All three logs below. Thanks in advance
HIJACK THIS LOG -------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 14:31:05, on 20/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Chris & Family\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay11...es/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
ACTIVESCAN LOG ------------------------------------------------------------------------------------------------------
Incident Status Location
Spyware:spyware/new.net Not disinfected c:\program files\NewDotNet
Adware:adware/savenow Not disinfected c:\program files\VVSN
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@adultfriendfinder[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@doubleclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@toplist[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@tucows[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][1].txt
Spyware:Cookie/Cgi-bin
AVG SCAN LOG -----------------------------------------------------------------------------------------------------
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:12:54 20/11/2006
+ Scan result:
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\simpchristss.exe\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1 -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CurVer -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1844237615-1957994488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1844237615-1957994488-725345543-1003\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
[504] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rkinstaller.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A4DDE88A-4C67-4D7A-A3D3-7AC12B9A0CE4}\RP58\A0008439.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\VVSN\VVSN.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\simpchristss.exe\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris & Family\Local Settings\Temporary Internet Files\Content.IE5\RW7Z1OGP\uninstaller.prod.v1002.23mar2006.exe[1].0c49b348ce1d3b98bec782d48a948dc2 -> Adware.SurfAcc : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris & Family\Local Settings\Temporary Internet Files\Content.IE5\12Y4WODT\SAccRecover.prod.v1004.23mar2006.exe[1].95161221e0c2a78cf3fc155d2d2af755 -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris & Family\Local Settings\Temporary Internet Files\Content.IE5\RW7Z1OGP\SAcc.prod.v1178.08mai2006.exe[1].abdceaef98a68e6ce52971c4d3b1fd71 -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris & Family\Local Settings\Temporary Internet Files\Content.IE5\RW7Z1OGP\ysb_regular[1].cab/ysbactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris & Family\Local Settings\Temporary Internet Files\Content.IE5\12Y4WODT\ysb_downloads_manager[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris & Family\Local Settings\Temporary Internet Files\Content.IE5\12Y4WODT\ysb[1].dll -> Downloader.IstBar.pb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A4DDE88A-4C67-4D7A-A3D3-7AC12B9A0CE4}\RP57\A0008333.dll -> Downloader.IstBar.pb : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris & Family\Local Settings\Temp\iinstall.exe -> Downloader.IstBar.pe : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris & Family\Local Settings\Temporary Internet Files\Content.IE5\12Y4WODT\istdownload[1].exe -> Downloader.IstBar.pe : Cleaned with backup (quarantined).
C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Chris & Family\Cookies\chris_&_family@ysbweb[1].txt -> TrackingCookie.Ysbweb : Cleaned.
::Report end