PDA

View Full Version : Win antivirus plus other popups 2



micksta
2006-10-21, 07:44
Hi, I'm getting heaps of popups. I have run spybot in safe mode and done an online scan as suggested. Here are logs from HJT and an activescan online scan

Logfile of HijackThis v1.99.1
Scan saved at 1:14:48 AM, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Mick Tome\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.yahoo.com/config/mail?.intl=au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/download/2006/WinFixer2006FreeInstall.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner/WinFixerScannerInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[ online scan log to follow in subsequent post ]

micksta
2006-10-21, 08:01
Here is my second log - from the activescan online scan

IncidentStatusLocation Adware:Adware/PrintView C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL Adware:adware/clickalchemy c:\windows\inf\alchem.inf
Adware:adware/ipinsight c:\windows\inf\conscorr.inf
Adware:adware/transponder c:\windows\inf\dlmax.inf
Adware:adware/localnrd c:\windows\inf\localNrd.inf
Adware:adware/twain-tech c:\windows\inf\twaintec.inf
Potentially unwanted tool:application/sysprotect C:\Documents and Settings\Mick Tome\Desktop\SysProtect.lnk
Adware:adware/dyfuca Windows Registry
Adware:adware/ist.istbar Windows Registry
Adware:adware/ncase Windows Registry
Adware:adware/ist.sidefind Windows Registry
Adware:adware/cws Windows Registry
Adware:adware/abox Windows Registry
Adware:adware/searchexe Windows Registry
Dialer:dialer.ok HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}
Dialer:dialer.dk HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91433D86-9F27-402C-B5E3-DEBDD122C339}
Potentially unwanted tool:Application/Winantivirus2006 C:\Documents and Settings\Mick Tome\Application Data\sysprotectscannerinstall[1].exe
Spyware:Cookie/2o7 C:\Documents and Settings\Mick Tome\Cookies\mick tome@2o7[1].txt
Spyware:Cookie/888 C:\Documents and Settings\Mick Tome\Cookies\mick tome@888[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\Mick Tome\Cookies\mick tome@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro C:\Documents and Settings\Mick Tome\Cookies\mick tome@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver C:\Documents and Settings\Mick Tome\Cookies\mick tome@adrevolver[2].txt
Spyware:Cookie/PointRoll C:\Documents and Settings\Mick Tome\Cookies\mick tome@ads.pointroll[2].txt
Spyware:Cookie/Adtech C:\Documents and Settings\Mick Tome\Cookies\mick tome@adtech[2].txt
Spyware:Cookie/NewMedia C:\Documents and Settings\Mick Tome\Cookies\mick tome@anm.co[2].txt
Spyware:Cookie/Atlas DMT C:\Documents and Settings\Mick Tome\Cookies\mick tome@atdmt[2].txt
Spyware:Cookie/Atwola C:\Documents and Settings\Mick Tome\Cookies\mick tome@atwola[1].txt
Spyware:Cookie/Azjmp C:\Documents and Settings\Mick Tome\Cookies\mick tome@azjmp[2].txt
Spyware:Cookie/Banner C:\Documents and Settings\Mick Tome\Cookies\mick tome@banner[1].txt
Spyware:Cookie/Belnk C:\Documents and Settings\Mick Tome\Cookies\mick tome@belnk[1].txt
Spyware:Cookie/bravenetA C:\Documents and Settings\Mick Tome\Cookies\mick tome@bravenet[1].txt
Spyware:Cookie/Serving-sys C:\Documents and Settings\Mick Tome\Cookies\mick tome@bs.serving-sys[1].txt

