Hi
Another HiJack this and Spy Sweeper Log from a previuos post i was asked to post a NEW hijack and sweeper post for each PC so that i could be advised accordingly
If you have read the other posts they are different PCs

Thanks in anticipation of your help


Logfile of HijackThis v1.99.1
Scan saved at 19:18:49, on 23/03/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\LB\HI JACK THIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Y356RXe7P] MMCLP30E.EXE
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/u...en/default.htm (file missing) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)


PLUS Spy Sweeper
********
18:25: | Start of Session, 23 March 2006 |
18:25: Spy Sweeper started
18:25: Sweep initiated using definitions version 640
18:25: Found Adware: ist surf accuracy
18:25: HKLM\software\microsoft\windows\currentversion\run \ || surfaccuracy (ID = 1187953)
18:25: SAcc.exe (ID = 1187953)
18:25: Starting Memory Sweep
18:30: Detected running threat: C:\WINDOWS\qtxmggc.exe (ID = 251281)
18:30: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || ReJf5vH (ID = 0)
18:30: Found Adware: ist istbar
18:30: Detected running threat: C:\WINDOWS\gmhmobyg.exe (ID = 64496)
18:30: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || xtAOsC (ID = 0)
18:30: Detected running threat: C:\Program Files\SurfAccuracy\SAcc.exe (ID = 251881)
18:30: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfAccuracy (ID = 0)
18:33: Detected running threat: C:\Program Files\ISTsvc\istsvc.exe (ID = 64665)
18:33: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || IST Service (ID = 0)
18:34: Memory Sweep Complete, Elapsed Time: 00:08:20
18:34: Starting Registry Sweep
18:34: Found Adware: apropos
18:34: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
18:34: HKLM\software\autoloader\ (2 subtraces) (ID = 103742)
18:34: HKLM\software\classes\interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}\ (5 subtraces) (ID = 103772)
18:34: HKLM\software\classes\interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}\ (5 subtraces) (ID = 103773)
18:34: HKLM\software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103774)
18:34: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}\ (ID = 103778)
18:34: HKLM\software\microsoft\windows\currentversion\uni nstall\aproposclient\ (3 subtraces) (ID = 103818)
18:34: Found System Monitor: blazing tools xp logon logger
18:34: HKLM\software\bt\ (10 subtraces) (ID = 105271)
18:34: Found Adware: e2g
18:34: HKCR\appid\iebhos.dll\ (1 subtraces) (ID = 125406)
18:34: HKCR\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (1 subtraces) (ID = 125407)
18:34: HKLM\software\classes\appid\iebhos.dll\ (1 subtraces) (ID = 125446)
18:34: HKLM\software\classes\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (1 subtraces) (ID = 125447)
18:34: HKLM\software\classes\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (9 subtraces) (ID = 125484)
18:34: HKLM\software\e2g\ (8 subtraces) (ID = 125485)
18:34: HKLM\software\e2g\ || source (ID = 125486)
18:34: HKLM\software\microsoft\windows\currentversion\uni nstall\e2g plugin\ (5 subtraces) (ID = 125522)
18:34: HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (9 subtraces) (ID = 125529)
18:34: Found Adware: internetoptimizer
18:34: HKLM\software\microsoft\windows\currentversion\pol icies\ameopt\ (ID = 128912)
18:34: Found Adware: ist software
18:34: HKU\.default\software\ist\ (1 subtraces) (ID = 129052)
18:34: HKCR\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}\ (8 subtraces) (ID = 129062)
18:34: HKLM\software\classes\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}\ (8 subtraces) (ID = 129085)
18:34: HKLM\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 subtraces) (ID = 129103)
18:34: HKLM\software\classes\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}\ (9 subtraces) (ID = 129107)
18:34: HKLM\software\istbar\ (21 subtraces) (ID = 129110)
18:34: HKLM\software\istsvc\ (22 subtraces) (ID = 129111)
18:34: HKLM\software\microsoft\code store database\distribution units\{7c559105-9ecf-42b8-b3f7-832e75edd959}\ (10 subtraces) (ID = 129113)
18:34: HKLM\software\microsoft\internet explorer\toolbar\ || {faa356e4-d317-42a6-ab41-a3021c6e7d52} (ID = 129116)
18:34: HKLM\software\microsoft\windows\currentversion\mod uleusage\c:/windows/downloaded program files/istactivex.dll\ (2 subtraces) (ID = 129124)
18:34: HKLM\software\microsoft\windows\currentversion\run \ || ist service (ID = 129146)
