Help me with this log file? Pop-ups Everywhere! :(

**simmo123** · May 1st, 2007, 05:28 AM

I have been recieving many website re-directs and pop-ups it is driving me crazy, please help.

-----------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:25:58 PM, on 5/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Joel\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {F5A88851-1DC4-6943-B28B-1164078C1BE0} - C:\WINDOWS\system32\nksclidv.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbliier.dll
O2 - BHO: (no name) - {548C052D-9DCA-9A61-99EE-9EFC58F4B7BE} - C:\WINDOWS\system32\uaihh.dll
O2 - BHO: (no name) - {558C0528-9DBB-EC64-999F-95FC2EF1B7BE} - C:\WINDOWS\system32\uaihh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86DFC0F3-0748-52B6-1473-57F008CC38B0} - C:\WINDOWS\system32\tsygzpf.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C7B47EDB-B861-E592-3CF6-EA7B30832CB0} - C:\WINDOWS\system32\mzwmp.dll (file missing)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O2 - BHO: (no name) - {E7A5C2DF-546D-5DCF-6A9F-5C807F3A0FED} - C:\WINDOWS\system32\pjm.dll (file missing)
O2 - BHO: (no name) - {F5A88851-1DC4-6943-B28B-1164078C1BE0} - C:\WINDOWS\system32\nksclidv.dll (file missing)
O2 - BHO: (no name) - {FDB214DA-DC64-DE99-6DD5-885D32C244BF} - C:\WINDOWS\system32\epspal.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKCU\..\Run: [Henl] "C:\DOCUME~1\Joel\MYDOCU~1\FNTS~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Ftekoeb] C:\Program Files\Common Files\?ssembly\w?nword.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.southpacificresort.com.au...bs/svideo3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\taskmgr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

**crunchie** · May 1st, 2007, 05:41 AM

Hi and welcome VDr forums

.

Can you please do the following.

===============

Go to Add/Remove programs and uninstall the following, if present:

Marketscore
WebHancer

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:

R3 - URLSearchHook: (no name) - {F5A88851-1DC4-6943-B28B-1164078C1BE0} - C:\WINDOWS\system32\nksclidv.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbliier.dll
O2 - BHO: (no name) - {548C052D-9DCA-9A61-99EE-9EFC58F4B7BE} - C:\WINDOWS\system32\uaihh.dll
O2 - BHO: (no name) - {558C0528-9DBB-EC64-999F-95FC2EF1B7BE} - C:\WINDOWS\system32\uaihh.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86DFC0F3-0748-52B6-1473-57F008CC38B0} - C:\WINDOWS\system32\tsygzpf.dll (file missing)
O2 - BHO: (no name) - {C7B47EDB-B861-E592-3CF6-EA7B30832CB0} - C:\WINDOWS\system32\mzwmp.dll (file missing)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O2 - BHO: (no name) - {E7A5C2DF-546D-5DCF-6A9F-5C807F3A0FED} - C:\WINDOWS\system32\pjm.dll (file missing)
O2 - BHO: (no name) - {F5A88851-1DC4-6943-B28B-1164078C1BE0} - C:\WINDOWS\system32\nksclidv.dll (file missing)
O2 - BHO: (no name) - {FDB214DA-DC64-DE99-6DD5-885D32C244BF} - C:\WINDOWS\system32\epspal.dll (file missing)

O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [Henl] "C:\DOCUME~1\Joel\MYDOCU~1\FNTS~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Ftekoeb] C:\Program Files\Common Files\?ssembly\w?nword.exe
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?

O20 - AppInit_DLLs: C:\WINDOWS\system32\taskmgr.dll

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\webHancer
C:\DOCUME~1\Joel\MYDOCU~1\FNTS~1

files...

C:\WINDOWS\system32\tcbliier.dll
C:\WINDOWS\system32\uaihh.dll
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\Netverchk.exe
C:\WINDOWS\system32\taskmgr.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

Please download and install AVG antispyware tool

Close all other Applications Select language click Ok
Click I Agree
Click next
Click Install
Click Finish
Wait and AVG antispyware will open to the main screen automatically.
Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
This is very important to get updates
When updating has finished. Close AVG antispyware.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

Next, please reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear use arrow up to highlight
Select the first option, to run Windows in Safe Mode hit enter.
For additional help in booting into Safe Mode, see the following site: HERE

You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!

