[ERDomi]

Hi. Ive got a problem where this SpySheriff pop up keeps popping up and running like a scan saying my computer is infected with spyware. Its changed my desktop background and i cant change it back. it's saying
"YOUR SYSTEM IS INFECTED!
System has been stopped due to serious malfunction.
Spyware activity has been detected.
It is recommended to use spyware removal tool to prevent data loss.
Do not use the computer before all spyware removed."

i dont know what to do to get rid of it. I dont even know what a Hijack log is, so i need some real help!!

Can anyone help me!!!

Thanks

[Advertisements]

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Reply in this thread and I will be along to tell you what steps to take after you post the contents of the scan results.

Edited by loophole, 09 October 2005 - 01:26 AM.

[loophole]

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Reply in this thread and I will be along to tell you what steps to take after you post the contents of the scan results.

Edited by loophole, 09 October 2005 - 01:26 AM.

[ERDomi]

Thanks. Here is my HijackThis Logfile.

Logfile of HijackThis v1.99.1
Scan saved at 17:00:05, on 14/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SurfControl\CyberPatrol\cphq.exe
C:\Program Files\Icons\Seticon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpserver.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\winstall.exe
C:\winstall.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpACtrl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpCCtrl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Comet Stockport\My Documents\New Folder\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\inf\webpc.dll (file missing)
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CyberPatrolNew] C:\Program Files\SurfControl\CyberPatrol\cphq.exe /m
O4 - HKLM\..\Run: [Seticon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\symcsvc.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Comet Stockport\Local Settings\Temp\{C9C63CAD-0DF7-4642-A942-15A0CABED7A7}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxuk101AZGB
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129292599031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinn...d/uninstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05464608-7EB5-4807-87A0-4140C5AF48B8}: NameServer = 80.225.252.178 80.225.252.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{05464608-7EB5-4807-87A0-4140C5AF48B8}: NameServer = 80.225.252.178 80.225.252.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: webpc - C:\WINDOWS\inf\webpc.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

[loophole]

Hello and welcome to Geeks to Go

I see you have been infected by malware. Lets get you fixed up.
Please follow the directions as closely as you can . Lets begin

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.



Next, please reboot your computer in SafeMode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items, then click FIX CHECKED:
===================================================

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\inf\webpc.dll (file missing)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\system32\symcsvc.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxuk101AZGB
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab

===================================================

Close HiJackThis.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Accoona



Please note any other programs that you dont recognize in that list in your next response

Please delete these folders using Windows Explorer(if present):

C:\Program Files\Accoona

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\system32\symcsvc.exe


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Run Ewido:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• NOTE: During some scans with ewido it is finding cases of false positives.
• You will need to step through the process of cleaning files one-by-one.
• If ewido detects a file you KNOW to be legitimate, select none as the action.
• DO NOT select "Perform action on all infections"
• If you are unsure of any entry found select none for now.
• When the scan is finished, click the Save report button at the bottom of the screen.
• Save the report to your desktop

Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan.
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.

[ERDomi]

Hi, i think Ive done everyting you said properly.

Here are the logs you asked me to post.
This is the Panda ActiveScan log:

Incident Status Location

Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM32\vxgamet2.exe
Adware:adware/fastvideoplayer No disinfected C:\WINDOWS\INF\fvp.inf
Adware:adware/gator No disinfected C:\WINDOWS\GatorPdpLoudInstaller.log
Dialer:dialer.su No disinfected C:\WINDOWS\run.cxq
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/comet No disinfected C:\PROGRAM FILES\Starware
Adware:adware/ilookup No disinfected C:\WINDOWS\iLookup
Adware:adware/spysheriff No disinfected Windows Registry
Virus:Trj/Classloader.I Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-559a184a.zip[b.class]
Virus:Exploit/BytVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-559a184a.zip[c.class]
Virus:Exploit/BytVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-559a184a.zip[a.class]
Virus:Trj/Downloader.DIS Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-559a184a.zip[d.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-f336957-2aaf41ca.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-f336957-2aaf41ca.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-f336957-2aaf41ca.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-f336957-2aaf41ca.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-36e34e2f-2f682dc1.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-36e34e2f-2f682dc1.zip[Xeyond.class]
Virus:Trj/Downloader.APT Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-36e34e2f-2f682dc1.zip[web.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-207f0ae5.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-207f0ae5.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-207f0ae5.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-207f0ae5.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-207f0ae5.zip[Xeyond.class]
Virus:Trj/Clicker.AH Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-207f0ae5.zip[web.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-75a0eccc.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-75a0eccc.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-75a0eccc.zip[VerifierBug.class]
Virus:Trj/LowZones.JF Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-75a0eccc.zip[web.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-75a0eccc.zip[Worker.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Saint Stuart\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-2a251b3-75a0eccc.zip[Xeyond.class]
Dialer:Dialer.DIM No disinfected C:\Documents and Settings\Saint Stuart\Local Settings\Temp\delwbi.tmp
Dialer:Dialer.BEW No disinfected C:\Documents and Settings\Saint Stuart\Local Settings\Temporary Internet Files\Content.IE5\0DIBKTUF\access[1].htm
Adware:Adware/WeatherCast No disinfected C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe
Possible Virus. No disinfected C:\WINDOWS\Downloaded Program Files\910000_211348_.exe130
Adware:Adware/Fastvideoplayer No disinfected C:\WINDOWS\Downloaded Program Files\fvp.inf
Adware:Adware/ISearch No disinfected C:\WINDOWS\HLInstaller1.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\iLookup\ezStub22.exe
Adware:Adware/Fastvideoplayer No disinfected C:\WINDOWS\inf\fvp.inf
Dialer:Dialer.AAR No disinfected C:\WINDOWS\mmgr32.exe
Dialer:Dialer.SU No disinfected C:\WINDOWS\run.cxq
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1031.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1033.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1034.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1136.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1139.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1143.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1322.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1323.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1324.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1340.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1341.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1342.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys141.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys145.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys146.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys147.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1827.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1828.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1832.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1833.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1854.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1915.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys1916.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys210.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2147.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2148.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2219.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2220.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2221.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2241.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2242.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2248.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2249.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys25.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys250.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys251.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2536.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2537.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2539.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2559.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys256.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys258.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2615.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2616.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2617.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2726.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2727.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2810.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2811.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys288.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys29.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys2912.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys343.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys5214.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys5226.exe
Virus:Trj/Downloader.DWG Disinfected C:\WINDOWS\sys5229.exe
Adware:Adware/InstaFinder No disinfected C:\WINDOWS\system32\InstaFinder_inst245.exe
Security Risk:Application/RestartNo disinfected C:\WINDOWS\system32\Tools\Restart.exe
Adware:Adware/Tibs No disinfected C:\WINDOWS\system32\vxgamet2.exe
Virus:Bck/Galapoper.B Disinfected C:\WINDOWS\system32\~update.exe
This is the smitfiles.txt log:

smitRem log file
version 2.6

by noahdfear

The current date is: 14/10/2005
The current time is: 20:35:30.29

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


Pre-run Files Present


~~~ Program Files ~~~

SpySheriff


~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~

zlbw.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!






This is the Ewido Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 21:42:48, 14/10/2005
+ Report-Checksum: 93173E14

+ Scan result:

C:\Documents and Settings\Comet Stockport\My Documents\HijackThis DONT DELETE\backups\backup-20051014-201653-678.dll -> Spyware.Comet : Ignored
C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : Ignored
C:\Program Files\WinFixer 2005 -> Spyware.WinFixer : Ignored
C:\Program Files\WinFixer 2005\lock.dat -> Spyware.WinFixer : Ignored
C:\WINDOWS\HLInstaller1.exe -> Spyware.iSearch : Ignored
C:\WINDOWS\iLookup -> Adware.eZula : Ignored
C:\WINDOWS\iLookup\ezStub22.exe -> Adware.eZula : Ignored
C:\WINDOWS\mmgr32.exe -> Dialer.Generic : Ignored
C:\WINDOWS\sys1031.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1033.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1034.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1136.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1139.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1143.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1322.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1323.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1324.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1340.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1341.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1342.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys141.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys145.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys146.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys147.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1827.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1828.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1832.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1833.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1854.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1915.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys1916.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys210.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2147.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2148.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2219.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2220.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2221.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2241.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2242.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2248.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2249.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys25.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys250.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys251.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2536.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2537.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2539.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2559.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys256.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys258.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2615.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2616.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2617.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2726.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2727.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2810.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2811.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys288.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys29.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys2912.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys343.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys5214.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys5226.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\sys5229.exe -> Trojan.Crypt.i : Ignored
C:\WINDOWS\system32\vxgamet2.exe -> TrojanDownloader.Small.aqu : Ignored
C:\WINDOWS\system32\~update.exe -> Trojan.Crypt.c : Ignored
C:\Program Files\Starware\bin\Starware.dll -> Spyware.Starad : Cleaned with backup
C:\vx.tllllsl -> Adware.SpySheriff : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\HotPorn.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\iNetPal\EZThemes_If245Om1.exe -> TrojanDropper.Small.sc : Cleaned with backup
C:\WINDOWS\sys148.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1518.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1519.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1521.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1736.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1737.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1738.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1826.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1834.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1848.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1850.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1917.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys202.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys203.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys204.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2238.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2239.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2240.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2250.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2411.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys245.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys249.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2541.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2542.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2548.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2549.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2551.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2556.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2557.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys257.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2913.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2914.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2919.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2920.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2921.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3037.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3038.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3039.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3119.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3121.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3123.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3124.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3239.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3240.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys341.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3415.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3417.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys342.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3424.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3559.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys361.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys363.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3840.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3843.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3846.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3853.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3855.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3856.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4243.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys431.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys432.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys458.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys459.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4610.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4611.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4810.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4811.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4812.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4818.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4820.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4822.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys50.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5033.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5034.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5035.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys511.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys512.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys513.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5148.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5150.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5151.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5212.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5213.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys527.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys528.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys529.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys530.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys531.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5311.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5330.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5338.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5339.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5340.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5342.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5725.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5726.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5727.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5816.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5817.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5818.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys931.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys934.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys937.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Cleaned with backup
C:\WINDOWS\system32\DummyX.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\emake2b.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\fvp.dll -> TrojanDownloader.Agent.oc : Cleaned with backup
C:\WINDOWS\system32\latest.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\system32\mmgr32.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\sgf.exe -> Not-A-Virus.Hoax.Renos.f : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End


And this is the new HijackThis Log :

Logfile of HijackThis v1.99.1
Scan saved at 12:12:27, on 15/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Icons\Seticon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpserver.exe
C:\Documents and Settings\Comet Stockport\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CyberPatrolNew] C:\Program Files\SurfControl\CyberPatrol\cphq.exe /m
O4 - HKLM\..\Run: [Seticon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Comet Stockport\Local Settings\Temp\{C9C63CAD-0DF7-4642-A942-15A0CABED7A7}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129292599031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4D

[ERDomi]

Sorry, ill post my new hijck this log again because it got cut off. Here it is :

Logfile of HijackThis v1.99.1
Scan saved at 12:12:27, on 15/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Icons\Seticon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpserver.exe
C:\Documents and Settings\Comet Stockport\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CyberPatrolNew] C:\Program Files\SurfControl\CyberPatrol\cphq.exe /m
O4 - HKLM\..\Run: [Seticon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Comet Stockport\Local Settings\Temp\{C9C63CAD-0DF7-4642-A942-15A0CABED7A7}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129292599031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinn...d/uninstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05464608-7EB5-4807-87A0-4140C5AF48B8}: NameServer = 80.225.252.178 80.225.252.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{05464608-7EB5-4807-87A0-4140C5AF48B8}: NameServer = 80.225.252.178 80.225.252.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: webpc - C:\WINDOWS\inf\webpc.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe



Thanks alot!! My desktop has changed back and there are no little spysheriff pop up things on my toolbar!!
Thanks for your time and help!! If i have any more problems i will start a new topic. Thanks again!!!

[loophole]

Good job.

Lets run ewido in safe mode 1 more time with the following instructions. (I forgot to tell you to perform action on all infections)

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Now post the Ewido log and the Hijack log

[ERDomi]

Ok thanks, i have done the scan again and here is the Ewido log and HijackThis log you asked for

Ewido log :

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 16:58:32, 19/10/2005
+ Report-Checksum: 1141AB67

+ Scan result:

C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet [email protected][2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet [email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet [email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet [email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Comet Stockport\Cookies\comet stockport@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Comet Stockport\My Documents\HijackThis DONT DELETE\backups\backup-20051014-201653-678.dll -> Spyware.Comet : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's [email protected][2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's [email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's [email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's [email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's [email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jen's Trash\Cookies\jen's trash@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\HLInstaller1.exe -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup
C:\WINDOWS\iLookup\ezStub22.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\mmgr32.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\vxgamet2.exe -> TrojanDownloader.Small.aqu : Cleaned with backup


::Report End


Here is the new HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 16:59:10, on 19/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Comet Stockport\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Seticon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Comet Stockport\Local Settings\Temp\{C9C63CAD-0DF7-4642-A942-15A0CABED7A7}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129292599031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinn...d/uninstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: webpc - C:\WINDOWS\inf\webpc.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe


Thanks!!!

[loophole]

Hello

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: webpc - C:\WINDOWS\inf\webpc.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked.

Im not here to preach but limewire is a virus farm. But it is your computer and you can certainly do with it what you wish

Post a new hijack log and tell me how your system is running now.

Thanks

[ERDomi]

Thanks, heres the new HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 21:40:11, on 09/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Icons\Seticon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\180solutions\ncase\msbb5321\msbb.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Comet Stockport\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Seticon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\ncase\msbb5321\msbb.exe
O4 - HKLM\..\Run: [zefct] C:\WINDOWS\zefct.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Comet Stockport\Local Settings\Temp\{C9C63CAD-0DF7-4642-A942-15A0CABED7A7}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...5/pool/pool.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129292599031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinn...d/uninstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05464608-7EB5-4807-87A0-4140C5AF48B8}: NameServer = 80.225.252.178 80.225.252.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{05464608-7EB5-4807-87A0-4140C5AF48B8}: NameServer = 80.225.252.178 80.225.252.186
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe


Thanks for the warning about limewire[b], but i share the computer so i will have to try persuading the others not to use it, Thanks alot!!

the system is working alot better now, spysheriff is nowhere to be seen and it isnt slow anymore.
Thanks for your time!!!