please help tried removing this with superantispyware pro.it worked i rebboted turned off sytem restore rebooted turned it back on,all system restore points had dissapeared and the worm/trojan is back and flashing at me,ran antispyware again but it didnt detect anything.
so heres a hjl if anyone can help.

gfile of HijackThis v1.99.1
Scan saved at 20:44:47, on 01/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Documents and Settings\gill&ade\Desktop\films\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe

Welcome to Safer Networking, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum, especially this: "BEFORE you POST" Mandatory Steps Before Requesting Assistance
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.

HJT is not showing this item, that is why we ask for the online scan results. In this case it sounds like Smitfraud so we will take a look first. You may hold the online scan unless I tell you I need it.

http://siri.geekstogo.com/SmitfraudFix.php <<< Download Smitfraudfix from here and follow ONLY these instructions:

1) Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

2) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.


3) C:\Program Files\SUPERAntiSpyware\ <<< do you still have this program on the computer?

Post the information I requested the uninstall list and the C:\rapport.txt from Smitfraudfix.

Thanks

Adobe Flash Player 9 ActiveX
Advanced System Optimizer 2.01
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
CA eTrust PestPatrol Anti-Spyware
Command & Conquer 3
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
eBay Toolbar
GameShadow
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Video Player
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
iTunes
J2SE Runtime Environment 5.0 Update 11
Lexmark 6300 Series
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motherboard Monitor 5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
PowerDVD
QuickTime
RealPlayer
Red Alert Windows 95
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Professional
System Spyware Interrogator
The Battle for Middle-earth (tm) II
Turbo Lister 2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Zoo Tycoon: Complete Collection
Zuma Deluxe RA

SmitFraudFix v2.173

Scan done at 18:14:10.29, 02/05/2007
Run from
C:\Documents and Settings\gill&ade\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dxovx.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles






»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\gill


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"

[HKEY_CLASSES_ROOT\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
@="C:\WINDOWS\system32\dxovx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
@="C:\WINDOWS\system32\dxovx.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: National Semiconductor DP83815-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.20.75

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

super antispyware still installed.
regards

Thanks, Smitfraud is present, follow these instructions:
Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

__________________________________________________

Please tell me why no antivirus program is running in your HJT log? SUPERAntiSpyware is not an antivirus program. I see this in the uninstall list:
CA eTrust PestPatrol Anti-Spyware which is also only an antispyware program? If you need a free antivirus program, here is a good one you can use:
http://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5
Download, install, update and run a complete system scan and let me know about the results.

Do you own SUPERAntiSpyware or CA eTrust PestPatrol Anti-Spyware, you need to have a good spyware program running and I will suggest one if needed, but if those are only trials, you will want to uninstall them

J2SE Runtime Environment 5.0 Update 11 <<< out of date, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Download the newest version and then uninstall that old version in Add Remove programs.

Complete all of the above instructions, then post any information I requested, the C:\report.txt from Smitfraudfix and a new HJT log. Let me know how the computer is running now.

Thanks

did everything you asked
updated java
and installed the new antivirus program it detected 88 on drive c and over 13000 on drive g thanks for advice i think its got rid of that virus it doent pop up any more.
have not noticed increase on performance though.





SmitFraudFix v2.173

Scan done at 19:19:08.50, 02/05/2007
Run from
C:\Documents and Settings\gill&ade\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"

[HKEY_CLASSES_ROOT\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
@="C:\WINDOWS\system32\dxovx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
@="C:\WINDOWS\system32\dxovx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\dxovx.dll -> Hoax.Win32.Renos.gen.m
C:\WINDOWS\system32\dxovx.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

sorry forgot the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 09:13:13, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gill&ade\Desktop\films\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe

Thank for returning your information, you said:

and installed the new antivirus program it detected 88 on drive c and over 13000 on drive g thanks for advice i think its got rid of that virus it doent pop up any more.
have not noticed increase on performance though.Please provide more information. what is 88? what are "over 13000" and since I see no drive but C:\ what is your D drive.
As far as the performance, you need to describe it, I am removing malware, I can give you some maintanence tips that may or may not help the computer to run better once the malware is gone, but you need to provide information.