18:34: HKLM\software\microsoft\windows\currentversion\uni nstall\istbar\ (5 subtraces) (ID = 129181)
18:34: HKLM\software\microsoft\windows\currentversion\uni nstall\istsvc\ (3 subtraces) (ID = 129183)
18:34: HKCR\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 subtraces) (ID = 129190)
18:34: HKCR\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}\ (9 subtraces) (ID = 129193)
18:35: HKLM\software\sacc\ (11 subtraces) (ID = 203068)
18:35: HKLM\software\microsoft\windows\currentversion\run \ || surfaccuracy (ID = 203069)
18:35: HKLM\software\microsoft\windows\currentversion\uni nstall\sacc\ (2 subtraces) (ID = 203070)
18:35: HKU\.DEFAULT\software\aprps\ (7 subtraces) (ID = 103740)
18:35: HKU\.DEFAULT\software\ist\ (1 subtraces) (ID = 129108)
18:35: HKU\.DEFAULT\software\microsoft\windows\currentver sion\policies\ameopt\ (ID = 654042)
18:35: Found Adware: seekmo search assistant
18:35: HKU\.DEFAULT\software\microsoft\cryptography\userk eys\one8tsolutionscont@in3rn@me\ (4 subtraces) (ID = 782153)
18:35: Registry Sweep Complete, Elapsed Time:00:01:19
18:35: Starting Cookie Sweep
18:35: Cookie Sweep Complete, Elapsed Time: 00:00:00
18:35: Starting File Sweep
18:35: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
18:36: gmhmobyg.exe (ID = 64496)
18:36: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || xtAOsC (ID = 0)
18:36: qtxmggc.exe (ID = 251281)
18:36: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || ReJf5vH (ID = 0)
18:46: Found Adware: 180search assistant/zango
18:46: c:\windows\start menu\programs\180search assistant (3 subtraces) (ID = -2147480572)
18:47: seadbc.exe (ID = 247454)
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4a0ad2b2-1e18-4593-8ba0-f17b01889869.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsebae819d-4ff0-4ccc-8fbf-b58806ecda83.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd9247142-6d81-4eda-90b5-373cd8b8655f.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9fbb91eb-5e6d-4db8-b726-059bd2648bfc.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5c975e8f-129b-4b0b-83c7-320b1dd64d1f.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf0ca7dd1-0358-40d9-af05-28697525a5a9.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3f9cdca6-210f-46df-81d9-adaf4bc93d92.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9c981c1c-30f2-4ca0-80cf-69c5668356c7.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf4303bff-b646-4756-ac51-254824acdd8c.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsac66780d-9e0b-4d9e-bb4f-270c9f4df29e.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0a523b4e-cba1-4934-b56f-6be72dcab31c.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs41744113-7ff1-481e-8c8f-2ff5a3da23d8.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs158284cc-0215-4945-86e4-97b251a86f7f.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse02831ed-b8e2-4ee1-98c6-3a99d73ce79a.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1be86b6f-8c06-4fb9-a792-01029384b0a3.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs18db1c9a-120d-4a54-b1a9-a8bd985258de.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs27d8a348-8303-46fb-893b-3add28d31ce5.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsce09d430-7c39-49ab-af9b-77eb33bbeb0d.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4bcba2d6-e66f-4372-adeb-62d2582aab8b.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8052a2a7-4422-4b48-a5b4-1b8ff0855b12.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs80ee248b-eac9-4b7d-857c-af4584975015.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs680502a9-ee3d-4b3a-ade8-ad2c2c1ad8f1.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs35ad7a85-09c6-4bd2-8415-f1dbd2af8ba3.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsae5937ce-a501-4df2-9144-f90dedea0765.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd29bdf53-fe53-44e4-9f20-4121c5408ebf.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdd6707da-9690-4c0d-b7b8-c11129f7a6a1.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs24113424-dc0d-4ebb-ac69-5414575d71b9.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs112a4ab4-dc65-4b5d-b411-b9812dcba2eb.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd8ed6fca-e43b-47cf-9827-78bdb93383c7.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs02d78885-e400-4c6c-b510-b35b61ae084c.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3955c480-d32e-4419-99da-ff603b6043c6.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs96c9c72e-7791-4ffa-ad4d-35526ff9e463.