINDOWS\addcy.exe
C:\Documents and Settings\sbsm4067\My Documents\Personal\Software\HJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vnmxv.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vnmxv.dll/sp.html#77035
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vnmxv.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vnmxv.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vnmxv.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vnmxv.dll/sp.html#77035
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vnmxv.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://extranet.temp.ox.ac.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0DE45402-8A45-18F3-F6BE-090916EB6476} - C:\WINDOWS\ntys.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D7E47E65-05F6-4951-8067-BB881BEB58F9} - C:\WINDOWS\system32\peim.dll (file missing)
O2 - BHO: Class - {DF668E96-27EB-767C-CDC7-40ADB11675F2} - C:\WINDOWS\system32\iekj.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run24.exe dummy
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [netyu32.exe] C:\WINDOWS\netyu32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "smartfinder" "2"
O4 - HKLM\..\RunOnce: [addcy.exe] C:\WINDOWS\addcy.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = sbs.ox.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7983E2-E68E-4F15-A3B6-303AAE218723}: NameServer = 129.67.34.1,129.67.34.2,129.67.1.1,129.67.1.180,163.1.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[therock247uk]

Download about:buster by RubbeRDuckY Here.

Update About:Buster

• Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  
• Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  
• Click "OK" at the prompt with instructions.
  
• Click "Update" and then "Check For Update" to begin the update process.
  
• If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  
• Now close About:Buster

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Please run about:buster by RubbeRDuckY:

• Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  
• Click Yes to allow it to shutdown explorer.exe.
  
• It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  
• When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  
• Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end

Post the about:buster log and a New Hijackthis log ehre in a reply.

[kijaz]

Thanks very much for the quick response.

This is the first About:Buster logfile (after my first safe-mode log-in).

AboutBuster 5.1, reference file 33
Scan started on [12-12-2005] at [12:21:51]
------------------------------------------------
No Ads Found!
------------------------------------------------
Removed File! : C:\WINDOWS\ojlic.dat
Removed File! : C:\WINDOWS\system32\xlyep.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 12:22:41


This is the second About:Buster logfile (after my second safe mode log-in).

AboutBuster 5.1, reference file 33
Scan started on [12-12-2005] at [12:39:06]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 12:39:54


This is the HJT logfile (after my second log-in in the safe mode).

Logfile of HijackThis v1.99.1
Scan saved at 12:41:23, on 12-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sbsm4067\My Documents\Personal\Software\HJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\azceh.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\azceh.dll/sp.html#77035
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\azceh.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\azceh.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\azceh.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\azceh.dll/sp.html#77035
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\azceh.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://extranet.temp.ox.ac.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0DE45402-8A45-18F3-F6BE-090916EB6476} - C:\WINDOWS\ntys.dll
O2 - BHO: Class - {148391F7-6EB4-9B26-AECE-A8DF75B9B341} - C:\WINDOWS\system32\ipyo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {ADEAA3B6-9276-09CD-04E3-6EF1F7854839} - C:\WINDOWS\system32\msji32.dll
O2 - BHO: Class - {CAEBD80E-211A-EE88-458E-BFA21C72DCAF} - C:\WINDOWS\system32\sdkba.dll
O2 - BHO: (no name) - {D7E47E65-05F6-4951-8067-BB881BEB58F9} - C:\WINDOWS\system32\peim.dll (file missing)
O2 - BHO: Class - {DF668E96-27EB-767C-CDC7-40ADB11675F2} - C:\WINDOWS\system32\iekj.dll
O2 - BHO: Class - {EA94B086-CDBC-1A5F-231F-FB067C388DF8} - C:\WINDOWS\system32\ipdw32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run24.exe dummy
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [netyu32.exe] C:\WINDOWS\netyu32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "smartfinder" "2"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = sbs.ox.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7983E2-E68E-4F15-A3B6-303AAE218723}: NameServer = 129.67.34.1,129.67.34.2,129.67.1.1,129.67.1.180,163.1.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thanks once again. Really appreciate your hlep.

Cheers.

[therock247uk]

Please download ewido security suite it is a trial version of the program.

• Install ewido security suite
  
• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  
• Launch ewido, there should be an icon on your desktop double-click it.
  
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
  
• Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Open Ewido again

• Click on scanner
  
• Click on Complete System Scan and the scan will begin.
  
• While the scan is in progress you will be prompted to clean files, click OK
  
• When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  
• Click Save report.
  
• Save the report .txt file to your desktop.

Now close ewido security suite.

Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.

[kijaz]

This is the eWido report (produced in safe mode).