Run AVG antispyware.
Click on scanner at top of AVG antispyware sceen.
Click on Settings.
Under How to Act click on Recommended Action and choose Quarantine.
Under How to scan all boxes should be selected.
Under Possibly unwanted software all boxes should be selected.
On right side under Reports: click on Automatically generate report after every scan.
Under What to scan select scan every file.
Click On scan Tab.
Click on Complete system scan.
Let the program scan the machine It can take awhile give it time.
When scan has finished at bottom of screen click Apply all Actions.
Click Save report
Click Save Report as (Save as window's screen should pop up.)
Click desktop.
Click Save.
Exit AVG antispyware.

Reboot back to normal mode.

After rebooting, rescan with hijackthis and post back a new log. Please post the AVG anti-spyware log too.

**simmo123** · May 1st, 2007, 07:57 AM

Hi, TY so much for replying, I have done everything you asked. Here are the two logs...

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:53:23 PM, on 5/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\slrundll.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joel\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.southpacificresort.com.au...bs/svideo3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

AVG Anti-Spyware Log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:45:37 PM 5/1/2007

+ Scan result:

C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP125\A0184181.dll -> Adware.Beginto : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP125\A0184183.exe -> Adware.Beginto : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DriveCleaner 2006 Free -> Adware.DriveCleaner : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DriveCleaner 2006 Free -> Adware.DriveCleaner : Cleaned with backup (quarantined).
HKU\S-1-5-21-522436966-3708964400-2953289213-1007\Software\DriveCleaner 2006 Free -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Local Settings\Temp\UDC6_0001_D19M2808\installer.exe -> Adware.Drop : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet3_88.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall3_88.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall7_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Desktop\backups\backup-20070501-195928-745.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Desktop\backups\backup-20070501-195928-782.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sуmantec\еxplorer.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP136\A0210931.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ipjbsti.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\spoolsv.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\taskmgr.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP106\A0146009.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-522436966-3708964400-2953289213-1007\Dc309.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\system32\slimnggm.exe -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP125\A0184182.dll -> Adware.SearchTool : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-522436966-3708964400-2953289213-1007\Dc305\whAgent(2).exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-522436966-3708964400-2953289213-1007\Dc305\whiehlpr(2).dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-522436966-3708964400-2953289213-1007\Dc305\whinstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP136\A0210921.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP136\A0210922.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP136\A0210925.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP136\A0210927.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP136\A0210929.inf -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Program Files\License_Manager\license_manager.exe -> Adware.WeirWeb : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Desktop\backups\backup-20070501-195928-453.dll -> Downloader.Age : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Local Settings\Temp\inverstt.tmp -> Downloader.Age : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-522436966-3708964400-2953289213-1007\Dc307.exe -> Downloader.Age : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP136\A0210930.dll -> Downloader.Age : Cleaned with backup (quarantined).
C:\WINDOWS\system32\CAUnst.exe -> Downloader.Age.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Αdobe\DOBE~1\!update-4215.0000 -> Downloader.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Local Settings\Temp\sdexe.exe -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Αdobe\DOBE~1\!update-4205.0000 -> Downloader.PurityScan.cz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Αdobe\DOBE~1\!update-4265.0000 -> Downloader.PurityScan.dg : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Local Settings\Temp\nsx2.tmp\InetLoad.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Cookies\joel@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Joel\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Joel\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Joel\Cookies\joel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Joel\Cookies\joel@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Joel\Cookies\joel@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Joel\Cookies\joel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Joel\Cookies\joel@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Joel\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Joel\Cookies\joel@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Joel\Cookies\joel@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Joel\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Joel\Cookies\joel@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Joel\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Joel\Local Settings\Temp\Cookies\joel@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Joel\Cookies\joel@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\WINDOWS\system32\entry.dll -> Trojan.Agent.qg : Cleaned with backup (quarantined).
C:\Documents and Settings\Joel\Shared\microsoft front page 2003 [fastest wyzo download].zip/Wyzo Browser Setup.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP120\A0169820.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP121\A0172015.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP121\A0172016.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnscpsv.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

**crunchie** · May 1st, 2007, 08:54 AM

Looks good now. How are things going?

**simmo123** · May 1st, 2007, 07:55 PM

[B]Hey,
Thankyou for your help the computer is going good now. However the net seems to be a little slower to load than normal..

[U]I also would like to know if you can help me with my work computer. It has so many problems I don't know what to do..
I have been recieving numerous pop-ups from Ultimate Defender and Ultimate Cleaner, I have also been getting Error pop-ups on the opening of Internet Explorer.

I WILL POST THE LOG IN MY NEXT POST.