micksta
2006-10-21, 08:03
Here's the conitune online scan log

Spyware:Cookie/Btgrab C:\Documents and Settings\Mick Tome\Cookies\mick tome@btg.btgrab[1].txt
Spyware:Cookie/GoStats C:\Documents and Settings\Mick Tome\Cookies\mick tome@c2.gostats[2].txt
Spyware:Cookie/Cassava C:\Documents and Settings\Mick Tome\Cookies\mick tome@cassava[1].txt
Spyware:Cookie/Cgi-bin C:\Documents and Settings\Mick Tome\Cookies\mick tome@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin C:\Documents and Settings\Mick Tome\Cookies\mick tome@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin C:\Documents and Settings\Mick Tome\Cookies\mick tome@cgi-bin[9].txt
Spyware:Cookie/360i C:\Documents and Settings\Mick Tome\Cookies\mick tome@ct.360i[2].txt
Spyware:Cookie/Belnk C:\Documents and Settings\Mick Tome\Cookies\mick tome@dist.belnk[2].txt
Spyware:Cookie/Twain-Tech C:\Documents and Settings\Mick Tome\Cookies\mick tome@dlm.dlmax[2].txt
Spyware:Cookie/Doubleclick c:\Documents and Settings\Mick Tome\Cookies\mick tome@doubleclick[1].txt
Spyware:Cookie/DriveCleaner C:\Documents and Settings\Mick Tome\Cookies\mick tome@drivecleaner[1].txt
Spyware:Cookie/fe.lea.lycos C:\Documents and Settings\Mick Tome\Cookies\mick tome@fe.lea.lycos[1].txt
Spyware:Cookie/FortuneCity C:\Documents and Settings\Mick Tome\Cookies\mick tome@fortunecity[3].txt
Spyware:Cookie/GoStats C:\Documents and Settings\Mick Tome\Cookies\mick tome@gostats[2].txt
Spyware:Cookie/Go C:\Documents and Settings\Mick Tome\Cookies\mick tome@go[2].txt
Spyware:Cookie/Humanclick C:\Documents and Settings\Mick Tome\Cookies\mick tome@hc2.humanclick[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\Mick Tome\Cookies\mick tome@image.checkmystats.com[2].txt
Spyware:Cookie/Kount C:\Documents and Settings\Mick Tome\Cookies\mick tome@kount[2].txt
Spyware:Cookie/DomainSponsor C:\Documents and Settings\Mick Tome\Cookies\mick tome@landing.domainsponsor[1].txt
Spyware:Cookie/Maxserving C:\Documents and Settings\Mick Tome\Cookies\mick tome@maxserving[2].txt
Spyware:Cookie/Mediaplex C:\Documents and Settings\Mick Tome\Cookies\mick tome@mediaplex[1].txt
Spyware:Cookie/OfferOptimizer C:\Documents and Settings\Mick Tome\Cookies\mick tome@offeroptimizer[2].txt
Spyware:Cookie/OfferOptimizer C:\Documents and Settings\Mick Tome\Cookies\mick tome@offeroptimizer[3].txt
Spyware:Cookie/RealMedia C:\Documents and Settings\Mick Tome\Cookies\mick tome@realmedia[1].txt
Spyware:Cookie/Rightmedia C:\Documents and Settings\Mick Tome\Cookies\mick tome@rightmedia[2].txt
Spyware:Cookie/Rn11 C:\Documents and Settings\Mick Tome\Cookies\mick tome@rn11[1].txt
Spyware:Cookie/Searchportal C:\Documents and Settings\Mick Tome\Cookies\mick tome@searchportal.information[1].txt
Spyware:Cookie/Serving-sys C:\Documents and Settings\Mick Tome\Cookies\mick tome@serving-sys[1].txt
Spyware:Cookie/Twain-Tech C:\Documents and Settings\Mick Tome\Cookies\mick tome@servlet[3].txt
Spyware:Cookie/DriveCleaner C:\Documents and Settings\Mick Tome\Cookies\mick tome@stats.drivecleaner[1].txt
Spyware:Cookie/Clicktracks C:\Documents and Settings\Mick Tome\Cookies\mick tome@stats1.clicktracks[2].txt
Spyware:Cookie/Reliablestats C:\Documents and Settings\Mick Tome\Cookies\mick tome@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive C:\Documents and Settings\Mick Tome\Cookies\mick tome@statse.webtrendslive[2].txt
Spyware:Cookie/Target C:\Documents and Settings\Mick Tome\Cookies\mick tome@target[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\Mick Tome\Cookies\mick tome@terra.com[1].txt
Spyware:Cookie/Tickle C:\Documents and Settings\Mick Tome\Cookies\mick tome@tickle[2].txt
Spyware:Cookie/Versiontracker C:\Documents and Settings\Mick Tome\Cookies\mick tome@versiontracker[1].txt
Spyware:Cookie/Advnt C:\Documents and Settings\Mick Tome\Cookies\mick tome@www.advnt01[1].txt
Spyware:Cookie/Affiliate fuel C:\Documents and Settings\Mick Tome\Cookies\mick tome@www.affiliatefuel[1].txt
Spyware:Cookie/DriveCleaner C:\Documents and Settings\Mick Tome\Cookies\mick tome@www.drivecleaner[1].txt
Spyware:Cookie/TopRebates.com C:\Documents and Settings\Mick Tome\Cookies\mick tome@www.toprebates[2].txt
Spyware:Cookie/Xiti C:\Documents and Settings\Mick Tome\Cookies\mick tome@xiti[1].txt
Spyware:Cookie/Xmts C:\Documents and Settings\Mick Tome\Cookies\mick tome@xmts[1].txt
Adware:Adware/PrintView C:\Documents and Settings\Mick Tome\Local Settings\Temp\b124.exe
Spyware:Cookie/ErrorSafe C:\Documents and Settings\Mick Tome\Local Settings\Temp\Cookies\mick tome@errorsafe[1].txt
Spyware:Cookie/ErrorSafe C:\Documents and Settings\Mick Tome\Local Settings\Temp\Cookies\mick tome@www.errorsafe[1].txt
Potentially unwanted tool:Application/Winantivirus2006 C:\Documents and Settings\Mick Tome\Local Settings\Temporary Internet Files\Content.IE5\W98VNLY2\SysProtectScannerInstall[1].exe
Adware:Adware/PrintView C:\Program Files\PrintView\printhook030.dll
Potentially unwanted tool:Application/Processor C:\Program Files\Process.exe Potentially unwanted tool:Application/Winfixer2005 C:\Program Files\SysProtect Free\Updater.exe Potentially unwanted tool:Application/VSToolbar C:\WINDOWS\system32\jbgvjwty.exe

