HELP ME!!!!

Active Scan....



Incident Status Location

Adware:adware/toprebates Not desinfected C:\PROGRAM FILES\WebRebates4
Adware:adware/webhancer Not desinfected C:\PROGRAM FILES\whInstall
Spyware:spyware/searchcentrix Not desinfected Windows Registry
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\bccehpeh.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\bikebiasdalebody.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\booccgqr.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\divjseji.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\dlkdqoor.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\ecdywqfr.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\edaixpby.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\ekcqflrc.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\exebgykm.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\fbiydzfa.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\fekibmah.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\Fourfastdent.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\fqzywobm.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\gbhwzcjr.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\hmaifben.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\hyplgswo.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\ibgnojxg.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\isqctjtr.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\jnaizjpa.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\jogeukhj.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\kkzzxtoq.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\kmmkogfv.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\kzbsacom.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\lttlesdx.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\mbndnokv.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\muhyzlbw.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\nnkhnkwc.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\nrbyvimd.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\ntjpqvpl.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\Option dupe internet.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\ovondtwp.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\papvofjd.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\pdkutliy.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\pwzcnpvt.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\qnbntyag.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\qnlyxnif.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\qqrxueyq.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\rgwytxpd.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\tbmnlpwv.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\usumfvdj.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\uwozuvvt.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\uxhabcfl.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\vhdwiqix.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\vnmerjja.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\wnkkgbqn.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\wseoiyim.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\xebrmlap.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\xptefrbc.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\ydlhlvdp.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\yefpdplq.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\ynufafay.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\ypenkudj.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\yygnkwfk.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\zfcuxqlf.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\rule plan lies\zshilxae.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\timelist\pure extra.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\bikebiasdalebody.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\dwwmrsem.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\dynajafa.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\eqrqobwu.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\Fourfastdent.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\fvzjstra.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\ngauwyuc.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\ngvsyuat.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\ocgkmpqc.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\Option dupe internet.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\oyojcmek.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\qenvtjkr.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\skcarjju.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\vkoeulhk.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\wvdgdueg.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\yotqfhly.exe
Adware:Adware/Lop Not desinfected C:\Documents and Settings\JULIE\Application Data\rule plan lies\znrooxal.exe
Adware:Adware/IST.ISTBar Not desinfected C:\Documents and Settings\SHONA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-772110ae.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not desinfected C:\Documents and Settings\SHONA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-42e185e8.zip[InstallerApplet.class]

Uninstall List.....



Adobe Photoshop 7.0.1
Adobe Reader 6.0
Advanced MP3/WMA Recorder
Alchemist version 0.5.1
BlueSoleil
broadband medic
CC_ccProxyMSI
CC_ccStart
ccCommon
Championship Manager 99-00
CleanUp!
Disney's Magic Artist Studio
EPSON CardMonitor
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR300 Reference Guide
ESPR300 Software Guide
ESPR300 Standalone Guide
FIFA 2005
FinePixViewer Ver.4.0
FUJIFILM USB Driver
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
ImageMixer VCD for FinePix
iMesh 5
iPod for Windows 2005-06-26
iPool
iSnooker
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_04
LimeWire 4.9.4
LiveReg (Symantec Corporation)
M318B Digital Video Camera
Medal of Honor Allied Assault
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft 3D Movie Maker 1.0
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft Works 7.0
MicroStaff WINASPI NT
Mozilla Firefox (1.0.6)
MSN Messenger 7.5
MSRedist
Network Play System (Patching)
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
n-Track Studio 4
Packard Bell Toolbar 1.0
Panda ActiveScan
Paradise Poker
PIF DESIGNER2.1
Power Tab Editor 1.7
QuickTime
RAW FILE CONVERTER LE
Realtek High Definition Audio Driver
ScanToWeb
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Simon3D
Sonic MyDVD
Sonic RecordNow!
SP2 Connection Patcher
SP2 Connection Patcher
Spybot - Search & Destroy 1.4
Symantec Script Blocking Installer
The Sims Livin' it up
The Sims Unleashed
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Virtual Makeover Beauty Sampler
webHancer Survey Companion
WebRebates (by TopRebates.com)
Who Wants To Be A Millionaire
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Messenger

HJT....



Logfile of HijackThis v1.99.1
Scan saved at 16:46:35, on 29/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Much better,

Check Spybot 1.4 for updates, Don't run it yet just check for updates and download any it has, Close out the program

Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.
If you have Java 1.5, do this instead. Start->Control Panel->Java->Settings->Delete Files and click OK and OK.

Next
Reboot into SAFE MODE

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

webHancer Survey Companion
WebRebates (by TopRebates.com)



Don't restart your computer continue on with the instructions need to be done in safe mode

Search for and delete the Folders highlighted in Blue, Files highlighted in BOLD

C:\PROGRAM FILES\WebRebates4\
C:\PROGRAM FILES\whInstall\
C:\Documents and Settings\BERNIE\Application Data\rule plan lies\
C:\Documents and Settings\JULIE\Application Data\rule plan lies\

Note: there is a folder under Bernie and Julie make sure you get them both

Run a scan with Spybot now, Have it fix anything it finds in Red


Restart your computer,

Scan again with Spybot again fix anything it finds in Red

Restart one more time please,

Rescan with Active, Post back the log from it please,
No need for a HJT log this time just the Active scan log, Once we get that cleaned up we will take care of any leftovers with HJT

ANNOYING TOOLBAR HAS GONE!! YEY!! YOU ARE A ABSOLUTE GENIOUS! I CANT THANK YOU ENOUGH!!!



