popups in ie and have tried everything :(

**railman** · 2007-04-05, 17:11

hi,i,m new here,and am infected that I think has something to do with deluxe communications.I,ve unistalled it but the popups remain.heres a log,please helllllllllp,thanks,railLogfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:11:06 AM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\warren\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0765EA83-9EC8-4BA2-A7F5-D6A0E251B2F5} - C:\WINDOWS\system32\jkkll.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {3B1AC5EE-E04B-43DB-A5AD-F88BF11BA440} - C:\Program Files\MSN\meqosadi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - C:\WINDOWS\system32\yaywwuv.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\npbfdoxx.dll",setvm
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ric...GameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1129645445375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129645431937
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sra.cn.ca/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - Winlogon Notify: jkkll - C:\WINDOWS\system32\jkkll.dll
O20 - Winlogon Notify: yaywwuv - C:\WINDOWS\SYSTEM32\yaywwuv.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9992 bytes

**railman** · 2007-04-05, 17:26

just to name a few,Ive tried,avg7.5,avg spyware,spysweeper,smithfraudfix.I use popup stopper companion.nothing seems to help.the popups come when i,m in explorer or firefox.Getting to my witts end.thanks

**Angelfire777** · 2007-04-05, 23:27

Hi, welcome to Safer Networking forums!

Please download VundoFix.exe to your Desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

**railman** · 2007-04-07, 20:04

thanks very much for your help! here is the vundo log.VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:04:10 AM 4/5/2007

Listing files found while scanning....

C:\WINDOWS\system32\byxvspn.dll
C:\WINDOWS\system32\byxvtut.dll
C:\WINDOWS\system32\byxyxyw.dll
C:\WINDOWS\system32\byxyywt.dll
C:\WINDOWS\system32\cbxvwtr.dll
C:\WINDOWS\system32\cbxwxxu.dll
C:\WINDOWS\system32\ddcdddd.dll
C:\WINDOWS\system32\fcccddb.dll
C:\WINDOWS\system32\gebcbaa.dll
C:\WINDOWS\system32\gebyxuu.dll
C:\WINDOWS\system32\hggefdb.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\khfeecy.dll
C:\WINDOWS\system32\khfggfc.dll
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\mljgfee.dll
C:\WINDOWS\system32\nnnnoop.dll
C:\WINDOWS\system32\npbfdoxx.dll
C:\WINDOWS\system32\qomllmm.dll
C:\WINDOWS\system32\qomnkji.dll
C:\WINDOWS\system32\rqrssrs.dll
C:\WINDOWS\system32\tuvspop.dll
C:\WINDOWS\system32\tuvwusq.dll
C:\WINDOWS\system32\urqronk.dll
C:\WINDOWS\system32\vtututq.dll
C:\WINDOWS\system32\vtuuuuu.dll
C:\WINDOWS\system32\wvuvtro.dll
C:\WINDOWS\system32\xxodfbpn.ini
C:\WINDOWS\system32\xxyawuv.dll
C:\WINDOWS\system32\yaywwuv.dll
C:\WINDOWS\system32\yayyvsq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\byxvspn.dll
C:\WINDOWS\system32\byxvspn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvtut.dll
C:\WINDOWS\system32\byxvtut.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxyxyw.dll
C:\WINDOWS\system32\byxyxyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxyywt.dll
C:\WINDOWS\system32\byxyywt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvwtr.dll
C:\WINDOWS\system32\cbxvwtr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwxxu.dll
C:\WINDOWS\system32\cbxwxxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdddd.dll
C:\WINDOWS\system32\ddcdddd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fcccddb.dll
C:\WINDOWS\system32\fcccddb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcbaa.dll
C:\WINDOWS\system32\gebcbaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyxuu.dll
C:\WINDOWS\system32\gebyxuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggefdb.dll
C:\WINDOWS\system32\hggefdb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfeecy.dll
C:\WINDOWS\system32\khfeecy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfggfc.dll
C:\WINDOWS\system32\khfggfc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgfee.dll
C:\WINDOWS\system32\mljgfee.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnnoop.dll
C:\WINDOWS\system32\nnnnoop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\npbfdoxx.dll
C:\WINDOWS\system32\npbfdoxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomllmm.dll
C:\WINDOWS\system32\qomllmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomnkji.dll
C:\WINDOWS\system32\qomnkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrssrs.dll
C:\WINDOWS\system32\rqrssrs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvspop.dll
C:\WINDOWS\system32\tuvspop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwusq.dll
C:\WINDOWS\system32\tuvwusq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqronk.dll
C:\WINDOWS\system32\urqronk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtututq.dll
C:\WINDOWS\system32\vtututq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuuuuu.dll
C:\WINDOWS\system32\vtuuuuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvtro.dll
C:\WINDOWS\system32\wvuvtro.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxodfbpn.ini
C:\WINDOWS\system32\xxodfbpn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyawuv.dll
C:\WINDOWS\system32\xxyawuv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yaywwuv.dll
C:\WINDOWS\system32\yaywwuv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayyvsq.dll
C:\WINDOWS\system32\yayyvsq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.19

**railman** · 2007-04-07, 20:07

And now the hijack this log.(ive renamed hijack this to hjt.exe Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:05:24 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe
C:\Program Files\Tweak-XP Pro 4\Tweak-XP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\warren\Desktop\icons\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {48E0245E-6ACF-47B6-8C78-BA8BBE269D45} - C:\WINDOWS\system32\pmnnl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Program Files\Tweak-XP Pro 4\autostart.exe"
O4 - HKCU\..\Run: [Pop-Up-Blocker] "C:\Program Files\Tweak-XP Pro 4\popup.exe"
O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...eBHInstall.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ric...GameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1129645445375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129645431937
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sra.cn.ca/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9938 bytes

**Angelfire777** · 2007-04-08, 04:36

Hi,

Did you install a program called Winpcap?

