i used xoftspy to scan and it came back with something called best offers smiley, i used xoftspy to get rid of it but when ireboot and go inline, after this i ran xoftspy and the best offers smiley was back again, how do i get rid of this permenantly.

Is there a listing in Add/Remove Programs?

First, please download HijackThis and post a log:

http://www.merijn.org/programs.php

To run HJT, extract it to a permanent folder such as one you create like C:\HJT or the Desktop. Close all open windows and
browsers and make sure that all programs are enabled if you use msconfig. Run it and Scan, then Save the log.
When the log window appears, Right click to Copy it, open your browser and come here to Paste the entire log. Do
not make any changes until it is checked since most items are either benign or essential to the computer.

and use it to post this:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

here's the scan also there's no mention in add/remove of best offers software
Logfile of HijackThis v1.99.1
Scan saved at 11:50:23, on 16/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ebay.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ebay.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\PANELS\BLANK.HT M
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RunUninstall] C:\Orange\OrangeConnectionKit\setup.exe -u
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Add item - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Program Files\Paragon\Last Minute Bidder\plmg.exe
O9 - Extra 'Tools' menuitem: Add item - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Program Files\Paragon\Last Minute Bidder\plmg.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: [url]http://v4.Windowsupdate.microsoft.com[/url]
O15 - Trusted Zone: [url]http://Windowsupdate.microsoft.com[/url]
O15 - Trusted Zone: [url]http://Download.Windowsupdate.com[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A3A294B-1867-467F-A534-D4864D2217BB}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

I don't see any evidence of it in your log... You do have a couple of things to deal with though...

Open and HJT scan and put a check by:

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

I couldn't find info on this, do you know what it is?? If not, it may be a good idea to fix it too...

O4 - HKLM\..\Run: [RunUninstall] C:\Orange\OrangeConnectionKit\setup.exe -u

Close all open windows except HJT and press Fix checked...

Run this tool to see if we can find the Smiley files... Also, how long ago did you install it??

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

it wont let me post combofix text as it says to long

Break it up over 2 or 3 posts as needed...

