hi guys....i need your expert help once again...i downloaded a programme suggested by a friend (stupid me)...after download my browser had been hijacked and i had to icons on my desktop - casino online and poker - which only appeared after this download. i tried to do system restore but unsuccesful...done spybot ad-aware and microsoft antispyware along with panda antivirus checks which did find adware and spyware but no virus...i removed all these and took desktop icons off desktop but when i connect to internet i still get casino and poker pop-ups although i checked and pop-up blocker is enabled. i ran a hijack this and here is log: Logfile of HijackThis v1.99.1 Scan saved at 23:51:06, on 11/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe C:\WINDOWS\SOUNDMAN.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\BTYAHO~2\SMARTB~1\BTHelpNotifier.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe C:\WINDOWS\VM_STI.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe C:\Program Files\Messenger\MSMSGS.exe C:\Program Files\MSN Messenger\MsnMsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\hh.exe C:\Program Files\Yahoo!\browser\ybrowser.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\DOCUME~1\JANETC~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pueecgpqdjtfsjzr.net/ggYLJharl4yyFoEyyt7ubgMF8fZGplO26OfSP8hd38NgYayzWLRBMMg4mnHm8h3L.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.bt.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.exe" /s O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~2\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.exe ZSMC USB PC Camera O4 - HKLM\..\Run: [Great Delete Style Mp3] C:\Documents and Settings\All Users\Application Data\SIGNHOLEGREATDELETE\HELP SEEK.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MixDownload] C:\DOCUME~1\JANETC~1\APPLIC~1\SHIMSO~1\purelivefive.exe O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe O4 - Global Startup: Digimax Viewer 2.1.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4438/mcfscan.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.exe Any help would be gratefully appreciated because i haven't got a clue what to remove from this... thks jan

HJT logs are by invitation only. Here is the self-help site. http://www.hijackthis.de/index.php?langselect=english

This should have been posted in security/virus forum. This is definitely one of your problems: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pueecgpqdjtfsjzr.net/ggYLJharl4yyFoEyyt7ubgMF8fZGplO26OfSP8hd38NgYayzWLRBMMg4mnHm8h3L.html BUT - When you try to eradicate viri and ad/spy/mal ware, you should do it when logged into Safe Mode and disconnected from the network. Many times I have had to run Ad-Aware and SpyBot 3 times in Safe Mode on other'scomputers to get rid of this junk (with reboots in between each try). AND do not execute more than one Anti ad/spy/mal/virus scan at the same time. You may not have time to search the Internet for your answer. Well, sorry, I may not either.

quickest, easiest, safest fix: download/install firefox (google it)... www.linuxteens.com

Don't take this the wrong way Eskiled but you are an idiot. Firefox would not have helped in any shape or form. Janetcottom downloaded and installed this voluntarily. The browser had nothing to do with it. Janetcottom I would try downloading Microsoft's Antispyware program. It is a very well designed program and in my experience does an excellent job. Microsoft's Antispyware Page Hope this helps, Sandman

okay he said his browser was hijacked... sooo.... install firefox! ps. run stuff like SB:S&D and adaware, etc. www.linuxteens.com

"okay he said his browser was hijacked... sooo.... install firefox!" I can't help but laugh when I read that LOL. I apologize for calling you an idiot, no hard feelings I hope :) It just irks me when some recommends a browser as a solution to a problem like this. It fixes nothing, and doesn't help the user with their current situation.