micksta
2006-10-21, 08:18
Here is my second log - from the activescan online scan

IncidentStatusLocation Adware:Adware/PrintView C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL Adware:adware/clickalchemy c:\windows\inf\alchem.inf
Adware:adware/ipinsight c:\windows\inf\conscorr.inf
Adware:adware/transponder c:\windows\inf\dlmax.inf
Adware:adware/localnrd c:\windows\inf\localNrd.inf
Adware:adware/twain-tech c:\windows\inf\twaintec.inf
Potentially unwanted tool:application/sysprotect C:\Documents and Settings\Mick Tome\Desktop\SysProtect.lnk
Adware:adware/dyfuca Windows Registry
Adware:adware/ist.istbar Windows Registry
Adware:adware/ncase Windows Registry
Adware:adware/ist.sidefind Windows Registry
Adware:adware/cws Windows Registry
Adware:adware/abox Windows Registry
Adware:adware/searchexe Windows Registry
Dialer:dialer.ok HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E98E84C-79E1-49C3-82EB-798FCD552EFB}
Dialer:dialer.dk HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91433D86-9F27-402C-B5E3-DEBDD122C339}
Potentially unwanted tool:Application/Winantivirus2006 C:\Documents and Settings\Mick Tome\Application Data\sysprotectscannerinstall[1].exe
Spyware:Cookie/2o7 C:\Documents and Settings\Mick Tome\Cookies\mick tome@2o7[1].txt
Spyware:Cookie/888 C:\Documents and Settings\Mick Tome\Cookies\mick tome@888[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\Mick Tome\Cookies\mick tome@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro C:\Documents and Settings\Mick Tome\Cookies\mick tome@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver C:\Documents and Settings\Mick Tome\Cookies\mick tome@adrevolver[2].txt
Spyware:Cookie/PointRoll C:\Documents and Settings\Mick Tome\Cookies\mick tome@ads.pointroll[2].txt
Spyware:Cookie/Adtech C:\Documents and Settings\Mick Tome\Cookies\mick tome@adtech[2].txt
Spyware:Cookie/NewMedia C:\Documents and Settings\Mick Tome\Cookies\mick tome@anm.co[2].txt
Spyware:Cookie/Atlas DMT C:\Documents and Settings\Mick Tome\Cookies\mick tome@atdmt[2].txt
Spyware:Cookie/Atwola C:\Documents and Settings\Mick Tome\Cookies\mick tome@atwola[1].txt
Spyware:Cookie/Azjmp C:\Documents and Settings\Mick Tome\Cookies\mick tome@azjmp[2].txt
Spyware:Cookie/Banner C:\Documents and Settings\Mick Tome\Cookies\mick tome@banner[1].txt
Spyware:Cookie/Belnk C:\Documents and Settings\Mick Tome\Cookies\mick tome@belnk[1].txt
Spyware:Cookie/bravenetA C:\Documents and Settings\Mick Tome\Cookies\mick tome@bravenet[1].txt
Spyware:Cookie/Serving-sys C:\Documents and Settings\Mick Tome\Cookies\mick tome@bs.serving-sys[1].txt

