ello, that took a while!!!
nyway upon restart after doing the things you said, signs are looking good as i haven't had any pop ups yet! although i did still get this error
16 bit MS-DOS Subsystem
C:\WINDOWS\System32\runsrv.exe\
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. This file is not suitable for running MS-DOS nd microsoft windows applications choose 'close' to terminate the application
but apart from that things seem o.k up 2 press.
is that spysweeper a program worth actually buying and are there any other good programs you can reccomend so that this wont happen again???
<----here is the sweeper log file------>
********
23:53: | Start of Session, 16 May 2006 |
23:53: Spy Sweeper started
23:53: Sweep initiated using definitions version 678
23:53: Starting Memory Sweep
23:54: Found Adware: spysheriff fakealert
23:54: Detected running threat: C:\WINDOWS\system32\repigsp.exe (ID = 291520)
23:54: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
23:54: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
23:56: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
23:57: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
23:58: Found Adware: adwaresheriff fakealert
23:58: Detected running threat: C:\WINDOWS\system32\winsrv32.exe (ID = 291521)
23:58: Memory Sweep Complete, Elapsed Time: 00:04:53
23:58: Starting Registry Sweep
23:58: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
23:58: Found Adware: blazefind
23:58: HKCR\bridge.brdg\ (1 subtraces) (ID = 104437)
23:58: HKCR\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}\ (1 subtraces) (ID = 104449)
23:58: HKCR\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12}\ (1 subtraces) (ID = 104459)
23:58: HKCR\jao.jao\ (1 subtraces) (ID = 104463)
23:58: HKLM\software\classes\bridge.brdg\ (1 subtraces) (ID = 104468)
23:58: HKLM\software\classes\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}\ (1 subtraces) (ID = 104482)
23:58: HKLM\software\classes\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12}\ (1 subtraces) (ID = 104491)
23:58: HKLM\software\classes\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}\ (1 subtraces) (ID = 104501)
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}\ (1 subtraces) (ID = 104519)
23:58: HKLM\software\microsoft\windows\currentversion\uninstall\bridge\ (1 subtraces) (ID = 104547)
23:58: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
23:58: HKCR\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}\ (1 subtraces) (ID = 104567)
23:58: Found Adware: daily toolbar
23:58: HKCR\appid\dailytoolbar.dll\ (1 subtraces) (ID = 124556)
23:58: HKCR\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (1 subtraces) (ID = 124557)
23:58: HKCR\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (1 subtraces) (ID = 124560)
23:58: HKCR\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (1 subtraces) (ID = 124561)
23:58: HKCR\dailytoolbar.ieband\ (1 subtraces) (ID = 124562)
23:58: HKCR\dailytoolbar.sysmgr\ (1 subtraces) (ID = 124564)
23:58: HKCR\ietoolbar.affiliatectl\ (1 subtraces) (ID = 124565)
23:58: HKCR\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (1 subtraces) (ID = 124566)
23:58: HKCR\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (1 subtraces) (ID = 124567)
23:58: HKLM\software\classes\appid\dailytoolbar.dll\ (1 subtraces) (ID = 124576)
23:58: HKLM\software\classes\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (1 subtraces) (ID = 124577)
23:58: HKLM\software\classes\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (1 subtraces) (ID = 124587)
23:58: HKLM\software\classes\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (1 subtraces) (ID = 124588)
23:58: HKLM\software\classes\dailytoolbar.ieband\ (1 subtraces) (ID = 124590)
23:58: HKLM\software\classes\dailytoolbar.sysmgr\ (1 subtraces) (ID = 124592)
23:58: HKLM\software\classes\ietoolbar.affiliatectl\ (1 subtraces) (ID = 124593)
23:58: HKLM\software\classes\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (1 subtraces) (ID = 124594)
23:58: HKLM\software\classes\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (1 subtraces) (ID = 124595)
23:58: HKLM\software\dailytoolbar\ (1 subtraces) (ID = 124601)
23:58: HKLM\software\nix solutions\dailytoolbar\ (1 subtraces) (ID = 124641)
23:58: Found Adware: elitebar
23:58: HKCR\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ (8 subtraces) (ID = 125700)
23:58: HKLM\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ (8 subtraces) (ID = 125730)
23:58: HKLM\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\ (9 subtraces) (ID = 125738)
23:58: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
23:58: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/v3.dll\ (2 subtraces) (ID = 125753)
23:58: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\v3.dll (ID = 125764)
23:58: HKCR\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\ (9 subtraces) (ID = 125773)
23:58: Found Adware: purityscan
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}\ (1 subtraces) (ID = 137799)
23:58: Found Adware: tubby toolbar
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}\ (1 subtraces) (ID = 137799)
23:58: Found Trojan Horse: trojan-downloader-wstart
