thanks for the information coachwife6
i ran ad-adware and this is the log file
ArchiveData(auto-quarantine- 2005-04-16 03-04-56.bckp)
Referencefile : SE1R39 15.04.2005
======================================================
ALEXA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
obj[1]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuText"
obj[2]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuStatusBar"
obj[3]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script"
obj[4]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid"
obj[5]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon"
obj[6]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon"
obj[7]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "ButtonText"
obj[18]=RegValue : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
obj[19]=RegValue : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
obj[20]=RegValue : S-1-5-21-1757981266-1202660629-839522115-1003\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
SECURITY IGUARD
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[8]=Regkey : software\rex-services
obj[9]=RegValue : software\rex-services "MGuid"
obj[34]=Folder : C:\Documents and Settings\sara\Application Data\Rex-Services
WHENU
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[10]=Regkey : software\microsoft\windows\currentversion\uninstall\whenusavemsg
obj[11]=RegValue : software\microsoft\windows\currentversion\uninstall\whenusavemsg "DisplayName"
obj[12]=RegValue : software\microsoft\windows\currentversion\uninstall\whenusavemsg "DisplayIcon"
obj[13]=RegValue : software\microsoft\windows\currentversion\uninstall\whenusavemsg "DisplayVersion"
obj[14]=RegValue : software\microsoft\windows\currentversion\uninstall\whenusavemsg "HelpLink"
obj[15]=RegValue : software\microsoft\windows\currentversion\uninstall\whenusavemsg "UrlInfoAbout"
obj[16]=RegValue : software\microsoft\windows\currentversion\uninstall\whenusavemsg "Publisher"
obj[17]=RegValue : software\microsoft\windows\currentversion\uninstall\whenusavemsg "UninstallString"
obj[35]=File : C:\System Volume Information\_restore{40204DF4-7DB7-42CB-B0EF-F9D43788986D}\RP27\A0007580.exe
obj[36]=File : C:\System Volume Information\_restore{40204DF4-7DB7-42CB-B0EF-F9D43788986D}\RP27\A0007581.exe
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[21]=IECache Entry : Cookie:
[email protected]/
obj[22]=IECache Entry : Cookie:
[email protected]/
obj[23]=IECache Entry : Cookie:
[email protected]/
obj[24]=IECache Entry : Cookie:
[email protected]/cgi-bin
obj[25]=IECache Entry : Cookie:
[email protected]/
obj[26]=IECache Entry : Cookie:
[email protected]/
obj[27]=IECache Entry : Cookie:
[email protected]/
obj[28]=IECache Entry : Cookie:
[email protected]/
obj[29]=IECache Entry : Cookie:
[email protected]/
obj[30]=IECache Entry : Cookie:
[email protected]/
obj[31]=IECache Entry : Cookie:
[email protected]/
obj[32]=IECache Entry : Cookie:
[email protected]/
obj[33]=IECache Entry : Cookie:
[email protected]/
i then ran cw sgredder and found nothing
spybot search and destroy found and destroyed 8
i tried to install trend house but i couldnt install it because i didnt have the registration key
i then ran panda active scan it found and deleted 4 trojan virsuses plus adware
i then tried to run tds-3 but it wouldnt allow me to and i have updated microsoft windows
i have just run hijack this and here is the log file
Logfile of HijackThis v1.98.2
Scan saved at 16:31:30, on 16/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PREVX\Prevx Home\SAGUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\wp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sara\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.tiscali.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.tiscali.co.uk
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\PREVX\Prevx Home\SAGUI.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {34EAA8C2-5C75-41FA-87DC-1F7E72D3F366} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {34EAA8C2-5C75-41FA-87DC-1F7E72D3F366} - (no file) (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1113621545466O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{12F3AE81-70C3-4D0A-A3C4-53DB841757D0}: NameServer = 80.225.250.178 80.225.250.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{12F3AE81-70C3-4D0A-A3C4-53DB841757D0}: NameServer = 80.225.250.178 80.225.250.186