Yeh i had it checked, second choice down on the left. This thing is a right persisand little so and so. Heres the logs whilst i try that.
Incident Status Location
Adware:Adware/FIsearch No disinfected C:\WINDOWS\isrvs\msdbhk.dll
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\desktop.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\sysupd.dll
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\mfiltis.dll
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\desktop.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\FFISEA~1.EXE
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Gator No disinfected C:\WINDOWS\gator*.log
Spyware:Spyware/ISTbar No disinfected Windows Registry
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\CERES.DLL
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\ritsacnk.dat
Adware:Adware/CWS No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/BlazeFind No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/WUpd No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\inst
Adware:Adware/Dloader No disinfected C:\WINDOWS\system32\intronsad.exe
Virus:W32/Gaobot.CES.worm Disinfected C:\Documents and Settings\All Users\Documents\sysfirewall.exe
Virus:Bck/Agent.E Disinfected Personal Folders\Outbox\Drag 'junkxxx.zip' to Submit here!\junkxxx.zip[d3daj.333]
Possible Virus. No disinfected C:\Program Files\GameSpy Arcade\fpupdate.exe
Possible Virus. No disinfected C:\Program Files\Polyphonic Wizard\BACKUP\cwpolywz.exe
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Affordable home ownership application form - Moat Housing Group.htm
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Chose_Not_To_Connect.htm
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Coupe Meet 04.09.04.html
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Coupe Meet 04.09.04.zip[Coupe Meet 04.09.04.exe]
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Pfizer Viagra Receipt.htm
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\registration-cancel.htm
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Travelodge - book rooms at Leatherhead.htm
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\trial-cannot-connect.htm
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\VideoContents.big5.html
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\VideoContents.en.html
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\VideoContents.fr.html
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\VideoContents.gb.html
Virus:W32/Torvil.B.worm Disinfected C:\WINDOWS\.{21EC2020-3AEA-1069-A2DD-08002B30309D}\VideoContents.ja.html
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\ceres.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/ISearch No disinfected C:\WINDOWS\deskbar.ini
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/Gator No disinfected C:\WINDOWS\GatorHDPlugin.log-old.log
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\desktop.exe
Adware:Adware/FIsearch No disinfected C:\WINDOWS\isrvs\edmond.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\ffisearch.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\mfiltis.dll
Adware:Adware/FIsearch No disinfected C:\WINDOWS\isrvs\msdbhk.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\sysupd.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\a95kfrhe.ini
Adware:Adware/SaveNow No disinfected C:\WINDOWS\system32\ap2nqrd4.dat
Adware:Adware/SaveNow No disinfected C:\WINDOWS\system32\baur5s9q.dat
Virus:Trj/Delprot.A Disinfected C:\WINDOWS\system32\drivers\delprot.sys
Virus:Trj/Downloader.BVA Disinfected C:\WINDOWS\system32\intronsad.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\ritsacnk.dat
Virus:W32/Gaobot.CES.worm Disinfected C:\WINDOWS\system32\spool\PRINTERS\00003.SPL
Virus:W32/Gaobot.CES.worm Disinfected C:\WINDOWS\system32\spool\PRINTERS\00005.SPL
Virus:W32/Gaobot.CES.worm Disinfected C:\WINDOWS\system32\spool\PRINTERS\00007.SPL
Virus:W32/Gaobot.CES.worm Disinfected C:\WINDOWS\system32\spool\PRINTERS\00009.SPL
Virus:W32/Gaobot.CES.worm Disinfected C:\WINDOWS\system32\spool\PRINTERS\00011.SPL
Virus:W32/Gaobot.CES.worm Disinfected C:\WINDOWS\system32\spool\PRINTERS\00013.SPL
Virus:W32/Gaobot.CES.worm Disinfected C:\WINDOWS\system32\spool\PRINTERS\00015.SPL
Virus:W32/Gaobot.CES.worm Disinfected C:\WINDOWS\system32\spool\PRINTERS\00017.SPL
Logfile of HijackThis v1.99.1
Scan saved at 21:10:50, on 05/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\MMTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jon\My Documents\adaware kilers\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-gb\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Jon\Desktop\l2mfix\second.bat
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
http://us.chat1.yimg...v45/yacscom.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by101fd.bay10...es/MsnPUpld.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{5761EB83-7A23-47A8-97AB-8833159589E6}: NameServer = 62.55.109.21 62.55.109.22
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe