[hannyp]

Please help!!!!!

My computer will not allow me to go into add or delete programs, it says access denier as I do not have authority and to contact the system administrator, this is my PC (laptop) and only myself and my husband have accounts set up on the computer, i've tried under his account and will says the same. How can I get this sorted?

We keep getting this message appear a windows security alert, Warning Potential spyware operation. How can I stop this appearing??

Thanks
Hannah

[philthomas]

You may be better off posting this in the Virus, Spyware & Security forum

[hannyp]

Threads merged.

[evilfantasy]

Moved to Virus, Spyware & Security forum.

Let us see a log from HijackThis please.

Download HijackThis to your desktop.
Double-click on the file you just downloaded.
Click on the "Install" button to install.
It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
Please do not change the default install location.
Upon install, HijackThis should open for you.

Next click on the "Do a system scan and save a log file" button.
HijackThis will scan and then a log will open in notepad.
In the top left of the notepad window click "File" > "Save As" name it hijackthis and then save it to the Desktop.
Please save the log as a text (.txt) file or .log
Do NOT attach MS-Word .DOC files, they will NOT be looked at!
In your post, add the log as an Attachment.
* Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
** Don't use the Analyse This button. It's findings are dangerous if misinterpreted.

Guide for attaching logs to a post

[hannyp]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:43 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Samsung\DisplayManager\dmhkcore.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\PCPrivacyTool\mc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Program Files\Common Files\AVSystemCare\bm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Easy SpyRemover\EasySpyRemover.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com; ad=http://avsystemcare.com
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\PCPrivacyTool\mc.exe" dm=http://pcprivacytool.com; ad=http://pcprivacytool.com
O4 - HKLM\..\Run: [rtasks] C:\Program Files\AVSystemCare\rtasks.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: system.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O17 - HKLM\System\CCS\Services\Tcpip\..\{6309F0DB-E1B6-4D47-83F0-111ED3BCCD32}: NameServer = 212.139.132.24 212.139.132.25
O20 - AppInit_DLLs: sulimo.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 9608 bytes

Hope this helps??

[evilfantasy]

You definitely have some very nasty infections.

1. Download Malwarebytes' RogueRemover Free
2. Double click the icon to install RogueRemover and then start the program.
3. Press Check for Updates.
4. This will show you if there is a newer version of the database. Press Download.
5. Go back to the main screen and press Scan.
6. If and when an infection is found, remove all objects found.

=====

Download, install and update Superantispyware (SAS) Don't run this yet.

SUPERAntispyware Free Edition

=====
You may want to print out or copy and paste the rest of the instructions and save them in a text document to your desktop. You will not be able to see them from Safe Mode.

Restart in Safe Mode

* Restart the computer.
* When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key.
* When you get to the boot menu, use the arrow keys to select Safe mode
* Then Press Enter.
* The computer restarts in Safe mode.

=====

Open HijackThis and select "Do a system scan only"

Place a check mark next to: (if found)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com; ad=http://avsystemcare.com
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\PCPrivacyTool\mc.exe" dm=http://pcprivacytool.com; ad=http://pcprivacytool.com
O4 - HKLM\..\Run: [rtasks] C:\Program Files\AVSystemCare\rtasks.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

Now click "Fix checked"

Exit HijackThis

=====

Now configure and run SUPERAntiSpyware in Safe Mode.

* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked:
+ Close browsers before scanning
+ Scan for tracking cookies
+ Terminate memory threats before quarantining.
+ Please leave the others unchecked.
+ Click the Close button to leave the control center screen.
* On the main screen, under Scan for Harmful Software click Scan your computer.
* On the left check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK.
* Make sure everything in the white box has a check next to it, then click Next.
* It will quarantine what it found and if it asks if you want to reboot, click Yes.
* To retrieve the removal information please do the following:
+ After reboot, double-click the SUPERAntiSpyware icon on your desktop.
+ Click Preferences. Click the Statistics/Logs tab.
+ Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
+ It will open in your default text editor (such as Notepad/Wordpad).
+ Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
* Please add the log as an attachment along with a new HijackThis log in the next post.

=====

Next Post please add as attachments
SUPERAntiSpyware log
New HijackThis log

[hannyp]

This is the SuperAntiSpyware Results:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/26/2007 at 08:56 AM
Application Version : 3.9.1008
Core Rules Database Version : 3259
Trace Rules Database Version: 1270
Scan type : Quick Scan
Total Scan Time : 00:09:24
Memory items scanned : 564
Memory threats detected : 0
Registry items scanned : 720
Registry threats detected : 0
File items scanned : 8656
File threats detected : 84
Adware.Tracking Cookie
C:\Documents and Settings\Hannah\Cookies\hannah@www.burstbeacon[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@archant.122.2o7[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wfmigoajiko.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wfk4widpifo.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@overture[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wflokpczkbq.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@stat.errclean[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@ads.associatedconte nt[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@1070878818[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@doubleclick[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@ads.pointroll[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@burstnet[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wjmywjdjokp.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@atdmt[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@roiservice[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@122.2o7[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@apmebf[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wjlyehcjkdo.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wblogncpagp.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@mediaplex[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@indextools[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wgmyagajsdo.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@phillyburbscom.112. 2o7[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@1069870899[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@serving-sys[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@questionmarket[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wfk4cpcjshq.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@1057062368[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@adserver[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@rotator.adjuggler[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@haymarket[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@ad.yieldmanager[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wjlyalcpcfo.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@adrevolver[3].txt
C:\Documents and Settings\Hannah\Cookies\hannah@adrevolver[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@ehg-autotrader.hitbox[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@revsci[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@a[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wckigncpmfo.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@whatcar[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wjkoejdjmgp.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@tracking.webdiversi ty.co[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wglyuiazacp.stats.esomniture[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@tradedoubler[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@pistonheads[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@tribalfusion[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wgl4qic5mlp.stats.esomniture[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@anat.tacoda[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@next[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6whkiaodzcfo.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@hitbox[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@haynet.adbureau[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@paypal.112.2o7[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wfliujajshp.stats.esomniture[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@1066670941[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wgliglc5aco.stats.esomniture[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@h.starware[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@edge.ru4[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wgkiohcpmgo.stats.esomniture[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wfkysjazkgp.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@amazonms.122.2o7[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@msnportal.112.2o7[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@bluestreak[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@stat.dealtime[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wfliemdzahq.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@1071238990[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@1070144314[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wjlycmajsfo.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@advertising[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@bs.serving-sys[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@1066767647[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@media.adrevolver[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@adtech[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wjlyqgd5ido.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@dealtime[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@tacoda[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@tracking.summitmedi a.co[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wjmikjczihq.stats.esomniture[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@www.burstnet[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@statcounter[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@try.starware[2].txt
C:\Documents and Settings\Hannah\Cookies\hannah@statse.webtrendsliv e[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@clickbank[1].txt
C:\Documents and Settings\Hannah\Cookies\hannah@e-2dj6wbliskcjibo.stats.esomniture[2].txt


And here is the HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:38 AM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Samsung\DisplayManager\dmhkcore.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O17 - HKLM\System\CCS\Services\Tcpip\..\{6309F0DB-E1B6-4D47-83F0-111ED3BCCD32}: NameServer = 212.139.132.24 212.139.132.25
O20 - AppInit_DLLs: sulimo.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 9092 bytes

Great steps to follow, even I managed to it.

Thanks, whats next??

[evilfantasy]

Can you get to add/remove programs now?

If so go there and look for and uninstall East Spy Remover.

[hannyp]

No, I still get the warning appear which reads:
'This operation has been cancelled due to restrictions in effect on this computer, please contact your system administator'.

[MJM]

Boot into safe mode.

Restart your computer and keep hitting F8. You should get a menu. Choose the upmost (safe mode). When selecting accounts be sure to pick the admin account.
Go into add/remove programs. It should work. Otherwise try killing the process (which may or may not be called "EasySpyRemover.exe" or similar). Try accessing add/remove again.