SP1& 2.
Would appreciate help to remove, logfile follows
Thanks in anticipation.
Logfile of HijackThis v1.99.1
Scan saved at 15:23:09, on 27/09/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinFixer2005\uwfx5.exe
C:\DOCUME~1\RoryB\LOCALS~1\Temp\NI.UWFX5\setup.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\RoryB\Desktop\HiJack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com/adw.html?s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com/adw.html?s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://neword.com/adw.html?s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://neword.com/adw.html?s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://neword.com/adw.html?s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://neword.com/adw.html?s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://neword.com/adw.html?m
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://neword.com/adw.html?s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://neword.com/adw.html?s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://neword.com/adw.html?s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://neword.com/adw.html?s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5NetInstaller.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [IJTCw] C:\WINDOWS\nwinm.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-RO4SM.exe /REG
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WinFixer2005] C:\Program Files\WinFixer2005\uwfx5.exe /scan
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: LG Sync Manager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Adult - http://listdating.com/se/se10.htm
O8 - Extra context menu item: Business - http://listdating.com/se/se5.htm
O8 - Extra context menu item: Car Insurance - http://listdating.com/se/se3.htm
O8 - Extra context menu item: Escorts - http://listdating.com/se/se9.htm
O8 - Extra context menu item: Finance - http://listdating.com/se/se6.htm
O8 - Extra context menu item: Games - http://listdating.com/se/se12.htm
O8 - Extra context menu item: Health Insurance - http://listdating.com/se/se4.htm
O8 - Extra context menu item: Loans - http://listdating.com/se/se7.htm
O8 - Extra context menu item: Online Casino - http://listdating.com/se/se2.htm
O8 - Extra context menu item: [bleep] - http://listdating.com/se/se11.htm
O8 - Extra context menu item: Sport Betting - http://listdating.com/se/se1.htm
O8 - Extra context menu item: Viagra - http://listdating.com/se/se8.htm
O8 - Extra context menu item: >> DATING >> - http://listdating.com/dt.htm
O8 - Extra context menu item: >> SEARCH >> - http://listdating.com/se.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O13 - DefaultPrefix: http://neword.com/adw.html?url=
O13 - WWW Prefix: http://neword.com/adw.html?url=
O15 - Trusted Zone: http://www.ntlworld.com
O16 - DPF: Win32 Classes -
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/d.../int_ver32b.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://F:\system\intralaunch.CAB
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.righ...l/java/RntX.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe