here's my Log
Logfile of HijackThis v1.99.1
Scan saved at 5:42:32 PM, on 30/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\intell32.exe
C:\WINDOWS\System32\sysbho.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Bill Keays\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=0
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\dnscleaner.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [System Redirect] C:\WINDOWS\System32\sysbho.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: winlogin.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {122F128E-B38F-4FA8-A086-D2D7454FC265} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {122F128E-B38F-4FA8-A086-D2D7454FC265} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {20D5320E-40FF-4FC0-B899-2EA9B72B91B4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {20D5320E-40FF-4FC0-B899-2EA9B72B91B4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {68FA533C-264F-4D3A-A78F-C48460CEDE22} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {68FA533C-264F-4D3A-A78F-C48460CEDE22} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B5C44029-71B7-42EB-9AF9-BD76C85B1D04} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B5C44029-71B7-42EB-9AF9-BD76C85B1D04} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E7373870-7F89-4188-A0F5-FD02E9A17943} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E7373870-7F89-4188-A0F5-FD02E9A17943} - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {07104A73-E8AD-62F7-B660-2B29310E2591} - http://69.50.182.94/1/gdnCA1862.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {18D2D022-6C9C-3084-3EF8-76470F71015A} - http://69.50.182.94/1/gdnCA1862.exe
O16 - DPF: {1B747A58-F505-2261-1502-220E37CD1A34} - http://69.50.182.94/1/gdnCA1862.exe
O16 - DPF: {1EE58DDB-EC4D-3547-45A5-474533AC0EE0} - http://69.50.173.166/1/gdnCA1862.exe
O16 - DPF: {30862FB6-03C9-1DB2-F04E-13DC38637CF9} - http://69.50.173.166/1/gdnCA1862.exe
O16 - DPF: {38E46945-089C-4E83-3D65-79A93BA635B0} - http://69.50.182.94/1/gdnCA1862.exe
O16 - DPF: {397B79FE-9667-247F-CE56-594A31F792BB} - http://69.50.182.94/1/gdnCA1862.exe
O16 - DPF: {40D6D014-00EE-11D7-A0B5-13ED7E2EB6EA} - http://69.50.182.94/1/gdnCA1862.exe
O16 - DPF: {447D6DF2-3A62-3A2A-48F2-0B1240709B4D} - http://69.50.182.94/1/gdnCA1862.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {62DBAA96-8836-53ED-4F44-34A736EF6B5C} - http://69.50.173.166/1/gdnCA1862.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099962113076
O16 - DPF: {6EFA02F3-1FF7-284D-2324-45AA5F5825A4} - http://69.50.173.166/1/gdnCA1862.exe
O16 - DPF: {74C1D96A-1175-7E6F-F895-609E048568FC} - http://69.50.182.94/1/gdnCA1862.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O20 - AppInit_DLLs: 6k4lrjeye285toll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
I have Norton 2004 with all the updates..
I have spybot
Ad-aware will not work for some reason it rebots my PC everytime I use it.
any help would be great!
Thanks