:angry:
I've recently been infected by spyware and virus's and have tried to clean them up but I've still got a yellow warning (!) triangle flashing in an annoying manner and a Red circle with a white X warning that keeps telling me I've got a virus and must click on the icon to download anti-virus software (But I already have antivirus software installed!).

Can anyone tell me how to clean this up?

Thanks

MarkofPhuel

Logfile of HijackThis v1.99.1
Scan saved at 15:51:01, on 02/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\msole32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\BTYAHO~1\HELP\SMARTB~1\MotiveSB.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Spyware Nuker 2004\swn2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\System32\winnook.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\intmon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\AVerTV2K\QuickTV.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\dtemp-303fc4c2914156-20.dop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsearches.net/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsearches.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = supanet Internet Explorer
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp7C34.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\HELP\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{90EADA13-48F1-44D8-B803-6544F13D3052}\SECURITY.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [xjsengm] c:\windows\system32\xjsengm.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [hhneyjn] c:\windows\fyxtjfj.exe
O4 - HKCU\..\Run: [ktstabq] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [kixubwh] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [jnadetb] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [lhpyuly] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [hlyodlh] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [tsmrjrd] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [rmdufin] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [remtmjl] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [rrbxjse] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [qaderkr] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [surbkyv] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ixmjums] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [jaqrfds] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [oounrws] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [acteerl] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [qnvfqtk] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [wsiomro] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [fukkgmi] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [yptswcr] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [wnswcqc] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [acgwvmc] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [bsnprcw] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [mugfmgv] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [srcaejw] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ajhedsr] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [nqpskny] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [giuqxbd] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [pqnuxew] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [jjwwwyn] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [sttvcsl] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [gegimhk] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ipjvdir] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [yebeuin] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [sftfjrf] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [eyfphyk] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ieotomn] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [qsejbsj] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ydxudxh] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [wejksjk] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [epntotc] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [rscxuwh] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [tcckynp] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [vdfyvjj] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [cggnkap] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [cbaxrsc] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [tamupid] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [olcqxlt] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [fiaupyq] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [dtiufme] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [iputkgo] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ayamtbo] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [eustgyf] c:\windows\farybtq.exe
O4 - HKCU\..\Run: [akrywbd] c:\windows\qasgueg.exe
O4 - HKCU\..\Run: [udpbuuh] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [ilvqqwi] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [nxrmbiu] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [cbprxvm] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [yjhibgx] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [jvolddo] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [aulilye] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [fmdujxj] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [pllylya] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [cbkubtj] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [nvyyghe] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [xnkkhet] c:\windows\vsnmxys.exe
O4 - HKCU\..\Run: [ipsnvlo] c:\windows\vsnmxys.exe
O4 - HKCU\..\Run: [nwyotvy] c:\windows\vsnmxys.exe
O4 - HKCU\..\Run: [xklfqeg] c:\windows\wkqlvme.exe
O4 - HKCU\..\Run: [qebhrrd] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [odsbreu] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [uuweojs] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [iklgdrs] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [ifytsol] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [pfrecmr] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [ncolhff] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [rvylvjw] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [cviaava] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [liduesf] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [rniocov] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [dbtrnqo] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [kacckkg] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [tardist] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [whjkmis] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [xmvkifo] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [pppsuvw] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [oiqcpvx] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [nxlyfws] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [fyksshw] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [vdsgsuf] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [ulgdddk] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [oquhxic] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [hxghdgu] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [pxahaog] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [etwlvai] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [ewngyce] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [obvjuwd] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [lsuakhx] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [qsfpjql] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [mpsqcib] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [emprgbh] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [sfqulri] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [jyirlhh] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [gundyhj] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [nmakeus] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [echmafu] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [fvddsuj] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [lanyaur] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [itsxyew] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [txvyyqf] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [jxhqoei] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [cpvfcts] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [xuadljj] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [fjehboc] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [ilninre] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [uignemk] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [dorxrhj] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [sqvrirv] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [govifrm] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [qsmbwdd] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [arknlxq] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [vwohbhx] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [wbrbutn] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [rnknlgy] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [physnjd] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [jabmuja] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [djkirbt] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [wubrdsm] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [aklndfb] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [hpxcdxn] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [gfrdnvj] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [xaxvxaa] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [tbsjelk] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [ogiskbl] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [fjnbuhy] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [rdjtjnq] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [lymkana] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [tdqqdgy] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [iqssgho] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [yqiebdi] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [mxoqjdd] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [oxrhywh] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [advttrp] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [pafxakk] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [oxhiwcr] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [nboadel] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [ddfntbc] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [wbrpbdq] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [cmyvmva] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [hsusxqh] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [jmuutek] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [aytghga] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [nrgftms] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [egeubdk] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [wxhkqxg] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [lrsymgq] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [ymtboyw] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [leplfwc] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe
O4 - HKCU\..\Run: [owuahvr] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [nxxtmdw] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [ltfxigt] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [akenibe] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [mbbqtax] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [qkwgtug] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [mqgjmou] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [pncjfod] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [lhdpbik] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [ybeatec] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [lqjhbpp] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [gymgunw] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [aslfsbf] c:\windows\tckilyg.exe
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo!\Help\bin\matcli.exe
O4 - Global Startup: LG Sync Manager.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0CF34DDE-B288-4193-8BB8-660B7C20090A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0CF34DDE-B288-4193-8BB8-660B7C20090A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {497F3D61-03E6-4209-BF98-FFAA2061BEC4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {497F3D61-03E6-4209-BF98-FFAA2061BEC4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {670621B8-5ECF-4511-8D12-443D0E08894B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {670621B8-5ECF-4511-8D12-443D0E08894B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9ECEB9E4-52A1-463D-B1EF-9626CBB9B2F1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9ECEB9E4-52A1-463D-B1EF-9626CBB9B2F1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B833F72F-71F2-46D2-B307-9CD47F4743C9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B833F72F-71F2-46D2-B307-9CD47F4743C9} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FC6C397B-33F3-4CC6-B442-D27041A9974F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FC6C397B-33F3-4CC6-B442-D27041A9974F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FF5DB283-3DF3-4924-91CC-BCA614D14906} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FF5DB283-3DF3-4924-91CC-BCA614D14906} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107862688890
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZONELABS\vsmon.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