**simmo123** · May 1st, 2007, 07:59 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:53:46 PM, on 1/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\cf91cc87.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\psc_mon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\winapi32.exe3072.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C0362E2-9A3D-CA0A-4D7C-0ACC6E59C44B} - C:\WINDOWS\System32\enhaopk.dll
O2 - BHO: (no name) - {1DE4FF35-051D-D32A-BDC1-01AD9BAC20B3} - C:\WINDOWS\System32\wojoaxf.dll
O2 - BHO: (no name) - {28B2014F-8E1B-3483-BE0F-09558879EA2E} - C:\WINDOWS\System32\qxlbycd.dll
O2 - BHO: (no name) - {2F5FF943-8759-8374-16AB-00F6947B435F} - C:\WINDOWS\System32\ijvcqhc.dll
O2 - BHO: (no name) - {350FD23C-42D9-BDA0-0110-076EEE37A649} - C:\WINDOWS\System32\sflaefj.dll
O2 - BHO: (no name) - {35AF2E3F-FD15-68A2-2602-0B0443F1BA33} - C:\WINDOWS\System32\dmrzqrm.dll
O2 - BHO: (no name) - {75A2B4AC-4733-ED1E-CC6D-055171DB6F5F} - C:\WINDOWS\System32\zvrdrei.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.02.0002.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.2001.0001\en-au\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.2001.0001\en-au\msntb.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\gntwain.dll,_mainRD
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [cf91cc87.exe] C:\WINDOWS\System32\cf91cc87.exe
O4 - HKLM\..\Run: [enhaopk.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\enhaopk.dll,fpnatk
O4 - HKLM\..\Run: [dmrzqrm.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\dmrzqrm.dll,dsixqic
O4 - HKLM\..\Run: [rnmiyrd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rnmiyrd.dll,ddjxskf
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\psc_mon.exe
O4 - HKLM\..\Run: [ieilewc.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ieilewc.dll,uqfkjr
O4 - HKLM\..\Run: [rhzeuin.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rhzeuin.dll,aqbeyed
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\testtestt.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\winapi32.exe3072.exe
O4 - HKCU\..\Run: [cf91cc87.exe] C:\Documents and Settings\John\Local Settings\Application Data\cf91cc87.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: .protected
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.easyaccesssite.com/11395-77.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{35F480D1-3218-4989-BB00-0F0854E5A355}: Domain = vic.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

**crunchie** · May 2nd, 2007, 06:13 AM

Can you download AVG antispyware onto that one, boot into safe mode and do a full scan. quarantine all it finds and post the log here please.

**simmo123** · May 2nd, 2007, 06:43 AM

Hi,

I am currently at home but when I am at work tomorrow I will do the scan

**simmo123** · May 3rd, 2007, 01:31 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:16:06 PM 3/05/2007

+ Scan result:

C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268294.dll -> Adware.Companion : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268295.dll -> Adware.Companion : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268296.dll -> Adware.Companion : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268297.dll -> Adware.Companion : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268298.dll -> Adware.Companion : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268293.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268292.EXE -> Adware.UltimateDefender : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268248.sys -> Backdoor.Bulknet : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268257.dll -> Downloader.Busky : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268258.dll -> Downloader.Busky : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268259.dll -> Downloader.Busky : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268255.dll -> Downloader.Busky.az : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268256.dll -> Downloader.Busky.az : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268253.dll -> Downloader.Busky.r : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268254.dll -> Downloader.Busky.r : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268262.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268263.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268264.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268265.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268266.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268267.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268268.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268269.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268270.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268271.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268272.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268273.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268274.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268275.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268276.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268277.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268278.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268279.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268280.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268281.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268282.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268283.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268284.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268285.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268286.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268287.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268288.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268289.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268290.exe -> Downloader.Obfuscated.n : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268261.exe -> Downloader.Tibs.gc : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268249.exe -> Downloader.Tibs.gu : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268250.exe -> Downloader.Tibs.gu : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268247.exe -> Downloader.Tiny.bo : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268299.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268252.sys -> Rootkit.Agent.el : Cleaned.
C:\Documents and Settings\John\Cookies\john@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\John\Cookies\john@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\John\Cookies\john@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\John\Cookies\john@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\John\Cookies\[email protected][2].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\John\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\John\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\John\Cookies\john@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\John\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268260.dll -> Trojan.Agent.adl : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268251.exe -> Trojan.Dialer.pw : Cleaned.
C:\System Volume Information\_restore{AC06F07C-CBBE-4CF3-88BF-F6FAE59817DF}\RP1067\A0268245.DLL -> Trojan.Pakes : Cleaned.

::Report end

**crunchie** · May 3rd, 2007, 05:24 AM

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

==

Please download VundoFix.exe
to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Thread: Help me with this log file? Pop-ups Everywhere! :(

Thread Tools

Search Thread

Display

Help me with this log file? Pop-ups Everywhere! :(

Thread Information

Users Browsing this Thread

Posting Permissions