I've tried everything recommended here but I haven't had any luck. I'm not completely computer illiterate, this one's just got me stumped. I've been getting a ton of popups. Adlist, Heavy.com, etc... Guess I need those driving directions after all! Thanks, it's really great what you do to help us out!

Logfile of HijackThis v1.99.1
Scan saved at 3:25:34 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\{683D9C82-0897-1033-0908-040219040001}\Update.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlexiSIGN-PRO 7.5v2\Program\App.exe
C:\Documents and Settings\Brady\Desktop\Antibiotics\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [w0051f66.dll] RUNDLL32.EXE w0051f66.dll,I2 001cb60300051f66
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [jorcb604] RUNDLL32.EXE w003f2be.dll,n 001cb60300000003003f2be
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143477643796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154105817421
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{331DB4B0-3D19-40E8-B66D-D22269781878}: NameServer = 205.244.47.4,205.244.47.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{331DB4B0-3D19-40E8-B66D-D22269781878}: NameServer = 205.244.47.4,205.244.47.5
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)


Incident Status Location
Virus:Trj/Downloader.JHC Disinfected Operating system
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{683D9C82-0897-1033-0908-040219040001}\Services.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{683D9C82-0897-1033-0908-040219040001}\Update.exe
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall7_22.exe
Adware:adware/cws.aboutblank Not disinfected Windows Registry
Adware:adware/searchexe Not disinfected Windows Registry
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\mc-110-12-0000137.exe
Adware:Adware/BookedSpace Not disinfected C:\RECYCLER\NPROTECT\00030389.exe
Adware:Adware/BookedSpace Not disinfected C:\RECYCLER\NPROTECT\00030390.exe
Adware:Adware/DollarRevenue Not disinfected C:\RECYCLER\S-1-5-21-1487682723-3852255402-4189850523-1006\Dc499.exe
Adware:Adware/DollarRevenue Not disinfected C:\RECYCLER\S-1-5-21-1487682723-3852255402-4189850523-1006\Dc500.exe
Virus:Trj/Downloader.JKC Disinfected C:\WINDOWS\ssqbn.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\ftuninst.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\jorcb604.dll
Virus:Trj/Multidropper.BJU Disinfected C:\WINDOWS\system32\n.bat
Virus:Trj/Downloader.JDK Disinfected C:\WINDOWS\system32\setup.exe.tmp
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[VSL.dl_]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[auxe.exe]
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w007ad45.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w01a58a1.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w04b8ce1.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w05e0d83.dll
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w0b0450f.dll
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\System32ftuninst.exe

Hello and welcome to the forum, sorry for the wait, logs are many and volunteers are few. If you still need help and are not receiving it at another forum, please do this.

1) Tell me what this is: C:\Program Files\FlexiSIGN-PRO 7.5v2\Program\App.exe

2) Post a new HJT log along with that information.

Thanks...pskelley
Safer Networking Forums

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.

Applies only to the original topic starter.