First:
Download WinSockFix from here:http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

Download LSPfix here: »www.cexx.org/lspfix.htm

Do not run either at this time!!!!


Second:
Download Pocket Killbox version 2.0.0.175
http://www.atribune.org/downloads/KillBox.exe
We'll use it later.
--------------------------


Download FindIt's.zip to your desktop.
Create a new folder on your desktop. Extract the files inside to this new folder. Open the folder. Do not use it yet.

http://forums.net-integration.net/index.ph...=post&id=142443

----------------------------------------
Please download, install, and update the Ewido Security Suite:
http://www.ewido.net/en/download/

Do not use it yet.

--------


Please download save and then extract nailfix
http://users.pandora.be/bluepatchy/nailfix.zip



-----------------------

Download CWShredder from this link:
http://www.intermute.com/spysubtract/cwshr...r_download.html

Do not use it yet.


You will be restarting into Safe mode later.
Go here for directions if you need help:

http://service1.symantec.com/SUPPORT/tsgen...001052409420406
--------

Because XP will not always show you hidden files and folders by default.
Reset your search settings first.

Open Folder Options>view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Next go to Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
--------


Restart into Safe mode.

Find and double-click on nailfix.cmd which you extracted earlier.

You'll lose your desktop and taskbar for a second. That's ok.
------
Next run a full scan in Ewido. Post the log from the Ewido scan into your next reply.
--------

Run hijackthis and fix these items if they still exist:

(Add all entries you need here)R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsearches.net/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsearches.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/
R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe

