jbhook.dll/svch0st.exe

Adware.eXact Advertising
C:\SYSTEM VOLUME INFORMATION_RESTORE{C36F20AE-6081-496A-B83A-3F6253FA7229}\RP106\A0032039.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{C36F20AE-6081-496A-B83A-3F6253FA7229}\RP120\A0037261.EXE
C:\SYSTEM VOLUME INFORMATION_RESTORE{C36F20AE-6081-496A-B83A-3F6253FA7229}\RP124\A0037495.EXE

Adware.ZToolbar
C:\SYSTEM VOLUME INFORMATION_RESTORE{C36F20AE-6081-496A-B83A-3F6253FA7229}\RP130\A0047005.INF

Trojan.Service
C:\WINDOWS\SYSTEM32\SERVICE.EXE

Trojan.ErrorSafe
D:\PROGRAM FILES\ERROR SAFE\INSTHELP.EXE
D:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UERS_9999_N91S2507NETINSTALLER.EXE

Adware.WhenU
D:\SYSTEM VOLUME INFORMATION_RESTORE{0534E627-4F14-4105-95EE-858952EC082B}\RP154\A0041960.EXE
D:\SYSTEM VOLUME INFORMATION_RESTORE{C93E01D6-892D-4A91-ADD4-EA2B5266DCF8}\RP27\A0015156.EXE

Adware.IST/SaferScan
D:\SYSTEM VOLUME INFORMATION_RESTORE{0534E627-4F14-4105-95EE-858952EC082B}\RP215\A0063441.EXE

And The New Hijackthis! log…

Logfile of HijackThis v1.99.1
Scan saved at 12:35:06 PM, on 21/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
c:\programs\Avast4\aswUpdSv.exe
D:\WINDOWS\ATKKBService.exe
c:\programs\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\SOUNDMAN.EXE
C:\programs\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\programs\DAEMON Tools\daemon.exe
C:\Programs\TASKBA~1\TaskBar.exe
D:\Program Files\AIM95\aim.exe
C:\programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\WINDOWS\System32\wuauclt.exe
c:\programs\Avast4\ashWebSv.exe
D:\Program Files\internet explorer\iexplore.exe
C:\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..\Run: [avast!] c:\programs\Avast4\ashDisp.exe
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [SunJavaUpdateSched] “D:\Program Files\Java\jre1.6.0\bin\jusched.exe”
O4 - HKLM..\Run: [CloneCDTray] “C:\programs\CloneCD\CloneCDTray.exe” /s
O4 - HKLM..\Run: [Zone Labs Client] “D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\programs\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [DAEMON Tools] “C:\programs\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU..\Run: [Taskbar Hide] C:\Programs\TASKBA~1\TaskBar.exe -Start
O4 - HKCU..\Run: [AIM] D:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\programs\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - c:\programs\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - c:\programs\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - c:\programs\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - c:\programs\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

Please:

  1. Disable System Restore, clean your temporary files, boot.
  2. Schedule a boot time scanning with avast. Boot.
  3. Download, install, update and run trojan removers: a-squared and AVGas. :wink:

Already disabled system restore, cleared temp files and ran boot up scans before approaching the forums, and have run several since…

Downloading the recommended software as we speak

I ran the recommended software, which found some adware and a few pieces of malware…nothing outrageous however

:slight_smile: Hi tjw :

 Your HijackThis log indicates your Operating System is XP SP1;
 therefore the appropiate Sun Java for that is the 1.5 Series, NOT
 the 1.6 Series your HijackThis log indicates you have, Therefore
 uninstall ALL versions of Sun Java on your computer, then go to
 www.java.com to get the latest ( 1.5 Series ) for your computer .

 And to have the HijackThis program work at its best, should RENAME
 "HijackThis.exe" to something like "HijackThat.exe", then run a Scan
 and post its log .

Not only that because only XP SP1 is installed you can’t get any security updates after June this year (I think), nor can you get IE6 SP2 or IE7 either, both of which close many security vulnerabilities as you require XP SP2.

yes, well I got SP2 3 times and every time i t crashed my compyter and I had to reboot it and reinstall windows, and I’m not gonna bother with all that crap again…

The reason sp2 was crashing was because you had malware on your system. You really do need to be clean before installing

Cheers essexboy, again, thanks for all your help this far, just wondering is everything else sweet on my PC now?

You look good to go for SP2 ;D