2006-10-12 16:16 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-10-12 16:16 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-10-10 14:04 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2006-10-10 14:04 37,887 --------- C:\WINDOWS\system32\drivers\Lhidusb.sys
2006-10-10 14:04 14,095 --a------ C:\WINDOWS\system32\drivers\LCcfltr.sys
2006-10-10 14:04 12,953 --------- C:\WINDOWS\system32\drivers\itchfltr.sys
2006-10-09 21:45 631 --a------ C:\delIndexDat.bat
2006-10-08 12:29 20,096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-10-06 13:55 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-10-05 15:00 87,792 --a------ C:\WINDOWS\system32\drivers\w800mgmt.sys
2006-10-05 15:00 85,664 --a------ C:\WINDOWS\system32\drivers\w800obex.sys
2006-10-04 23:10 1,295,582 --a------ C:\WINDOWS\system32\cygwin1.dll
2006-09-27 15:26 610,304 --a------ C:\WINDOWS\system32\eraser.dll
2006-09-27 15:26 282,624 --a------ C:\WINDOWS\system32\erasext.dll
2006-09-27 15:26 233,472 --a------ C:\WINDOWS\system32\eraserl.exe
2006-09-21 17:42 8,704 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2006-09-19 12:47 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-19 12:47 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-10-16 20:55 -------- d-------- C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2006-10-16 14:34 -------- d-------- C:\Program Files\XoftSpySE
2006-10-16 14:34 -------- d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2006-10-16 11:58 -------- d-------- C:\Program Files\Zortam Mp3 Media Studio
2006-10-15 00:07 -------- d-------- C:\Program Files\Hide IP Platinum
2006-10-14 23:54 -------- d-------- C:\Program Files\DFX
2006-10-14 23:44 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-13 15:46 -------- d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2006-10-13 15:44 -------- d-------- C:\Program Files\Common Files\LogoManager
2006-10-12 21:59 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-12 21:59 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-12 16:16 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-11 23:29 -------- d-------- C:\Program Files\DAMN NFO Viewer
2006-10-11 16:15 -------- d-------- C:\Program Files\MIKSOFT
2006-10-11 14:19 -------- d-------- C:\Program Files\Common Files
2006-10-11 14:00 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-10-10 21:42 -------- d-------- C:\Program Files\Windows Media Player
2006-10-10 21:40 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-10-10 14:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-10 14:04 -------- d-------- C:\Program Files\Logitech
2006-10-10 14:04 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-06 15:28 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-05 17:20 -------- d-------- C:\Documents and Settings\Administrator\Application Data\MyPhoneExplorer
2006-10-05 15:00 -------- d-------- C:\Program Files\Sony Ericsson
2006-10-05 00:33 -------- d-------- C:\Program Files\BitTorrent
2006-10-05 00:00 -------- d-------- C:\Program Files\uTorrent
2006-10-03 18:27 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-10-03 17:07 -------- d-------- C:\Program Files\Eraser
2006-10-02 23:15 -------- d-------- C:\Program Files\MSN Messenger
2006-10-01 17:32 -------- d-------- C:\Program Files\LimeWire
2006-10-01 16:51 -------- d-------- C:\Program Files\Thomson
2006-09-28 21:50 -------- d-------- C:\Program Files\FlashGet
2006-09-26 12:26 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-26 12:23 125 ---hs---- C:\Documents and Settings\Administrator\Application Data\.zreglib
2006-09-21 17:12 -------- d--h----- C:\Program Files\Zero G Registry
2006-09-21 13:55 -------- d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2006-09-20 13:32 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2006-09-20 13:30 -------- d-------- C:\Program Files\VideoLAN
2006-09-20 13:08 -------- d-------- C:\Program Files\Elaborate Bytes
2006-09-19 12:54 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Last Minute Bidder
2006-09-19 12:47 -------- d-------- C:\Program Files\Paragon
2006-09-15 12:49 -------- d-------- C:\Program Files\Aspect one
2006-09-13 20:15 8192 --a------ C:\WINDOWS\system32\NetFerret.dll
2006-09-13 20:15 17920 --a------ C:\WINDOWS\WebFerretUninstall.exe
2006-09-13 20:15 -------- d-------- C:\Program Files\FerretSoft
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 22:37 -------- d-------- C:\Program Files\Lavasoft
2006-09-12 22:37 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-09-11 11:57 -------- d-------- C:\Program Files\Java
2006-09-10 23:43 -------- d-------- C:\Program Files\Foxit Software
2006-09-06 14:36 2208 --a------ C:\WINDOWS\system32\drivers\nxsIO32.sys
2006-09-06 14:32 -------- d-------- C:\Program Files\Internet Explorer
2006-09-06 12:58 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2006-09-06 12:57 -------- d-------- C:\Program Files\Common Files\Java
2006-09-05 20:37 -------- d-------- C:\Program Files\SlySoft
2006-09-05 15:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-09-04 19:17 -------- d-------- C:\Program Files\DVDInfoPro
2006-09-04 19:12 -------- d-------- C:\Program Files\MyPhoneExplorer
2006-09-03 16:11 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Help
2006-09-03 15:03 -------- d-------- C:\Program Files\PC Magazine Utilities
2006-09-03 14:53 -------- d-------- C:\Documents and Settings\Administrator\Application Data\aignes
2006-09-03 14:42 -------- d-------- C:\Program Files\Favorez
2006-09-03 13:15 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2006-09-02 15:34 -------- d-------- C:\Program Files\Common Files\System
2006-09-02 15:06 -------- d-------- C:\Program Files\Outlook Express
2006-09-01 16:06 -------- d-------- C:\Program Files\NeoImagic Computing
2006-09-01 15:56 -------- d-------- C:\Program Files\WinRAR
2006-09-01 14:58 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Genie-Soft
2006-09-01 14:50 -------- d-------- C:\Program Files\FireTrust
2006-09-01 14:46 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-09-01 14:46 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-01 14:46 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-01 14:39 -------- d-------- C:\Program Files\Orange
2006-09-01 14:33 -------- d-------- C:\Program Files\Wanadoo
2006-09-01 14:29 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-01 14:29 -------- d-------- C:\Program Files\Ahead
2006-09-01 14:27 -------- d-------- C:\Program Files\Yamicsoft
2006-09-01 14:24 -------- d-------- C:\Program Files\Kaspersky Lab
2006-09-01 14:11 -------- d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2006-09-01 14:06 -------- d-------- C:\Program Files\VIA
2006-09-01 14:03 -------- d-------- C:\Program Files\WinZip
2006-09-01 14:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-01 14:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-09-01 13:57 -------- d-------- C:\Program Files\xerox
2006-09-01 13:57 -------- d-------- C:\Program Files\Windows NT
2006-09-01 13:57 -------- d-------- C:\Program Files\msn gaming zone
2006-09-01 13:57 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-01 13:56 0 -rahs---- C:\MSDOS.SYS
2006-09-01 13:56 0 -rahs---- C:\IO.SYS
2006-09-01 13:56 0 --a------ C:\CONFIG.SYS
2006-09-01 13:56 0 --a------ C:\AUTOEXEC.BAT
2006-09-01 13:55 -------- d-------- C:\Program Files\Online Services
2006-09-01 13:54 -------- d-------- C:\Program Files\NetMeeting
2006-09-01 13:54 -------- d-------- C:\Program Files\Movie Maker
2006-09-01 13:54 -------- d-------- C:\Program Files\Common Files\Services
2006-09-01 13:54 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 10:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