O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp7C34.tmp

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O4 - HKLM\..\Run: [xjsengm] c:\windows\system32\xjsengm.exe
O4 - HKCU\..\Run: [hhneyjn] c:\windows\fyxtjfj.exe
O4 - HKCU\..\Run: [ktstabq] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [kixubwh] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [jnadetb] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [lhpyuly] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [hlyodlh] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [tsmrjrd] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [rmdufin] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [remtmjl] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [rrbxjse] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [qaderkr] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [surbkyv] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ixmjums] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [jaqrfds] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [oounrws] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [acteerl] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [qnvfqtk] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [wsiomro] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [fukkgmi] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [yptswcr] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [wnswcqc] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [acgwvmc] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [bsnprcw] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [mugfmgv] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [srcaejw] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ajhedsr] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [nqpskny] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [giuqxbd] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [pqnuxew] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [jjwwwyn] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [sttvcsl] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [gegimhk] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ipjvdir] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [yebeuin] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [sftfjrf] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [eyfphyk] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ieotomn] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [qsejbsj] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ydxudxh] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [wejksjk] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [epntotc] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [rscxuwh] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [tcckynp] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [vdfyvjj] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [cggnkap] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [cbaxrsc] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [tamupid] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [olcqxlt] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [fiaupyq] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [dtiufme] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [iputkgo] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [ayamtbo] c:\windows\wnfjrav.exe
O4 - HKCU\..\Run: [eustgyf] c:\windows\farybtq.exe
O4 - HKCU\..\Run: [akrywbd] c:\windows\qasgueg.exe
O4 - HKCU\..\Run: [udpbuuh] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [ilvqqwi] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [nxrmbiu] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [cbprxvm] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [yjhibgx] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [jvolddo] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [aulilye] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [fmdujxj] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [pllylya] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [cbkubtj] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [nvyyghe] c:\windows\niyfdwn.exe
O4 - HKCU\..\Run: [xnkkhet] c:\windows\vsnmxys.exe
O4 - HKCU\..\Run: [ipsnvlo] c:\windows\vsnmxys.exe
O4 - HKCU\..\Run: [nwyotvy] c:\windows\vsnmxys.exe
O4 - HKCU\..\Run: [xklfqeg] c:\windows\wkqlvme.exe
O4 - HKCU\..\Run: [qebhrrd] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [odsbreu] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [uuweojs] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [iklgdrs] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [ifytsol] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [pfrecmr] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [ncolhff] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [rvylvjw] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [cviaava] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [liduesf] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [rniocov] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [dbtrnqo] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [kacckkg] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [tardist] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [whjkmis] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [xmvkifo] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [pppsuvw] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [oiqcpvx] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [nxlyfws] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [fyksshw] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [vdsgsuf] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [ulgdddk] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [oquhxic] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [hxghdgu] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [pxahaog] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [etwlvai] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [ewngyce] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [obvjuwd] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [lsuakhx] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [qsfpjql] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [mpsqcib] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [emprgbh] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [sfqulri] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [jyirlhh] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [gundyhj] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [nmakeus] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [echmafu] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [fvddsuj] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [lanyaur] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [itsxyew] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [txvyyqf] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [jxhqoei] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [cpvfcts] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [xuadljj] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [fjehboc] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [ilninre] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [uignemk] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [dorxrhj] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [sqvrirv] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [govifrm] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [qsmbwdd] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [arknlxq] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [vwohbhx] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [wbrbutn] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [rnknlgy] c:\windows\jwwksqv.exe
O4 - HKCU\..\Run: [physnjd] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [jabmuja] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [djkirbt] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [wubrdsm] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [aklndfb] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [hpxcdxn] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [gfrdnvj] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [xaxvxaa] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [tbsjelk] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [ogiskbl] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [fjnbuhy] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [rdjtjnq] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [lymkana] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [tdqqdgy] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [iqssgho] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [yqiebdi] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [mxoqjdd] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [oxrhywh] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [advttrp] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [pafxakk] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [oxhiwcr] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [nboadel] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [ddfntbc] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [wbrpbdq] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [cmyvmva] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [hsusxqh] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [jmuutek] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [aytghga] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [nrgftms] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [egeubdk] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [wxhkqxg] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [lrsymgq] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [ymtboyw] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [leplfwc] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe
O4 - HKCU\..\Run: [owuahvr] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [nxxtmdw] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [ltfxigt] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [akenibe] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [mbbqtax] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [qkwgtug] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [mqgjmou] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [pncjfod] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [lhdpbik] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [ybeatec] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [lqjhbpp] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [gymgunw] c:\windows\aphamls.exe
O4 - HKCU\..\Run: [aslfsbf] c:\windows\tckilyg.exe
O4 - Global Startup: winlogin.exe

