removal of desktop item (topantispyware) in xp pro

hello everybody
i have a problem with an anti-virus ad. it shows as a desktop item. its black and its got warning for spyware (funny thing is the spyware i want to remove is their ad) i remove the desktop item and click on the box where it say lock desktop items. but sometimes my an error box comes out it goes "explorer made an error its gonna be closed" i click "ok" and everythin comes back to normal except the desktop item comes back. in the list the item is called "security" but you cannot see its properties.
in my taskbar i also have this yellow triangle with an exclamation mark. its alwasy there and everynow and then it prompts me to check for updates. if i click on it, it takes me to the same website with the desktop item. its topantispyware.com
i have spysweeper the demo version, security iguard and microsoft anti spyware but i couldnt get rid of this.
all the help is greatly appreciated.

Hi kinowa,

Please download HijackThis. Make sure you install HijackThis to a permanent folder such as C:\HJT as it creates backups of what we will fix.

Run the program, click the button at the top "Do a system scan and save a logfile". Save the log to a convenient place such as C:\HJT Notepad will open, copy and paste the entire log into your post. Do not fix anything yet, most of what's in the log is needed!

http://www.majorgeeks.com/download3155.html

Tom

Logfile of HijackThis v1.99.1
Scan saved at 11:41:05 PM, on 4/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\System32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
E:\Program Files\Wireless LAN Utility\WlanUtility.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\WINDOWS\System32\wuauclt.exe
E:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\WINDOWS\explorer.exe
D:\Program Files\Winamp3\Studio.exe
E:\WINDOWS\System32\tapi32.exe
E:\Documents and Settings\computer\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (E:\Documents and Settings\computer\Application Data\Mozilla\Profiles\default\ydp40dr3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://E%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (E:\Documents and Settings\computer\Application Data\Mozilla\Profiles\default\ydp40dr3.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [Local runole service] E:\WINDOWS\System32\srvc32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [tapi32] E:\WINDOWS\System32\tapi32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Local runole service] E:\WINDOWS\System32\srvc32.exe
O4 - Global Startup: Wireless Lan Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {169EAC03-F674-41D9-A4CB-309C779C05D6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {169EAC03-F674-41D9-A4CB-309C779C05D6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {772000F7-728F-49F0-ABE4-A3C481C31D7F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {772000F7-728F-49F0-ABE4-A3C481C31D7F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7AAF8A2E-C325-49FF-89AA-312DAFCE1614} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7AAF8A2E-C325-49FF-89AA-312DAFCE1614} - (no file) (HKCU)
O12 - Plugin for .pdf: E:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/235c003ab827d26d6620/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

You seem to have virus activity reported in your log.

I would like you to perform an onlne virus scan at Trend Micro Housecall

http://housecall.trendmicro.com/

Select all of your drives listed for scanning. Please check "Auto clean" before scanning.

Please copy and paste the report logs from the scan into your next post. If you can't capture the information, please write down what was found and if anything was or was not deleted. Please include this information in your next post.

Next...

I don't see an antivirus program running in your log...

AVG has a new, free version available - AVG7 Free edition:

http://free.grisoft.com/freeweb.php.

Be sure to update it right away and perform a full system scan.

Also...

I don't see a firewall running in your log.

ZoneAlarm has a free firewall:

http://www.zonelabs.com/store/conte...reeDownload.jsp

Both are necessary to keep your computer safe.

And then...

You are way behind on Windows Updates. Once we get you cleaned up, you will need to start getting up to date.

Please post a fresh HijackThis log.

Tom