micksta
2006-10-21, 08:20
Here's the conitune online scan log

Spyware:Cookie/Btgrab C:\Documents and Settings\Mick Tome\Cookies\mick tome@btg.btgrab[1].txt
Spyware:Cookie/GoStats C:\Documents and Settings\Mick Tome\Cookies\mick tome@c2.gostats[2].txt
Spyware:Cookie/Cassava C:\Documents and Settings\Mick Tome\Cookies\mick tome@cassava[1].txt
Spyware:Cookie/Cgi-bin C:\Documents and Settings\Mick Tome\Cookies\mick tome@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin C:\Documents and Settings\Mick Tome\Cookies\mick tome@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin C:\Documents and Settings\Mick Tome\Cookies\mick tome@cgi-bin[9].txt
Spyware:Cookie/360i C:\Documents and Settings\Mick Tome\Cookies\mick tome@ct.360i[2].txt
Spyware:Cookie/Belnk C:\Documents and Settings\Mick Tome\Cookies\mick tome@dist.belnk[2].txt
Spyware:Cookie/Twain-Tech C:\Documents and Settings\Mick Tome\Cookies\mick tome@dlm.dlmax[2].txt
Spyware:Cookie/Doubleclick c:\Documents and Settings\Mick Tome\Cookies\mick tome@doubleclick[1].txt
Spyware:Cookie/DriveCleaner C:\Documents and Settings\Mick Tome\Cookies\mick tome@drivecleaner[1].txt
Spyware:Cookie/fe.lea.lycos C:\Documents and Settings\Mick Tome\Cookies\mick tome@fe.lea.lycos[1].txt
Spyware:Cookie/FortuneCity C:\Documents and Settings\Mick Tome\Cookies\mick tome@fortunecity[3].txt
Spyware:Cookie/GoStats C:\Documents and Settings\Mick Tome\Cookies\mick tome@gostats[2].txt
Spyware:Cookie/Go C:\Documents and Settings\Mick Tome\Cookies\mick tome@go[2].txt
Spyware:Cookie/Humanclick C:\Documents and Settings\Mick Tome\Cookies\mick tome@hc2.humanclick[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\Mick Tome\Cookies\mick tome@image.checkmystats.com[2].txt
Spyware:Cookie/Kount C:\Documents and Settings\Mick Tome\Cookies\mick tome@kount[2].txt
Spyware:Cookie/DomainSponsor C:\Documents and Settings\Mick Tome\Cookies\mick tome@landing.domainsponsor[1].txt
Spyware:Cookie/Maxserving C:\Documents and Settings\Mick Tome\Cookies\mick tome@maxserving[2].txt
Spyware:Cookie/Mediaplex C:\Documents and Settings\Mick Tome\Cookies\mick tome@mediaplex[1].txt
Spyware:Cookie/OfferOptimizer C:\Documents and Settings\Mick Tome\Cookies\mick tome@offeroptimizer[2].txt
Spyware:Cookie/OfferOptimizer C:\Documents and Settings\Mick Tome\Cookies\mick tome@offeroptimizer[3].txt
Spyware:Cookie/RealMedia C:\Documents and Settings\Mick Tome\Cookies\mick tome@realmedia[1].txt
Spyware:Cookie/Rightmedia C:\Documents and Settings\Mick Tome\Cookies\mick tome@rightmedia[2].txt
Spyware:Cookie/Rn11 C:\Documents and Settings\Mick Tome\Cookies\mick tome@rn11[1].txt