Logfile of HijackThis v1.99.1 Scan saved at 09:13:13, on 03/05/2007

1) Would you assure me this item is valid: O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
If you do not know, remove it with HJT during the next steps.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

3) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(remove unless you set the HomePage to blank)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

(remove unless you are positive it is safe)

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) Follow the instructions in this link to run AVG Anti-Spyware (make sure you update it first) and delete or at least quarantine anything it finds. Save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post any information I requested, the AVG Anti-Spyware scan results and a new HJT log.

Thanks

(AVG Anti-Spyware...if it removes a load of stored cookies on that D drive, edit them out before posting the log. I do not need to see them as long as you deleted them)

cannot send the avg report as everytime i try to paste it the sytem becomes non responsive maybe its to big.did everything on your list.

Logfile of HijackThis v1.99.1
Scan saved at 18:11:01, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\gill&ade\Desktop\films\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe

I need to see the scan report from AVG Anti-Spyware, make sure you have edited out any cookies it located then break it into posts that you can post.

also, you are now running MSConfig (System Configuration Untility) in Selective Startup mode. Please return it to Normal Mode until we are done working together, then you can return to SS mode to save your resources.
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

Please also provide the information I requested at the beginning of my last post.

Thanks

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:55:05 03/05/2007

+ Scan result:



G:\Bug Doctor\Bug Doctor Help.chm -> Adware.BugDoctor : Cleaned.
G:\RECYCLER\NPROTECT\00036787.EXE -> Adware.BugDoctor : Cleaned.
G:\RECYCLER\NPROTECT\00036788.EXE -> Adware.BugDoctor : Cleaned.
G:\RECYCLER\NPROTECT\00036789.CHM -> Adware.BugDoctor : Cleaned.
G:\Windows.old\Program Files\Bug Doctor\Bug Doctor Help.chm -> Adware.BugDoctor : Cleaned.
G:\Windows.old\Program Files\Bug Doctor\BugDoctor.exe -> Adware.BugDoctor : Cleaned.
G:\Windows.old\Program Files\Bug Doctor\BugDoctorLiveUpdate.exe -> Adware.BugDoctor : Cleaned.
G:\Windows.old\Program Files\Picasa\pinstall.dll -> Adware.LookMe : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0014903.exe -> Backdoor.Eter.a : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001521.exe -> Dropper.Delf.xo : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0014902.exe -> Dropper.Small : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001461.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001462.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001463.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001464.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001465.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001466.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001467.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001468.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001469.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001470.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001471.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001472.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001473.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001474.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001475.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001476.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001477.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001478.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001479.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001480.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001481.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001482.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001483.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001484.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001485.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001486.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001487.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001488.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001489.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001490.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001491.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001492.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001493.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001494.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001495.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001496.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001497.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001498.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001499.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001500.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001501.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001502.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001503.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001504.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001505.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001506.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001507.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001508.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001509.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001510.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001511.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001512.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001513.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001514.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001515.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001516.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001517.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001518.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001519.exe -> Dropper.VB.lu : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001520.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001522.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001523.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001524.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001525.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001526.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001527.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001528.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001529.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001530.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001531.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001532.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001533.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003147.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003148.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003149.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003150.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003151.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003839.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003840.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003841.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003842.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003843.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003844.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003845.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003846.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003847.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003848.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003849.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003850.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003851.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003852.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003853.exe -> Dropper.VB.lu : Cleaned.
GG:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005571.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005572.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005573.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005574.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005575.exe -> Dropper.VB.lu : Cleaned.
G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005576.exe -> Dropper.VB.lu : Cleaned.
this listed goes upto if you see the last 4 digits 14901
then these are listed
C:\Documents and Settings\gill&ade\Cookies\gill&ade@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\gill&ade\Cookies\gill&ade@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\gill&ade\Cookies\gill&ade@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\gill&ade\Cookies\gill&ade@e-2dj6wfmiqhajeho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\gill&ade\Cookies\gill&ade@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001455.exe/td.exe -> Worm.Agent.v : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001455.exe/zgo.exe -> Worm.Agent.v : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001457.exe -> Worm.Agent.v : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001458.exe -> Worm.Agent.v : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001455.exe/run.exe -> Worm.VB.njc : Cleaned.
C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001456.exe -> Worm.VB.njc : Cleaned.