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 15:07:32, 12-12-2005
+ Report-Checksum: 9057B6F0

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D7E7CCE3-E897-0FF8-81D6-3F27EA1CA24E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-796845957-507921405-1202660629-2286\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-796845957-507921405-1202660629-2286\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-796845957-507921405-1202660629-2286\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-796845957-507921405-1202660629-2286\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-796845957-507921405-1202660629-2286\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E7CCE3-E897-0FF8-81D6-3F27EA1CA24E} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-796845957-507921405-1202660629-2286\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-796845957-507921405-1202660629-2286\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Documents and Settings\Administrator.SBSM4067\Cookies\administrator@122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator.SBSM4067\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator.SBSM4067\Cookies\administrator@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\sbsm4067\Cookies\sbsm4067@122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\sbsm4067\Cookies\sbsm4067@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\sbsm4067\Cookies\sbsm4067@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\sbsm4067\Cookies\sbsm4067@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\sbsm4067\Cookies\sbsm4067@microsoftuk.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\sbsm4067\Cookies\sbsm4067@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@counter14.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@counter7.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@ehg-cricinfo.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@ehg-idg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@ehg-samsungusa.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@microsoftuk.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@paycounter[2].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\Cookies\sbsm4067@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\dk.dial -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\jcnd.exe -> Downloader.Small.bwr : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\lccm.exe -> Downloader.Small.bwr : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\nhan.exe -> Downloader.Small.bwr : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temp\phmp.exe -> Downloader.Small.bwr : Cleaned with backup
C:\Documents and Settings\sbsm4067\Local Settings\Temporary Internet Files\Content.IE5\KA0WV3O1\ccaccess[1].cab/ccaccess.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\addcy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddo.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addwj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apphh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appxl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\azceh.dll -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\d3ho.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3zc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\fbomk.dll -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\gdejw.dll -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\haasd.dll -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\ipmb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB893086.log:ljslf -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\KB896423.log:wkdwb -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\kuilk.dll -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\mscn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netnw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netyu32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntys.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\rzors.dll -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\SBSM4067_KB899588pass.txt:casia -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\sdkbc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addfq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlwp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\dial32.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\system32\dpzlp.dll -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\gmmcr.dll -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\iekj.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\system32\ipdw32.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\system32\ipew32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipyo.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\system32\msji32.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\system32\ntpm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\popcorn72.exe -> Downloader.Small.bgv : Cleaned with backup
C:\WINDOWS\system32\sdkat32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\spoolsrv32.exe -> Spyware.FindSpy : Cleaned with backup
C:\WINDOWS\system32\srpcsrv32.dll -> Downloader.Adload.g : Cleaned with backup
C:\WINDOWS\system32\upd796.exe -> Downloader.Small.bgv : Cleaned with backup
C:\WINDOWS\system32\upd819.exe -> Dropper.Agent.ii : Cleaned with backup
C:\WINDOWS\system32\upd970.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOWS\system32\winctrl64.exe -> Downloader.Small.awa : Cleaned with backup
C:\WINDOWS\sysxl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysyj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysyl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:auuxy -> Downloader.Agent.td : Cleaned with backup


::Report End

This is the HJT log (produced in safe mode after eWido scan).

Logfile of HijackThis v1.99.1
Scan saved at 15:13:20, on 12-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sbsm4067\My Documents\Personal\Software\HJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\azceh.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\azceh.dll/sp.html#77035
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\azceh.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\azceh.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\azceh.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\azceh.dll/sp.html#77035
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\azceh.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://extranet.temp.ox.ac.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {ADEAA3B6-9276-09CD-04E3-6EF1F7854839} - C:\WINDOWS\system32\msji32.dll (file missing)
O2 - BHO: Class - {CAEBD80E-211A-EE88-458E-BFA21C72DCAF} - C:\WINDOWS\system32\sdkba.dll
O2 - BHO: (no name) - {D7E47E65-05F6-4951-8067-BB881BEB58F9} - C:\WINDOWS\system32\peim.dll (file missing)
O2 - BHO: Class - {DF668E96-27EB-767C-CDC7-40ADB11675F2} - C:\WINDOWS\system32\iekj.dll (file missing)
O2 - BHO: Class - {EA94B086-CDBC-1A5F-231F-FB067C388DF8} - C:\WINDOWS\system32\ipdw32.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run24.exe dummy
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "smartfinder" "2"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = sbs.ox.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7983E2-E68E-4F15-A3B6-303AAE218723}: NameServer = 129.67.34.1,129.67.34.2,129.67.1.1,129.67.1.180,163.1.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addcy.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

I wasn't sure if you wanted the HJT log in safe mode or normal mode. So, I am also providing the HJT log (produced in normal mode after eWido scan) just in case if it is required.