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs99c4aa74-611a-4901-8f74-ba73d3e0ade1.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8169236d-c81e-4bec-a925-8fcf1b116a20.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs531e2e54-2929-4122-a6bb-ec5c8993842b.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfea82bf2-4903-4355-a702-777537e15049.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5635c7d6-bdaa-4e00-9e8d-3c45cdbf7beb.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4a6439e6-3267-4dd9-b5be-bed9c85a0e06.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseb4fcb2c-bd38-4ab8-a211-816845d1ef37.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6279db9c-8115-4489-99c0-faed1a5e816c.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd7d5417c-0875-47d4-b1c8-1b043ee370da.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs818c5c1d-a7bd-4055-8b3c-38267db63c08.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs743eb437-ebb3-422e-be54-fc2ef7348d10.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse396a7d8-0fb2-45dc-a4e3-27f334f995e9.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs38b0bee6-bc00-46e1-90de-93ab76f1332a.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7a62d0d8-454c-4ab9-a74b-b74d9f3b3030.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3f7bf56f-e954-48e7-9d7b-809a6465b7d7.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc859684b-0e94-4dec-af99-91050c206463.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs25c2c446-dc97-42d9-b7d8-e61ffd4e584f.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa4c417ea-8ed6-4fb1-bdaa-35a8f194246a.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs994e3b95-a322-4837-a020-8b065f6f357d.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs38c8d73c-7a6f-4379-abf8-0b69a92ba882.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc8900898-4a09-4428-a545-71a5188b3c21.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs014c576a-857e-4a9e-b512-abceb1f66646.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5f44a48a-7df6-412b-805d-b29c85a364d4.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse72d91dd-c779-43e5-b79e-9742a2f1a666.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaa60dd28-6146-40c8-aa98-45d6e6427878.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8cdcb442-ebb2-405e-a53f-efff2ac130aa.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1809c1e8-c340-4715-908c-d6853b164fe4.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2ed32e09-72b0-4ab5-95e0-af7bc484bd0c.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd73b94aa-f649-40f2-bcd1-1bebbca33d11.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9cf82a68-31ec-4076-bb70-71566d0c2053.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs500a9ddb-74ed-43b1-8f97-6e01f8f79c2d.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9696a81d-0c88-4d63-8700-7fa77b7144e1.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6f3028f3-9486-43ef-8914-91b9617a8224.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0ab45e5b-7986-4744-9a68-386d293691d8.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbe7c863f-9f65-43c8-80b3-839658797ac7.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs149790ac-fc82-4a20-b1db-8bf66254ce7c.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsffa6e4f9-502f-4fab-a22a-5a39fe86f63c.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0e6ce00c-b39b-43f9-845f-ff03bfc3b4db.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7026e40c-3524-499a-8b44-fae18b5870b3.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs21bee160-d002-437d-8509-fb4efd3b6627.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2412b8be-8b49-4633-97b0-ee99544a5788.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf994293a-74e2-4415-990e-85b3bf037f6f.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdc0f734b-94a8-43ba-95f1-9a936d2b6632.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs63b7dcca-147f-47d3-b824-bad475b80725.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0f297696-e93b-463f-bdd5-af0d23b18e40.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscce9f74c-5e5a-4259-adec-b3c9e4c83ef1.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs01e8f047-fd7c-439c-bc3e-7a99006a3905.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs19e8a084-e50f-4f39-9bff-070a0e8b933d.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse0782243-52f0-416b-a0db-9720d2af9f81.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs76c0ab9e-516c-457e-bb3b-c62a6f4643f7.