::Report end

Please provide more information. what is 88? what are "over 13000" and since I see no drive but C:\ what is your D drive.
As far as the performance, you need to describe it, I am removing malware, I can give you some maintanence tips that may or may not help the computer to run better once the malware is gone, but you need to provide information.


88 was the number of virus detected on drive c when scanned and over thirteen 1300 on my other drive,all these are still in quarenteen
my d drive removable is just a usb cable for my mp3 player and camera

the performance is slow start up could be the avg programs

1) G:\RECYCLER\NPROTECT\ <<< old Norton recycle bin, clean it like this:
Emptying the Norton Protected Recycle Bin
http://service1.symantec.com/support/nsw.nsf/ba62122e5d142a6588256d87006b22be/831aa5c6ef0d750685256c370048ad89?OpenDocument&src=bar_sch_nam

2) Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

3) Please discuss performance once the computer is clean of malware.

4)
thirteen 1300 on my other drive,all these are still in quarenteen
my d drive removable is just a usb cable for my mp3 player and camera
You need to use AVG to scan that drive and remove anything it says is bad, you need to delete the stuff you have in quarantine there. The G drive is going to infect your computer if you are not careful. No way would I plug it in to the computer until you know it is clean.

5)
88 was the number of virus detected on drive c
Those were probably in the System Restore files and once you do the instructions in #2 should be done.

6) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

7) Once you have completed the above instructions, make sure you restart the computer, then run and post a new scan results from AVG Antispyware and a new HJT log with NORMAL startup in MSConfig, and the uninstall list.
Thanks

Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Advanced System Optimizer 2.01
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 7.5
AVG Anti-Spyware 7.5
CA eTrust PestPatrol Anti-Spyware
Command & Conquer 3
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
eBay Toolbar
GameShadow
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Video Player
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
iTunes
Java(TM) SE Runtime Environment 6 Update 1
Lexmark 6300 Series
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motherboard Monitor 5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
PowerDVD
QuickTime
RealPlayer
Red Alert Windows 95
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
The Battle for Middle-earth (tm) II
Turbo Lister 2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Zoo Tycoon: Complete Collection
Zuma Deluxe RA

i deleted all quaranteed files from avg and in the process of a new scan but it takes 2.5 hrs.
step 1 i had to delete all together as old and not in use step two and three done this hjt is with normal start up
have yet to scan with avg spyware

Thanks, I don't see any malware that is obvious in the uninstall list. I don't know all of your programs, look them over and make sure you do.

If you are saying you deleted all of the items AVG Anti-Spyware found on the G drive, then run the scan or not as you wish. It is afterall your computer we are trying to clean.

Post a new HJT log so I can make sure it is clean and then look at this information:

http://www.microsoft.com/atwork/getstarted/speed.mspx?wt_svl=20292a&mg_id=20292b
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Thanks

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:21:50 03/05/2007

+ Scan result:



Nothing found.



::Report end

Logfile of HijackThis v1.99.1
Scan saved at 23:46:08, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Lexmark 6300 Series\ezprint.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\gill&ade\Desktop\films\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

There is a totally new infection on this computer???

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
http://www.castlecops.com/startuplist-12637.html
http://www.symantec.com/security_response/writeup.jsp?docid=2006-021712-3034-99

this worm normally comes from peer to peer files sharing? Is someone downloading this junk in the middle of my attempts to help you clean the computer?

I need to know what this is also:
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

Look in Add Remove Programs and uninstall C:\Program Files\outlook\ <<< that program

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

Close all programs but HJT and all browser windows, then click on "Fix Checked"

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\Program Files\outlook\ <<< delete that folder

Post a new HJT log and post the information about that service that is new and please tell we why this stuff is being downloaded.

its not there
dont know why it showed on last log just rebooted bc and done hjt log below and its not there,
no file sharing done.

Logfile of HijackThis v1.99.1
Scan saved at 00:41:11, on 04/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\gill&ade\Desktop\films\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

It is very strange to have a marker for a worm like Alcan show up and then stop?
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
and you provided me with no information about why this is there?
Probably this: http://www.spywaredata.com/spyware/spyware-adware-new.php

Be sure you follow the instructions to clean the System Restore files, they were badly infected and all of that junk would get back on your computer if you use System Restore.

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

thanks for all your help,really know your stuff.
regards Ade:bigthumb:

As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks