Hi I'm currently fixing a computer for a friend over the phone and I got the following information from her: She says she is getting various popups from her AVS about trojans and virusses detected but cant remove them. Here are the logs.

Logfile of HijackThis v1.99.1
Scan saved at 14:43:53, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eircom.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware347\bin\Starware347.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Starware347 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware347\bin\Starware347.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: e1.dll deskmcd3.dll
O20 - Winlogon Notify: dsseds32 - C:\WINDOWS\system32\dsseds32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Active Scan

Incident Status Location

Virus:W32/Spamta.IC.worm Disinfected Operating system
Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@adrevolver[3].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@atwola[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@bravenet[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@i.screensavers[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@maxserving[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@realmedia[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@xiti[1].txt
Virus:W32/Spamta.JM.worm Disinfected Personal Folders\Inbox\Error\file.zip[file.msg.scr]
Virus:W32/Spamta.JM.worm Disinfected Personal Folders\Inbox\Mail server report.\Update-KB8562-x86.zip[Update-KB8562-x86.exe]
Virus:W32/Spamta.IC.worm Disinfected C:\Documents and Settings\HotProperty4Sale\Local Settings\Temp\~35.tmp
Virus:W32/Spamta.IC.worm Disinfected C:\Documents and Settings\HotProperty4Sale\Local Settings\Temp\~40.tmp
Virus:W32/Spamta.IC.worm Disinfected C:\Documents and Settings\HotProperty4Sale\Local Settings\Temp\~43.tmp
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\HotProperty4Sale\Local Settings\Temporary Internet Files\Content.IE5\EXGJQP21\channels_02[1].gif
Virus:W32/Spamta.IC.worm Disinfected C:\WINDOWS\system32\e1.dll
Virus:Trj/SpamtaLoad.N Disinfected C:\WINDOWS\system32\jzxdrhflnx.exe
Virus:Trj/SpamtaLoad.N Disinfected C:\WINDOWS\system32\rffnrjddtb.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:54:40 03/11/2006

+ Scan result:



C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP67\A0005294.dll -> Adware.Comet : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP67\A0005295.dll -> Adware.Comet : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP67\A0005293.DLL -> Adware.IWon : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP67\A0005291.EXE -> Adware.MyWebSearch : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP67\A0005292.DLL -> Downloader.IstBar : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@blindscom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\HotProperty4Sale\Cookies\hotproperty4sale@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP67\A0005297.dll -> Worm.Warezov.da : Cleaned.
C:\WINDOWS\system32\dsseds32.exe -> Worm.Warezov.df : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP67\A0005296.dll -> Worm.Warezov.dw : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP67\A0005298.exe -> Worm.Warezov.dw : Cleaned.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP67\A0005299.dll -> Worm.Warezov.dw : Cleaned.
C:\WINDOWS\system32\deskmcd3.dll -> Worm.Warezov.dw : Cleaned.
C:\WINDOWS\system32\mgmtmtxc.exe -> Worm.Warezov.dw : Cleaned.
C:\WINDOWS\system32\vsxmpgpc.dll -> Worm.Warezov.dw : Cleaned.


::Report end

I also have the spybot report but its too big to be posted here.She currently has 2 computers infected.The above being the "cleaner" one. I'm awaiting log files from other one.

I'm just wondering if anything looks out of place. She disabled AVG free anti virus as its email scanner was preventing her from sending and receiving emails. Should i suggest a reinstallation? Obviously Norton isn't doing the business.

Thanks for your time in reading this.

Start Hijackthis and place a check next to these items If there.
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware347\bin\Starware347.dll (file missing)
O3 - Toolbar: Starware347 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware347\bin\Starware347.dll (file missing)
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZU
O20 - AppInit_DLLs: e1.dll deskmcd3.dll
O20 - Winlogon Notify: dsseds32 - C:\WINDOWS\system32\dsseds32.dll (file missing)

====================================
Hit fix checked and close Hijackthis.(disregard the hijackthis backup error)
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the windows control panel addremove program uninstall any mywebsearch programs

You mention two antivirus programs, Uninstall al but one.
Im not refering to avg antispyware

Post a new log

Due to lack of responses this thread is closed
If you still need assistance a new log will be needed, send me or Tashi a PM (personal message) and we will re-open it.