23:58: HKCR\appid\wstart.dll\ (1 subtraces) (ID = 144900)
23:58: HKCR\appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21}\ (1 subtraces) (ID = 144901)
23:58: HKCR\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}\ (1 subtraces) (ID = 144902)
23:58: HKLM\software\classes\appid\wstart.dll\ (1 subtraces) (ID = 144903)
23:58: HKLM\software\classes\appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21}\ (1 subtraces) (ID = 144904)
23:58: HKLM\software\classes\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}\ (1 subtraces) (ID = 144905)
23:58: HKLM\software\classes\wstart.whttphelper.1\ (1 subtraces) (ID = 144906)
23:58: HKLM\software\classes\wstart.whttphelper\ (1 subtraces) (ID = 144907)
23:58: HKLM\software\wsoft\ (1 subtraces) (ID = 144909)
23:58: HKCR\wstart.whttphelper.1\ (1 subtraces) (ID = 144910)
23:58: HKCR\wstart.whttphelper\ (1 subtraces) (ID = 144911)
23:58: Found Adware: directrevenue-abetterinternet
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-c1ec-0345-6ec2-4d0300000000}\ (1 subtraces) (ID = 145925)
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-f09c-02b4-6ec2-ad0300000000}\ (1 subtraces) (ID = 145927)
23:58: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}\ (1 subtraces) (ID = 145940)
23:58: HKLM\software\respondmiter\ (1 subtraces) (ID = 146128)
23:58: Found Adware: winad
23:58: HKLM\software\classes\winadtoolsx.installer\ (3 subtraces) (ID = 147179)
23:58: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || .owner (ID = 147196)
23:58: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} (ID = 147197)
23:58: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadtoolsx.dll (ID = 147225)
23:58: HKCR\winadtoolsx.installer\ (3 subtraces) (ID = 147247)
23:58: HKCR\typelib\{31f9b5a7-5b94-445d-922c-e97bf52f5fd7}\ (9 subtraces) (ID = 1338574)
23:58: HKLM\software\classes\typelib\{31f9b5a7-5b94-445d-922c-e97bf52f5fd7}\ (9 subtraces) (ID = 1338597)
23:58: Found Adware: clickpix toolbar
23:58: HKU\S-1-5-21-263134199-781593064-165888979-500\software\microsoft\internet explorer\toolbar\webbrowser\ || {cc8c8f4f-f2e8-404b-a43d-5cc57876a008} (ID = 105875)
23:58: Found System Monitor: sc-keylog
23:58: HKU\S-1-5-21-263134199-781593064-165888979-500\software\classes\applications\main.exe\ (4 subtraces) (ID = 762247)
23:58: Registry Sweep Complete, Elapsed Time:00:00:20
23:58: Starting Cookie Sweep
23:58: Found Spy Cookie: sandboxer cookie
23:58: administrator@0[3].txt (ID = 3282)
23:58: Found Spy Cookie: 247realmedia cookie
23:58: administrator@247realmedia[1].txt (ID = 1953)
23:58: Found Spy Cookie: aa cookie
23:58: administrator@aa[2].txt (ID = 2029)
23:58: Found Spy Cookie: yieldmanager cookie
23:58: administrator@ad.yieldmanager[1].txt (ID = 3751)
23:58: Found Spy Cookie: adtech cookie
23:58: administrator@adtech[2].txt (ID = 2155)
23:58: Found Spy Cookie: ask cookie
23:58: administrator@ask[2].txt (ID = 2245)
23:58: Found Spy Cookie: a cookie
23:58: administrator@a[1].txt (ID = 2027)
23:58: Found Spy Cookie: clickbank cookie
23:58: administrator@clickbank[2].txt (ID = 2398)
23:58: Found Spy Cookie: webtrends cookie
23:58: administrator@m.webtrends[1].txt (ID = 3669)
23:58: Found Spy Cookie: 2o7.net cookie
23:58: administrator@premiumtv.122.2o7[1].txt (ID = 1958)
23:58: Found Spy Cookie: realmedia cookie
23:58: administrator@realmedia[2].txt (ID = 3235)
23:58: Found Spy Cookie: statcounter cookie
23:58: administrator@statcounter[1].txt (ID = 3447)
23:58: Found Spy Cookie: toplist cookie
23:58: administrator@toplist[1].txt (ID = 3557)
23:58: Cookie Sweep Complete, Elapsed Time: 00:00:00
23:59: Starting File Sweep
23:59: repigsp.exe (ID = 291520)
00:00: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:02: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:02: backup-20060516-231547-560.dll (ID = 291491)
00:04: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:05: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:06: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:08: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:10: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:12: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:12: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:13: thnall1z.exe (ID = 154509)
00:14: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:16: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:18: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:20: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:20: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:22: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:24: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:26: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:27: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:28: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:28: winbl32.dll (ID = 291520)