Incident Status Location

Adware:adware/toprebates Not desinfected C:\PROGRAM FILES\WebRebates4
Adware:adware/webhancer Not desinfected C:\PROGRAM FILES\whInstall
Spyware:spyware/searchcentrix Not desinfected Windows Registry
Adware:Adware/Lop Not desinfected C:\Documents and Settings\BERNIE\Application Data\timelist\pure extra.exe

Just a couple more folders to go, could you not find the first 2 ?


Again into safe mode

Search for and delete the Folders highlighted in Blue

C:\PROGRAM FILES\WebRebates4
C:\PROGRAM FILES\whInstall
C:\Documents and Settings\BERNIE\Application Data\timelist

Back to normal mode
Rescan with Active again please
Post back the log along with a fresh HJT log please

ill do that now, but when i searched for the first two ...C:\PROGRAM FILES\WebRebates4
C:\PROGRAM FILES\whInstall ... before nothin came up :-S

Found them this time!! yey!

Incident Status Location

Spyware:spyware/searchcentrix Not desinfected Windows Registry

The subject should be relevant to the topic or question. Ideally the subject line should be able to summarize the question. Using a relevant title will greatly increase the chances of an answer. An example of a bad title is: "HELP ME!" An example of a good title is: "How do I reinstall Windows XP?" Using all caps and screaming for help will usually mean most people ignore you. If you use a relevant title with relevant keywords more people will find your topic.

Meh

Thanks for the advice Ripawallet, didnt need to be so harsh about it, but i thought the title was quite relevant to the question as i needed help, and it seemed to work because someone helped me straight away thannks Don

Your very welcome
I understand the frustraction,
The last item Active is finding is a orphaned reg key nothing to be overly concerned about,

Lets just give Ad-aware a run and fix anything it may find

Run Ad-Aware with the latest update.

1. Download the latest version of Ad-Aware (Ad-Aware SE Build 1.06r1) from here.
   
2. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
   
3. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
   
4. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
   
5. Once the definitions have been updated:
   
6. Reconfigure Ad-Aware for Full Scan as per the following instructions:
   • Launch the program, and click on the Gear at the top of the start screen.
     
   • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
     • "Automatically save logfile"
       
     • Automatically quarantine objects prior to removal"
       
     • Safe Mode (always request confirmation)
       
     • Prompt to update outdated confirmation) - Change to 7 days.
       
     
     
   • Click the "Scanning" button (On the left side).
     
   • Under Drives & Folders, select "Scan within Archives"
     
   • Click "Click here to select Drives + folders" and select your installed hard drives.
     
   • Under Memory & Registry, select all options.
     
   • Click the "Advanced" button (On the left hand side).
     
   • Under "Shell Integration", select "Move deleted files to Recycle Bin".
     
   • Under "Log-file detail", select all options.
     
   • Click on the "Defaults" button on the left.
     
   • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
     
   • Click the "Tweak" button (Again, on the left hand side).
     
   • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
     • "Unload recognized processes during scanning."
       
     • "Obtain command line of scanned processes"
       
     • "Scan registry for all users instead of current user only"
       
     
     
   • Under "Cleaning Engine", select the following:
     • "Automatically try to unregister objects prior to deletion."
       
     • "During removal, unload explorer and IE if necessary"
       
     • "Let Windows remove files in use at next reboot."
       
     • "Delete quarrantined objects after restoring"
       
     
     
   • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
     
   • Click on "Proceed" to save these Preferences.
     
   • Click on the "Scan Now" button on the left.
     
   • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
     
   
   
7. Close all programs except ad-aware.
   
8. Click on "Next" in the bottom right corner to start the scan.
   
9. Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
   
10. After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
    

After that post back a fresh HJT log and we will take care of any leftovers,

How is the machine running now ?

Howdy, Rippawallet, and welcome to A2K. Sometimes a copy-and-paste of the obvious can be good advice. Sometimes its just trolly. Giving bad, illegal, dangerous, or otherwise ill-considered advice all but invariably is trolly. Folks given to trollishness aren't thought of very highly hereabouts, and typically find their social horizons greatly, summarilly, and abruptly reduced, at least with reference to A2K. Hate to see you hurt yourself; one's welcome here is not unconditional.

Computer is running faster now woohoo!

here is HJT file....


Logfile of HijackThis v1.99.1
Scan saved at 17:32:18, on 30/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Wait for Don77 to weigh in here and sign off on this one, but that looks like a clean system to me. You'll get some perofrmance improvement - not a lot, necessarilly, but some - if you go into the configuration pages of Quicktime, RealPlayer, MSN Messenger, and Yahoo! Messenger, and set them to NOT start with Windows. You can always invoke them whenever you have use for them, but there's little point to having them running as background processes doing nothing but occupying otherwise available resources when you're not actually using them (consult the help files/documentation of the apps for particular instructions). Another suggestion would be to use either Ad-Aware SE's Messenger Control or Steve Gibson's Shoot The Messenger ; unless your machine is in an corporate/institutional network environment in which Network Administrators use Windows Messenger (an entirely separate thing from chat/instant messaging clients such as MSN Messenger, AIM, or Yahoo! Messenger) for intra-network control and communication, there is no reason to have that service running, period, and shutting it off locks down a notorious irritation vector.


With all that done, Stay Safe Out There.

This site has been amazing help, i cant thank you all enough! thanks so much!

Yes indeed thats a clean log,
You can use Timber's suggestions as well

Please use the following suggestion to help prevent reinfection


Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep AD-Aware. and Spybot 1.4 handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
You can keep Cleanup! handy to handle that for you


Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here for XP

See Here for ME Name it clean or something like that,


Let us know if you have any further problems

Yer weccum. Glad you found us, and glad we were able to help - but really, you did mosta the work, so give yourself a backpat too, and as Don77 says, if anything else comes up, just holler out.

Feel free to bounce around some here at A2K - its a huge, diverse website, and there's no telling what you might find to capture your interest. This website is what its members make it.