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsca7ea56b-128d-45d8-bf82-62ec2b4036c8.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5c4ddacd-1cff-412f-9ffc-db3b815c699a.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs13d90771-56c4-41b8-80eb-756f45ba5425.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc9079eaf-1ffb-4088-a7c9-de955dbc2db6.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb7c0f094-9b55-40b2-8b3a-5e5999b4b10c.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs46ff8071-b047-4133-8c49-ade24e10ebf4.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs185a1ebf-5c72-4787-8151-13ec245c16a3.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs321e2d95-55ce-4ec1-9ef6-f6d0964acbaa.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs54fe96fc-ae1c-4611-b6ad-1431e8f28114.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs72592d59-ae29-4655-a52c-61893642d7de.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6e34af05-1c92-4861-9d3c-245e9f87a9c7.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs552883e6-982d-4bc4-a210-f955d0464467.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs48faa803-08ee-4dee-8af7-5a4d53850882.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf2812f37-fc54-4631-9a73-cfd5fc99f880.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5c2ab7d6-92b5-4954-bf0b-2d7507eb585f.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8e619b46-b4a6-415a-857c-01ab73fbed3f.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3df34904-b437-4a22-815f-f4a1cbd07d4e.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd9fd7b55-2618-4ca9-8e6b-09f27787ac8f.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs41ac810d-b183-45a4-9f15-e4823ce144a2.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs79b44e65-5133-4fe2-8170-fa9322b3197f.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsccf5a042-74a4-412e-9a00-b9beb9ce8250.tmp". The process cannot access the file because it is being used by another process
18:47: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbd65a471-2e60-4e95-9185-bbc82117c5e2.tmp". The process cannot access the file because it is being used by another process
18:50: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcsys.dll". The process cannot access the file because it is being used by another process
18:50: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll". The process cannot access the file because it is being used by another process
18 c:\program files\e2g (1 subtraces) (ID = -2147481074)
18:57: c:\program files\istsvc (1 subtraces) (ID = -2147480800)
18:57: istsvc.exe (ID = 64665)
18:57: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || IST Service (ID = 0)
18:57: Found Adware: ist sidefind
18:57: c:\program files\sidefind (2 subtraces) (ID = -2147480325)
18:57: c:\program files\sidefind\update (ID = -2147474314)
18:57: c:\program files\aprps (7 subtraces) (ID = -2147481420)
18:57: wingenerics.dll (ID = 50187)
18:57: c:\program files\180search assistant (6 subtraces) (ID = -2147480570)
18:57: c:\program files\surfaccuracy (5 subtraces) (ID = -2147478266)
18:57: c:\program files\autoupdate (1 subtraces) (ID = -2147481419)
18:57: sfbho.dll (ID = 76029)
18:57: data.bin (ID = 120162)
18:57: 180sahook.dll (ID = 194443)
18:57: 180sa.exe (ID = 194442)
18:57: sacc.exe (ID = 251881)
18:57: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfAccuracy (ID = 0)
18:57: saccu.exe (ID = 250800)
19:03: a0000193.cpy (ID = 250800)
19:03: a0000196.cpy (ID = 250800)
19:06: File Sweep Complete, Elapsed Time: 00:31:14
19:06: Full Sweep has completed. Elapsed time 00:40:55
19:06: Traces Found: 316
19:07: Removal process initiated
19:09: Quarantining All Traces: 180search assistant/zango
19:09: Quarantining All Traces: blazing tools xp logon logger
19:09: Quarantining All Traces: ist istbar
19:09: Quarantining All Traces: apropos
19:10: Quarantining All Traces: e2g
19:10: Quarantining All Traces: internetoptimizer
19:10: Quarantining All Traces: ist sidefind
19:10: Quarantining All Traces: ist software
19:10: Quarantining All Traces: ist surf accuracy
19:10: Failed to quarantine ist surf accuracy
19:10: Failed to quarantine a0000193.cpy
19:10: Failed to quarantine a0000196.cpy
19:10: Quarantining All Traces: seekmo search assistant
19:11: Removal process completed. Elapsed time 00:04:05
********
18:23: | Start of Session, 23 March 2006 |
18:23: Spy Sweeper started
18:24: Your spyware definitions have been updated.
18:25: | End of Session, 23 March 2006 |