((

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"C-Media Mixer"="Mixer.exe /startup"
"kis"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
@=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"RunUninstall"="C:\\Orange\\OrangeConnectionKit\\setup.exe -u"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00, 00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff, ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,b5,00,00,00,80,00,00, 00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"MaxRecentDocs"=dword:0000000f
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoInstrumentation"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061016-161433-848
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 06-10-16 20:59:26.79
C:\ComboFix.txt ... 06-10-16 20:59

I am still not finding evidence that is clearly your trojan...

I couldn't find anything good about this and I suggest changing it from a BAT to OLD to see if that makes any difference...

C:\delIndexDat.bat

Also, this continues to look suspicious... Do you know what it is??

O4 - HKLM\..\Run: [RunUninstall] C:\Orange\OrangeConnectionKit\setup.exe -u

Try an AVG AS (Ewido) scan to see if can find and kill whatever is lurking:

Please download, install, and update [url=http://www.ewido.net/en/download/[/url]



Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")

Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.


In Safe Mode, load Ewido and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Restart back into Normal Mode.


Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.

ididi as you said and thne ran xoftspy and this is the result no changehttp://img.photobucket.com/albums/v476/charvel_375/xoftspyresult.jpg

The Ewido log?? The HJT log??

I am guessing that XoftSpy is picking up on orphaned Registry entries which it is supposed to remove... If you are comfortable editing the Registry, you can go after them yourself... If not, you could use CCleaner to clean the Registry, but be sure to back up the Registry first since Registry cleaners can be overly aggressive...

http://www.ccleaner.com/downloadbuilds.asp

Registry Backup:

Go to Start > Run
Type:regedit
Click OK.
On the leftside, click to highlight My Computer at the top.
Go up to "File > Export" Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup

Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

i tried all different spyware killers ewido/ spyware terminator sd&bot none of these found - typelib\{eddbdea4-5c07-453f-be8c-81d738984381}\1.0

typelib\{eddbdea4-5c07-453f-be8c-81d738984381}\1.0\flags

typelib\{eddbdea4-5c07-453f-be8c-81d738984381}\1.0\0\win32

typelib\{eddbdea4-5c07-453f-be8c-81d738984381}\1.0\helpdir
except xoftspy cc clean didnt remove or even see the problem either
so it will have to be a manual regedit xoftspy removed it but then after a reboot it showd up again with xoftspy. so tell me how do i remove the manually, i tried it with regedit but again rebooted and it showed up again.
can someone give me a walk through to manually remove properly plz

i uninstalled kaspersky internet security and rebooted then ran xoftspy
the problem vanished, it would seem kis has adware embedded. anyone know more how to remove the adware and keep kis

Kaspersky does not have embedded adware... The entries you were picking up seem to be typelibrary info, so I suspect this may be a false positive on the part of Xoftspy...

Spyware Terminator is a dubious product that was recently removed from the rogue list... Be careful about using products that claim to be antispyware since many are rogue...

I have the same probelm with the best offer smiley heres my HJT log plz help

Logfile of HijackThis v1.99.1
Scan saved at 6:12:47 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\MotorolaDAP.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Documents and Settings\Tyler\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daktel.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.daktel.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daktel.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Dakota Central Telecommunications Cooperative
O2 - BHO: Poly HTML Filter BHO - {0140DF95-9128-4053-AE72-F43F0CFCA062} - C:\WINDOWS\SYSTEM32\SiKernel.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} - [url]http://client2.tvtonic.com/Webservice/Public/WXStageInstall/2.6/TVTStage1.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139078727984[/url]
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - [url]http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[/url]
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} - [url]http://www.callwave.com/include/cab/CWDL_DownLoad.CAB[/url]
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - [url]http://fdl.msn.com/public/chat/msnchat45.cab[/url]
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - [url]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab[/url]
O16 - DPF: {F9F3920B-2F24-437A-A224-D49F0004A172} - [url]http://www.net-viewer.com/dls/AutoInstall.exe[/url]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Motorola Digital Audio Player Manager (MotorolaDAP) - Motorola Inc. - C:\WINDOWS\system32\MotorolaDAP.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

tyman1180, please start your own, new thread...link back to this one if it is actually needed.