O9 - Extra button: Microsoft AntiSpyware helper - {0CF34DDE-B288-4193-8BB8-660B7C20090A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0CF34DDE-B288-4193-8BB8-660B7C20090A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {497F3D61-03E6-4209-BF98-FFAA2061BEC4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {497F3D61-03E6-4209-BF98-FFAA2061BEC4} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {670621B8-5ECF-4511-8D12-443D0E08894B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {670621B8-5ECF-4511-8D12-443D0E08894B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9ECEB9E4-52A1-463D-B1EF-9626CBB9B2F1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9ECEB9E4-52A1-463D-B1EF-9626CBB9B2F1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B833F72F-71F2-46D2-B307-9CD47F4743C9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B833F72F-71F2-46D2-B307-9CD47F4743C9} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FC6C397B-33F3-4CC6-B442-D27041A9974F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FC6C397B-33F3-4CC6-B442-D27041A9974F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FF5DB283-3DF3-4924-91CC-BCA614D14906} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FF5DB283-3DF3-4924-91CC-BCA614D14906} - (no file) (HKCU)


------------

Run CWshredder. Press the fix button to clean.

Delete these files if they still exist.
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\winnook.exe
C:\WINDOWS\System32\intmon.exe
c:\windows\system32\xjsengm.exe
c:\windows\fyxtjfj.exe
c:\windows\wnfjrav.exe
c:\windows\farybtq.exe
c:\windows\qasgueg.exe
c:\windows\niyfdwn.exe
c:\windows\vsnmxys.exe
c:\windows\wkqlvme.exe
c:\windows\jwwksqv.exe
c:\windows\aphamls.exe
c:\windows\tckilyg.exe




====================

Restart into regular windows.

Run Findit's.bat inside the new folder you created earlier. Double click on Findit's.bat
It will take a while to run. When it finishes a notepad file will open.
Post the contents of that file as well into your next reply here.

Post the Ewido log in this log.


Third:
Launch the Launch LSPFix, and click the "I know what I'm doing" checkbox.
Check all instances of flsmngr.dll (and nothing else) , and move them to the "Remove" pane.
Then click Finish

Reboot

Check your internet connection and verify that it is working. In rare instances LSPFix may break your connection. If this happens, run WinSockFix to repair it.


Last:
Run HiJackTHis again and post the new log in this thread.

:dancer:

LoPhatPhuud many thanks. Here are the results you asked for

Ewido Log follows:

Note that the first time I ran this it cleaned up some Trojans but crashed when I tried to clean up a Spyware Nuker back-up file. The next time I ran it I skipped the spyware nuker files just in case. I'll re-run if you need me to. (See comments below regarding Spyware Nuker!)

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:59:58, 05/06/2005
+ Report-Checksum: EE02AD5B

+ Date of database: 05/06/2005
+ Version of scan engine: v3.0

+ Duration: 38 min
+ Scanned Files: 81792
+ Speed: 35.66 Files/Second
+ Infected files: 4
+ Removed files: 1
+ Files put in quarantine: 1
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Program Files\Spyware Nuker 2004\backup\200505311118.zip/ceres.dll.000 -> Spyware.BetterInternet.d -> Ignored
C:\Program Files\Spyware Nuker 2004\backup\200506021453.zip/win32.exe.000 -> TrojanProxy.Lager.j -> Ignored
C:\Program Files\Spyware Nuker 2004\backup\200506021453.zip/~update.exe.000 -> TrojanProxy.Lager.j -> Ignored
C:\Recycled\Q678340.exe -> TrojanDownloader.Small.rr -> Cleaned with backup


::Report End


Findit's Log as follows:


Microsoft Windows XP [Version 5.1.2600]
The current date is: 05/06/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first

* UPX! C:\WINDOWS\System32\MXSJSAAA.EXE

»»»»» lagitamate file's can/will show in this section.