00:30: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:32: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:35: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:35: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:37: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:39: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:41: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:42: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:43: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:45: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:47: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:49: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:50: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:51: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:53: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:54: Found Trojan Horse: trojan-downloader-ttub
00:54: lsass.exe (ID = 81008)
00:55: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:57: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
00:57: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
00:59: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:01: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:03: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:07: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:07: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
01:08: rplhquzk.exe (ID = 293508)
01:08: Found Adware: redv network easyinstall
01:08: phqghume.exe (ID = 59429)
01:10: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:12: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:12: winsrv32.exe (ID = 291521)
01:13: Found Trojan Horse: trojan-backdoor-securemulti
01:13: zhopaizdupla.exe (ID = 294001)
01:14: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:16: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:16: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
01:16: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
01:17: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
01:18: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:20: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:21: Warning: Failed to open file "c:\documents and settings\administrator\cookies\administrator@antispylab[2].txt". The system cannot find the file specified
01:22: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:22: osd149f.osd (ID = 60007)
01:22: dlmax.inf (ID = 83266)
01:29: Warning: Unhandled Archive Type
01:29: Warning: Unhandled Archive Type
01:30: Warning: Unhandled Archive Type
01:30: Warning: Unhandled Archive Type
01:31: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:31: Spy Installation Shield: found: Adware: adwaresheriff fakealert, version 1.0.0.0 -- Execution Denied
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid file - not a PKZip file
01:31: Warning: Invalid Stream
01:32: File Sweep Complete, Elapsed Time: 01:33:10
01:32: Full Sweep has completed. Elapsed time 01:38:28
01:32: Traces Found: 207
01:33: Spy Installation Shield: found: Adware: spysheriff fakealert, version 1.0.0.0 -- Execution Denied
01:33: Removal process initiated
01:34: Quarantining All Traces: directrevenue-abetterinternet
01:34: Quarantining All Traces: elitebar
01:34: Quarantining All Traces: purityscan
01:34: Quarantining All Traces: sc-keylog
01:34: Quarantining All Traces: trojan-backdoor-securemulti
01:34: Quarantining All Traces: blazefind
01:34: Quarantining All Traces: daily toolbar
01:34: Quarantining All Traces: trojan-downloader-ttub
01:34: Quarantining All Traces: trojan-downloader-wstart
01:34: Quarantining All Traces: winad
01:34: Quarantining All Traces: clickpix toolbar
01:34: Quarantining All Traces: redv network easyinstall
01:34: Quarantining All Traces: tubby toolbar
01:34: Quarantining All Traces: 247realmedia cookie
01:34: Quarantining All Traces: 2o7.net cookie
01:34: Quarantining All Traces: a cookie
01:34: Quarantining All Traces: aa cookie
01:34: Quarantining All Traces: adtech cookie
01:34: Quarantining All Traces: ask cookie
01:34: Quarantining All Traces: clickbank cookie
01:34: Quarantining All Traces: realmedia cookie
01:34: Quarantining All Traces: sandboxer cookie
01:34: Quarantining All Traces: statcounter cookie
01:34: Quarantining All Traces: toplist cookie
01:34: Quarantining All Traces: webtrends cookie
01:34: Quarantining All Traces: yieldmanager cookie
01:34: Quarantining All Traces: spysheriff fakealert
01:35: Quarantining All Traces: adwaresheriff fakealert
01:35: adwaresheriff fakealert is in use. It will be removed on reboot.
01:35: Preparing to restart your computer. Please wait...
01:35: Removal process completed. Elapsed time 00:01:18
********
23:51: | Start of Session, 16 May 2006 |
23:51: Spy Sweeper started
23:52: BHO Shield: found: -- BHO installation denied at user request
23:52: Your spyware definitions have been updated.
23:53: | End of Session, 16 May 2006 |
<---end of spysweeper log file--->
<----start of new HijackThis log----->
Logfile of HijackThis v1.99.1
Scan saved at 01:39:56, on 17/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\dan\virus removal\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wanadoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: winapi32.MyBHO - {26C43C19-A1CE-456E-9CBF-77FFB9E92681} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCShowBuzz] C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: *.p0rt2.com
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://by102fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
<----end of HijackThis log file---->
so, What next????