*Update AVG Anti-Spyware

From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Exit AVG Anti-Spyware. DO NOT scan yet.

*Download ATF Cleaner by Atribune

Do not use it yet.
_________________

*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O2 - BHO: (no name) - {48E0245E-6ACF-47B6-8C78-BA8BBE269D45} - C:\WINDOWS\system32\pmnnl.dll (file missing)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...eBHInstall.cab

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
_________________

You may want to print these instructions here or save them in notepad since you'll work offline.

Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

*Important: Make sure all your browsers are closed before running ATF Cleaner..

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose:Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE:If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

*Please run AVG AntiSpyware, and run a full scan as follow:

IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning process.

Launch AVG AntiSpyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system. (Make sure to remember where you saved that file, this is important).
Close AVG AntiSpyware.
Reboot to normal mode.

*Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

Click Start > Control Panel
Click Add/Remove Programs
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Then download Java Runtime Environment 6u1, and install it to your computer.

On your next reply, please include a fresh HijackThis log, AVG Antispyware log and a description on how's your machine running.

**railman** · 2007-04-09, 19:01

hi,thanks again for your help.I have completed the above steps,and I dont remember downloading that program.avg anti spyware keeps finding yayawuv.dll and cant doanyting with it,I finally have to ignore it.here are the logsLogfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:59:50 AM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Tweak-XP Pro 4\Tweak-XP.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\warren\Desktop\icons\hjt.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
O2 - BHO: (no name) - {02AB5694-F3B7-4543-B6EA-58EF966A4C2B} - C:\WINDOWS\system32\gebyy.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\vamkblcy.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Program Files\Tweak-XP Pro 4\autostart.exe"
O4 - HKCU\..\Run: [Pop-Up-Blocker] "C:\Program Files\Tweak-XP Pro 4\popup.exe"
O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ric...GameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1129645445375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129645431937
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sra.cn.ca/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - Winlogon Notify: gebyy - C:\WINDOWS\system32\gebyy.dll
O20 - Winlogon Notify: yayawuv - yayawuv.dll (file missing)
O20 - Winlogon Notify: yayyxyv - C:\WINDOWS\SYSTEM32\yayyxyv.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10194 bytes---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:33:51 AM 4/9/2007

+ Scan result:

C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP58\A0046043.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046127.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046128.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046131.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP62\A0046280.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047464.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bund1\ClientBundle1.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\a1.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046114.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046115.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046116.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046118.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\a4.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP58\A0046060.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP58\A0046062.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP59\A0046076.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP59\A0046077.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP59\A0046092.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046098.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046099.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046104.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046108.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046125.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046130.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047537.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\WINDOWS\VTTC.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP60\A0046106.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047417.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047418.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047420.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047422.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047425.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047426.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047429.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047430.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047431.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047432.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047435.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047439.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047440.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047441.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP63\A0047443.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP65\A0047622.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\byxvspn.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\byxvtut.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\byxyywt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxwxxu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\gebcbaa.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\gebyxuu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\khfeecy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\khfggfc.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljgfee.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\nnnnoop.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\pmnlklk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\qomnkji.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\urqronk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\vtututq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\vtuuuuu.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\xxyawuv.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP62\A0046252.dll -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\a3.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\win5.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_7777_BHLP0611NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{04803D7F-3F5F-4521-BDC7-38AA6EA3A213}\RP46\A0034835.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).

::Report end

**Angelfire777** · 2007-04-09, 19:13

You got reinfected by vundo..

*Please run vundofix again.

*Click Start > Control Panel > Add or Remove Programs and uninstall the item in bold if found.

WinPcap

*Reboot and delete the following folders:

C:\Program Files\WinPcap
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\micro1

empty your recycle bin.

Please post the vundofix log and a new HijackThis log.

**railman** · 2007-04-09, 20:04

no popups so far!C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\hgggghe.dll
C:\WINDOWS\system32\vamkblcy.dll
C:\WINDOWS\system32\yayyxyv.dll
C:\WINDOWS\system32\yclbkmav.ini
C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\gebyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggghe.dll
C:\WINDOWS\system32\hgggghe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vamkblcy.dll
C:\WINDOWS\system32\vamkblcy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayyxyv.dll
C:\WINDOWS\system32\yayyxyv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yclbkmav.ini
C:\WINDOWS\system32\yclbkmav.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yybeg.ini
C:\WINDOWS\system32\yybeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\yayyxyv.dll
C:\WINDOWS\system32\yayyxyv.dll Has been deleted!

Performing Repairs to the registry.
Done!Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:03:31 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe
C:\Program Files\Tweak-XP Pro 4\Tweak-XP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\warren\Desktop\icons\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Program Files\Tweak-XP Pro 4\autostart.exe"
O4 - HKCU\..\Run: [Pop-Up-Blocker] "C:\Program Files\Tweak-XP Pro 4\popup.exe"
O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ric...GameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1129645445375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129645431937
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sra.cn.ca/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9422 bytes

**railman** · 2007-04-09, 20:05

spoke to soon,just got a popup

Thread: popups in ie and have tried everything :(

Thread Tools

Display

popups in ie and have tried everything :(

Posting Permissions