[SSergey]

Hello, I believe, that you will help me! I have read some posts from this forum and there were similar situations, but the solutions of this problems didn't help me. I installed a special anti adware programm yesterday, but it installed spyware and adware by itself, instead of removing it. Now, i have about 20 shortcuts on my desktop, random homepage (but always it begins with http://www.newgenlook.info..... ) and popups. It annoys me very much Also I have red icon with white cross near the clock. I installed Microworld Antivirus and it showed me, that I have adware in C:\WINDOWS\System32\guninst.exe . After that, I installed Killbox and deleted this file (But the line 'Unregister DLL before deleting' was grey, so I could choose ony "Delete after rebooting"). I rebooted PC but the adware was still working. I scaned with the Anti virus for the second time, but it showed me that I don't have any viruses!!! What shell I do? (I also tried Lavasoft and other programs - nothing )

ps. Maybe it will help

Logfile of HijackThis v1.99.1
Scan saved at 12:00:18, on 04/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~2.EXE
D:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe
D:\Documents and Settings\Sergej\Local Settings\Temp\Temporary Directory 1 for frxpro11[1].zip\FreeRAM XP Pro 1.1.exe
D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~2.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Sensiva\Sensiva.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~2.EXE
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Lingvo.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Sergej\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0237/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - D:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - D:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O3 - Toolbar: PROMT - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LingvoTraining] "D:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Tutor.exe" /ND /NW /AS
O4 - HKLM\..\Run: [Lingvo Launcher] "D:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [KAVPersonal50] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [FreeRAM XP] "D:\Documents and Settings\Sergej\Local Settings\Temp\Temporary Directory 1 for frxpro11[1].zip\FreeRAM XP Pro 1.1.exe" -win
O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~2.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [Sensiva] "D:\Program Files\Sensiva\Sensiva.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: MSN Messenger 7.0.lnk = ?
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: AltaVista Search - file://D:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate - file://D:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextTranslation.htm
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate with Lingvo - res://D:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Lingvo.exe/3000
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Lasaaannc - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Kannsieza lasaaiaa - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (AltaVista Toolbar) - http://toolbar.altav...ab?r=1114004817
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1114006237078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75AD8AE1-FEF8-4461-ADBB-1E96A42FF6E1}: NameServer = 217.199.126.2,159.148.60.20
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Labs - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

I tried to remove some files using Killbox, but instead of rebooting it wrote "PendingFileRenameOperations Registry Data has been removed by External Process!"

Edited by SSergey, 28 April 2005 - 06:33 AM.

[Advertisements]

Somebody, please, help me. I can't normally work

Edited by SSergey, 28 April 2005 - 08:46 AM.

[SSergey]

Somebody, please, help me. I can't normally work

Edited by SSergey, 28 April 2005 - 08:46 AM.