Spyware:Cookie/Searchportal C:\Documents and Settings\Mick Tome\Cookies\mick tome@searchportal.information[1].txt
Spyware:Cookie/Serving-sys C:\Documents and Settings\Mick Tome\Cookies\mick tome@serving-sys[1].txt
Spyware:Cookie/Twain-Tech C:\Documents and Settings\Mick Tome\Cookies\mick tome@servlet[3].txt
Spyware:Cookie/DriveCleaner C:\Documents and Settings\Mick Tome\Cookies\mick tome@stats.drivecleaner[1].txt
Spyware:Cookie/Clicktracks C:\Documents and Settings\Mick Tome\Cookies\mick tome@stats1.clicktracks[2].txt
Spyware:Cookie/Reliablestats C:\Documents and Settings\Mick Tome\Cookies\mick tome@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive C:\Documents and Settings\Mick Tome\Cookies\mick tome@statse.webtrendslive[2].txt
Spyware:Cookie/Target C:\Documents and Settings\Mick Tome\Cookies\mick tome@target[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\Mick Tome\Cookies\mick tome@terra.com[1].txt
Spyware:Cookie/Tickle C:\Documents and Settings\Mick Tome\Cookies\mick tome@tickle[2].txt
Spyware:Cookie/Versiontracker C:\Documents and Settings\Mick Tome\Cookies\mick tome@versiontracker[1].txt
Spyware:Cookie/Advnt C:\Documents and Settings\Mick Tome\Cookies\mick tome@www.advnt01[1].txt
Spyware:Cookie/Affiliate fuel C:\Documents and Settings\Mick Tome\Cookies\mick tome@www.affiliatefuel[1].txt
Spyware:Cookie/DriveCleaner C:\Documents and Settings\Mick Tome\Cookies\mick tome@www.drivecleaner[1].txt
Spyware:Cookie/TopRebates.com C:\Documents and Settings\Mick Tome\Cookies\mick tome@www.toprebates[2].txt
Spyware:Cookie/Xiti C:\Documents and Settings\Mick Tome\Cookies\mick tome@xiti[1].txt
Spyware:Cookie/Xmts C:\Documents and Settings\Mick Tome\Cookies\mick tome@xmts[1].txt
Adware:Adware/PrintView C:\Documents and Settings\Mick Tome\Local Settings\Temp\b124.exe
Spyware:Cookie/ErrorSafe C:\Documents and Settings\Mick Tome\Local Settings\Temp\Cookies\mick tome@errorsafe[1].txt
Spyware:Cookie/ErrorSafe C:\Documents and Settings\Mick Tome\Local Settings\Temp\Cookies\mick tome@www.errorsafe[1].txt
Potentially unwanted tool:Application/Winantivirus2006 C:\Documents and Settings\Mick Tome\Local Settings\Temporary Internet Files\Content.IE5\W98VNLY2\SysProtectScannerInstall[1].exe
Adware:Adware/PrintView C:\Program Files\PrintView\printhook030.dll
Potentially unwanted tool:Application/Processor C:\Program Files\Process.exe Potentially unwanted tool:Application/Winfixer2005 C:\Program Files\SysProtect Free\Updater.exe Potentially unwanted tool:Application/VSToolbar C:\WINDOWS\system32\jbgvjwty.exe