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - HKCU\..\Run: [Y356RXE7P] MMCLP30E.EXE
O15 - TRUSTED Zone: http://ny.contentmatch.net (HKLM)

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

Click OK or Enter


***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:

MMCLP30E.EXE






POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.






To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.



ONLY ONCE you are as clean as possible from any needed cleanup steps - As a final cleanup step (after serious infection), it may be advisable to Reset and Re-enable your System Restore to remove any bad files that MAY have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


(Windows XP)

[b]FOLDER LOCATION: [b] c:\System Volume Information\_restore….

To Turn OFF System Restore.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
4. Click Apply.

REBOOT.

To Turn ON System Restore.

1. Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
2. Create new System Restore points.

(Windows ME)

FOLDER LOCATION: c:\_RESTORE\TEMP\….

See the following link for instructions:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam




To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:

1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
   http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
   http://www.microsoft.com/windows/ie/default.asp
   
   • http://www.securityfocus.com/news/11273
     If you surf to questionable (blockable) parts of the Web, you could encounter sites that compromise your PC without any user interaction. In experiments [reported Aug 2005], Microsoft identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system. Also, be aware that the WinXP Service Pack 2 was an update that focused almost exclusively on security. Also reported was that a fully patched Windows XP SP2 system cannot be compromised by any such discovered rogue Web sites.
   
   
2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
   AVG: http://free.grisoft.com/doc/1
   Avast: http://www.avast.com/eng/avast_4_home.html
   
   
3. In addition to using Ad-aware, consider using another free malware scanning/removal program :
   Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
   Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1
   MS Antispyware beta: http://www.microsoft.com/athome/security/s...re/default.mspx
   
   
4. Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
   Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
   *** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
   Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za
   
   It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.
   
   
5. Consider using an alternate free browser for general web surfing but you must use IE for windows updates.
   Mozilla Firefox: http://www.mozilla.org/products/firefox/
   
   
6. Consider increasing your browser security by using these programs:
   SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
   SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
   • If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
     
   • IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
     http://www.spywarewarrior.com/uiuc/resource.htm
   
   
7. A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
   • Run the HiJackThis tool and select ‘Open the Misc Tools section’.
   • Next select ‘Open host file manager’ button.
   • Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
   • Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.
     
     EXCERPT:
     #start of lines added by WinHelp2002
     # [Misc A - Z]
     127.0.0.1 phpadsnew.abac.com
     127.0.0.1 a.abnad.net
     127.0.0.1 e.abnad.net
     127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
     .
     .
     .
     #end of lines added by WinHelp2002

*Remember just like your primary anti-virus software, it is important to:

• Keep all of these programs up-to-date, and
• Use them on a regular basis.

Hi
Fixed the
O4 - HKCU\..\Run: [Y356RXE7P] MMCLP30E.EXE
But did not find
O15 - TRUSTED Zone: http://ny.contentmatch.net (HKLM)

Followed your advice but did not find the file MMCLP30E.EXE to delete ?

Lastest Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 21:22:29, on 30/03/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ADBLOCKING\NSMDTR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\LB\HI JACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.euro.dell.com/countries/u...en/default.htm (file missing) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll


Many thanks for your help so far

C:\WINDOWS\SYSTEM\INTERNAT.EXE

The above item is potentially a trojan (see advanced TAB):

http://www.sophos.com/virusinfo/anal...rojlydrac.html

http://www.google.ca/search?hl=en&q=...G=Search&meta=





Lets check out the following unfamiliar files or FILE PATH variations:


HIDDEN FILES: To make sure you can see any and all hidden files, please follow the directions here

• Determine the FULL FILE PATH for each (unfamiliar) file item listed BELOW. Use Start (BUTTON)>Search or use the F3 key.
• Please copy and paste each FULL FILE PATH or browse/navigate to each file for assessment submission to the site(s) below and to obtain their immediate FEEDBACK on each item submitted. Paste into the 'Select File' box or navigate to the file using the BROWSE button:
  
  
  http://www.virustotal.com/flash/index_en.html (10MB file size maximum)

==================
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
==================

Let us know what the results were for the file(s) and/or delete those files you determine to be bad (at least two [2] or more negative site responses) and fix any related HJT log items.




Let us know what your current issues are if any.

HI
Did a scan with http://www.virustotal.com/flash/index_en.html
on these two files and they were clean , is that enough for them ?

==================
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
==================

I have also deleted all the files that Panda found
everthing seems ok on the PC , do you need to see another HijackThis log?

Many Thanks

Woody