* UPX! C:\WINDOWS\System32\FLSMNGR.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.

Volume in drive C is CM94-G4
Volume Serial Number is 3C60-0F9F

Directory of C:\WINDOWS\SYSTEM32

»»»»» Checking for SAHAgent ico files.
Volume in drive C is CM94-G4
Volume Serial Number is 3C60-0F9F

Directory of C:\WINDOWS\system32

27/05/2005 14:24 4,286 spam.ico
27/05/2005 14:24 766 spyware.ico
2 File(s) 5,052 bytes
0 Dir(s) 58,681,360,384 bytes free

»»»»»»»»»»»»»»»»»»»»»»»».

Finally the HiJack Log...

Logfile of HijackThis v1.99.1
Scan saved at 11:59:05, on 05/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\BTYAHO~1\HELP\SMARTB~1\MotiveSB.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Spyware Nuker 2004\swn2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\AVerTV2K\QuickTV.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\dtemp-1adfc4c196828-20.dop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = supanet Internet Explorer
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\HELP\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{90EADA13-48F1-44D8-B803-6544F13D3052}\SECURITY.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo!\Help\bin\matcli.exe
O4 - Global Startup: LG Sync Manager.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107862688890
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZONELABS\vsmon.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


HiJack this would not delete winlogin.exe. It recommended using task manager to shut down the application but it was not running! So I just skipped it.

Assuming that I am now clean what should I do now? I now have Ewido and Spyware Nuker running on my machine and I'm assuming that's not a good thing (system conflicts etc). I read somewhere that Spyware Nuker was written by malware authors so should I be running it at all? - seems to be failing to protect me anyway! I'll take any advise you have as you are the master.

Thanks for your help so far. Look forward to your reply

MarkofPhuel


p.s there were a few broken links for the downloads - for your info here is where I got the downloads from

Download Pocket Killbox version 2.0.0.175
http://www.atribune.org/downloads/KillBox.exe -> Boken Link
-> got from http://www.dslreports.com/forum/remark,12605235
Note we did not use this program!

Download FindIt's.zip to your desktop.

http://forums.net-integration.net/index.ph...=post&id=142443 -> Boken Link
-> got from http://forum.tweakxp.com/forum/Topic162090...ode=1&#bm162090

Download CWShredder from this link:
http://www.intermute.com/spysubtract/cwshr...r_download.html -> Broken Link
-> got from http://www.intermute.com/products/cwshredder.html

Thanks for the link info. Must have grabbed the old version, my current one has the correct links.

Good thinking on the Spyware Nuker files! I would use Spyware Nuker to remove the backups since there is no reason to keep them. Spyware Nuker itself was, at one time, on the Rogue AntiSpyware list maintainted by Eric Howes. It has since been removed. More info is available there: http://www.spywarewarrior.com/rogue_anti-spyware.htm

If you paid for Spyware Nuker, then by all means keep it. Ewido is not free and will revert to the free version upon trial expiration. I will leave the choice up to you. Running more than one antiSpyware program with realtime protection has not presented nay conflicts. At least that I am aware of. But, as with running more than one AV with real time protections, there is always as chance of conflict. I run MSAS (MS AntiSpyware) and Spybot's Tea-Timer together wiithout incident. There is some overlap but I wanted Tea-Timer for its coverage that MSS does not have.

Not much left to do. We need to get rid of winlogin.exe.

Boot into Safe Mode and delete the file. It should be located in C:\Documents and Settings\All Users\Start Menu\Programs\.

Also delete these two items: (if still there)
C:\WINDOWS\System32\MXSJSAAA.EXE
C:\WINDOWS\System32\FLSMNGR.DLL

Then run HiJackThis and delete this entry:
O4 - Global Startup: winlogin.exe

Reboot into Normal Mode, run HiJackThis again and post the new log in this thread for final review.

I've tried deleting winlogin.exe but it won't delete. I get " Cannot delete winlogin.exe. It is being used by another person or program. Close any programs that might be using the file and try again". I've tried it is safe mode, normal mode and in cmd prompt mode - which was a test of my DOS recollection!