Logfile of HijackThis v1.99.1
Scan saved at 15:19:08, on 12-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\run24.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\ntzw32.exe
C:\WINDOWS\d3nh.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sbsm4067\My Documents\Personal\Software\HJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://extranet.temp.ox.ac.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {ADEAA3B6-9276-09CD-04E3-6EF1F7854839} - C:\WINDOWS\system32\msji32.dll (file missing)
O2 - BHO: Class - {CAEBD80E-211A-EE88-458E-BFA21C72DCAF} - C:\WINDOWS\system32\sdkba.dll
O2 - BHO: (no name) - {D7E47E65-05F6-4951-8067-BB881BEB58F9} - C:\WINDOWS\system32\peim.dll (file missing)
O2 - BHO: Class - {DF668E96-27EB-767C-CDC7-40ADB11675F2} - C:\WINDOWS\system32\iekj.dll (file missing)
O2 - BHO: Class - {EA94B086-CDBC-1A5F-231F-FB067C388DF8} - C:\WINDOWS\system32\ipdw32.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run24.exe dummy
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [d3nh.exe] C:\WINDOWS\d3nh.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "smartfinder" "2"
O4 - HKLM\..\RunOnce: [ntzw32.exe] C:\WINDOWS\system32\ntzw32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = sbs.ox.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7983E2-E68E-4F15-A3B6-303AAE218723}: NameServer = 129.67.34.1,129.67.34.2,129.67.1.1,129.67.1.180,163.1.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addcy.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thanks for your time.

Cheers.

[therock247uk]

1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=34

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {ADEAA3B6-9276-09CD-04E3-6EF1F7854839} - C:\WINDOWS\system32\msji32.dll (file missing)
O2 - BHO: Class - {CAEBD80E-211A-EE88-458E-BFA21C72DCAF} - C:\WINDOWS\system32\sdkba.dll
O2 - BHO: (no name) - {D7E47E65-05F6-4951-8067-BB881BEB58F9} - C:\WINDOWS\system32\peim.dll (file missing)
O2 - BHO: Class - {DF668E96-27EB-767C-CDC7-40ADB11675F2} - C:\WINDOWS\system32\iekj.dll (file missing)
O2 - BHO: Class - {EA94B086-CDBC-1A5F-231F-FB067C388DF8} - C:\WINDOWS\system32\ipdw32.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [alij] C:\WINDOWS\system32\run24.exe dummy
O4 - HKLM\..\Run: [d3nh.exe] C:\WINDOWS\d3nh.exe
O4 - HKLM\..\RunOnce: [ntzw32.exe] C:\WINDOWS\system32\ntzw32.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addcy.exe (file missing)

4. Delete the files. (if present)

C:\WINDOWS\system32\hssbw.dll
C:\WINDOWS\system32\sdkba.dll
C:\WINDOWS\system32\run24.exe
C:\WINDOWS\d3nh.exe
C:\WINDOWS\system32\ntzw32.exe
C:\WINDOWS\addcy.exe

5. Reboot and post a new Hijackthis log here in a reply.

[kijaz]

Here is the HJT log after fixing the recommended files with HJT in safe-mode.

Logfile of HijackThis v1.99.1
Scan saved at 17:59:48, on 12-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sbsm4067\My Documents\Personal\Software\HJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://extranet.temp.ox.ac.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "smartfinder" "2"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = sbs.ox.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7983E2-E68E-4F15-A3B6-303AAE218723}: NameServer = 129.67.34.1,129.67.34.2,129.67.1.1,129.67.1.180,163.1.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addcy.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



Cheers.

[therock247uk]

1. Go to Start > Settings > Control Panel > Add/Remove and uninstall the following.

SpyFighter as its rouge look here http://www.spywarewarrior.com/rogue_anti-spyware.htm

2. Download http://osc.geekstogo.com/cwsserviceremove.reg run it it will ask to merge into the registery say yes.

3. Download CWShredder here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

4. Then post a new Hijackthis log here in a reply.

[kijaz]

1. Had already uninstalled SpyFighter. Have now manually removed the directory from C:.

2. Ran the CWS Shredder. It did not find anything.

3. The HJT log (after completing the above two activities in normal mode and without rebooting the system) is below.

Logfile of HijackThis v1.99.1
Scan saved at 20:59:20, on 12-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\sbsm4067\My Documents\Personal\Software\HJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edition.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://extranet.temp.ox.ac.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "smartfinder" "2"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = sbs.ox.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7983E2-E68E-4F15-A3B6-303AAE218723}: NameServer = 129.67.34.1,129.67.34.2,129.67.1.1,129.67.1.180,163.1.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thanks.

[therock247uk]

1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent

2. Then post a new Hijackthis log here in a reply.

[kijaz]

Here is the HJT log (produced in safe mode after fixing the spyfighter entries).

Logfile of HijackThis v1.99.1
Scan saved at 10:47:18, on 13-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sbsm4067\My Documents\Personal\Software\HJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edition.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://extranet.temp.ox.ac.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "smartfinder" "2"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = sbs.ox.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7983E2-E68E-4F15-A3B6-303AAE218723}: NameServer = 129.67.34.1,129.67.34.2,129.67.1.1,129.67.1.180,163.1.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbs.ox.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ox.ac.uk,ac.uk,uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thanks.

[therock247uk]

Your log is clean

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  
• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  
• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  
• How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

[kijaz]

Wow, that's a relief !

Thanks very much indeed for your help and taking time out to guide me. Really appreciate the effort.

Thanks once again.

Cheers.

[RubbeR DuckY]

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.