tashi
2006-10-27, 21:29
Hello and sorry for the wait.

If you have not resolved the problem, we do have this sticky topic:

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

LonnyRJones
2006-10-31, 09:36
Hello

What version of SpyBot S&D is it you have ?

This is odd "Scan saved at 1:14:48 AM, on 15/07/2006"
Can you explain ?


Start Hijackthis and place a check next to these items If there.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...reeInstall.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...nerInstall.cab

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Manualy delete these files/folders
c:\windows\inf\alchem.inf
c:\windows\inf\conscorr.inf
c:\windows\inf\dlmax.inf
c:\windows\inf\localNrd.inf
c:\windows\inf\twaintec.inf
C:\Documents and Settings\Mick Tome\Desktop\SysProtect.lnk
C:\Program Files\PrintView
C:\WINDOWS\system32\jbgvjwty.exe

Post a fresh hijackthis log please, be sure to mention any current problems.

micksta
2006-10-31, 14:31
HiThanks for your help.

I have Spybot S&D 1.4.

Not sure why the date on the scan was 15/07/2006. I thought it was odd too.

These items weren't there.
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -

I deleted the file
C:\Documents and Settings\MickTome\Desktop\SysProtect.lnk but it was only a shortcut. I couldn't find the file manually in Program files which was where it was linked to. Add/remove programs said it may have been removed.

Computer was a bit slow opening C:/ windows. not sure why.

Here's the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 10:14:40 PM, on 31/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.yahoo.com/config/mail?.intl=au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [usypcw] "C:\Program Files\SysProtect Free\usypcw.exe" -c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

LonnyRJones
2006-10-31, 19:07
Go here and attach all this files inside VSAdd-in please
C:\Program Files\VSAdd-in
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Your antivirus might delete when you get close to them, thats fine.
Unless you know what it is and were it is from ?

Start Hijackthis and place a check next to these items If there.
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [usypcw] "C:\Program Files\SysProtect Free\usypcw.exe" -c
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post a fresh hijackthis log please, be sure to mention any current problems.

micksta
2006-11-01, 13:30
Thanks for your help. I attached the one and only file inside VSAdd-in to thespykiller site.

Ran a HJT scan and checked all the files. Retsarted the computer. It was slow responding on the restart and I got a new winantivirus popup which stalled my computer. It was different to other popups. A basic blue screen, rather boring font. I had to go into windows task manager to close the window.

Here's the new HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 9:04:39 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.yahoo.com/config/mail?.intl=au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


Thanks once again. Micksta.

LonnyRJones
2006-11-01, 13:38
Rename your hijackthis to something else for example HJT.exe then run it and post another log please.

micksta
2006-11-01, 14:03
Logfile of HijackThis v1.99.1
Scan saved at 9:54:40 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.yahoo.com/config/mail?.intl=au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll (file missing)
O2 - BHO: (no name) - {42C10414-E6CC-428C-9186-25CCD868D5CB} - C:\WINDOWS\system32\ssqpo.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\txvymfqb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ssqpo - C:\WINDOWS\system32\ssqpo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

LonnyRJones
2006-11-01, 14:15
Please download VundoFix.exe (http://www.atribune.org/content/view/24/2/)
to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
Double-click VundoFix.exe to run it.
Click scan for vundo, when it is finished scanning if this file isnt detected add it >
Right click the list box then select add files and add
C:\WINDOWS\system32\ssqpo.dll

add this file to
C:\Program Files\VSAdd-in\VSAdd-in.dll

Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two mimutes then turn your computer back on.
Please post the contents of C:\vundofix.txt

Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll (file missing)
O2 - BHO: (no name) - {42C10414-E6CC-428C-9186-25CCD868D5CB} - C:\WINDOWS\system32\ssqpo.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O20 - Winlogon Notify: ssqpo - C:\WINDOWS\system32\ssqpo.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
====================================
Hit fix checked, scan again and post one more Hijackthis log.

micksta
2006-11-01, 14:47
Thanks so much for your help. I really appreciate it.

Here's the VundoFix txt:

VundoFix V6.2.6
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.8
Scan started at 10:16:20 PM 1/11/2006
Listing files found while scanning....

C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.bak2
C:\WINDOWS\system32\opqss.ini2
C:\WINDOWS\system32\opqss.tmp
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.bak2
C:\WINDOWS\system32\opqss.ini2
C:\WINDOWS\system32\opqss.tmp
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.bak2
C:\WINDOWS\system32\opqss.ini2
C:\WINDOWS\system32\opqss.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\opqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\opqss.bak2
C:\WINDOWS\system32\opqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\opqss.ini2
C:\WINDOWS\system32\opqss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\opqss.tmp
C:\WINDOWS\system32\opqss.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Here the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:05 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.yahoo.com/config/mail?.intl=au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\txvymfqb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


Thanks. Micksta

LonnyRJones
2006-11-01, 16:15
Start Hijackthis and place a check next to these items If there.
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\txvymfqb.dll
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Manualy delete these files/folders if still present
C:\PROGRAM FILES\PRINTVIEW
C:\Program Files\VSAdd-in
C:\WINDOWS\system32\txvymfqb.dll


Any current problems ?

tashi
2006-11-07, 19:58
How is it going micksta

tashi
2006-11-14, 03:00
This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter; thanks Lonny.