From task manager there is only winlogon.exe - which I assume is the legitimate process - but I cannot shut that down either.

Again hiJack this won't fix it!

What now?

I did a bit of searching and found a thread that suggested using KillBox to delete winlogin.exe on reboot.

I entered the path and re-booted and winlogin.exe is gone...

Final log for inspection.

Logfile of HijackThis v1.99.1
Scan saved at 09:14:47, on 07/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\BTYAHO~1\HELP\SMARTB~1\MotiveSB.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Spyware Nuker 2004\swn2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\AVerTV2K\QuickTV.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\dtemp-1b2fc4c202078-20.dop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = supanet Internet Explorer
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\HELP\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{90EADA13-48F1-44D8-B803-6544F13D3052}\SECURITY.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe" -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo!\Help\bin\matcli.exe
O4 - Global Startup: LG Sync Manager.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107862688890
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZONELABS\vsmon.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


Thanks a lot for your help :thumb:

That last log was clean!

Note: Winlogon.exe is, indeed, a valid windows process. The one we wanted to delete was winlogin.exe. Close but not the same! Good thinking using Killbox. That would have been my next step!



At last, your system is clean and free of spyware! Want to keep it that way?

Here are some simple steps you can take to reduce the chance of infection in the future.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and Internet Explorer. This includes SP1 and SP2 if you use Windows XP. The first defense against infection is a properly patched Operating System.
a. Windows Update: http://v5.windowsupdate.microsoft.com/en/default.asp

2. Adjust your security settings for ActiveX:
Select Internet Options from the Control Panels, or from Internet Explorer (Tools -> Internet Options)
Press 'default level', then OK
Now press "Custom Level."

In the ActiveX controls and plug-ins section set these options:
'Download singed ActiveX controls' - Prompt
'Download unsigned ActiveX controls' - Disable
'Initialize and script ActiveX controls not maked as safe'- Disable
All other options accept the default

3. Download and install the following free programs
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. IE/Spyad: https://netfiles.uiuc.edu/ehowes/www/resource.htm
c. BHODemon: http://www.definitivesolutions.com/bhodemon.htm

4. Install Spyware Detection and Removal Programs:
You may also want to consider installing one of the following:
a. Microsoft AntiSpyware: http://www.microsoft.com/athome/security/s...re/default.mspx
NOTE: MS AntiSpyware only runs on Windows 2000, XP, and 2003.
b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download
c. AdAware: http://www.lavasoft.de/

Use these programs to regularly scan your system for and remove many forms of spyware/malware. I recommend and use Micosoft AntiSpyware.

If you use, or plan on using, additional spyware/malware detection and/or removal programs, please check Items 8 and 9.

5. Install 'Spoofstick"
Spoofstick is a simple browser extension that helps users detect spoofed (fake) websites. This extension is free and installs in Internet Explorer and Mozilla Firefox.
a. http://www.corestreet.com/spoofstick

6. Reset System Restore
If you are using Windows ME or Windows XP, please reset your System Restore. See Windows help for information.

7. Clean Temporary Files and Folders
Download and install the disk cleanup utility called Cleanup! from here:
http://cleanup.stevengould.org/
http://www.hijackthislogs.com/dl/CleanUp312.exe

Cleanup! will get rid of any malware which may be hiding in your temp folders (a common hiding place). You may also regain a massive amount of disk space.
Here is a tutorial which describes its usage:
http://www.bleepingcomputer.com/forums/tutorial93.html

Run the disk cleanup utility called Cleanup! that you have already downloaded and installed
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Then reboot into normal mode to let it clean out the remaining files.


8. Rogue/Suspect Anti-Spyware
Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

9. Anti-Spyware Programs Compared
Want to know just how effective your anti-spyware program is? Wonder how well any of the "rogue" programs listed above work? Check this link for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

10. Alternate Browser
Consider using an alternate browser as your default. I recommend and use Firefox as my primary browser. It is still necessary to keep Internet Explorer current and protected in order to use Windows Update.


For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

"It is your responsibility to read and adhere to the End User Licensing Agreement (EULA) of all software and services mentioned."

Good luck, and thanks for coming to our forums for help with your security and malware issues.