 Help Needed Removing Annoying Pop-ups And Suspected Spyware! |
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs  |
 May 1 2007, 05:03 AM
Post
#1
|
|
|
Newbie  Group: Members Posts: 2 Joined: 1-May 07 Member No.: 26,352  |
Hi,
I have been getting these really annoying pop-ups from Ultimate Defender and Ultimate Cleaner, I would really like to know how to remove them. I would also like to know how to remove suspected spyware that I believe is in my computer system. Here is my log: -------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 2:53:46 PM, on 1/05/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\System32\cf91cc87.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\psc_mon.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\winapi32.exe3072.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\dwwin.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\dwwin.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\John\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1C0362E2-9A3D-CA0A-4D7C-0ACC6E59C44B} - C:\WINDOWS\System32\enhaopk.dll O2 - BHO: (no name) - {1DE4FF35-051D-D32A-BDC1-01AD9BAC20B3} - C:\WINDOWS\System32\wojoaxf.dll O2 - BHO: (no name) - {28B2014F-8E1B-3483-BE0F-09558879EA2E} - C:\WINDOWS\System32\qxlbycd.dll O2 - BHO: (no name) - {2F5FF943-8759-8374-16AB-00F6947B435F} - C:\WINDOWS\System32\ijvcqhc.dll O2 - BHO: (no name) - {350FD23C-42D9-BDA0-0110-076EEE37A649} - C:\WINDOWS\System32\sflaefj.dll O2 - BHO: (no name) - {35AF2E3F-FD15-68A2-2602-0B0443F1BA33} - C:\WINDOWS\System32\dmrzqrm.dll O2 - BHO: (no name) - {75A2B4AC-4733-ED1E-CC6D-055171DB6F5F} - C:\WINDOWS\System32\zvrdrei.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.02.0002.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.2001.0001\en-au\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.2001.0001\en-au\msntb.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\gntwain.dll,_mainRD O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [cf91cc87.exe] C:\WINDOWS\System32\cf91cc87.exe O4 - HKLM\..\Run: [enhaopk.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\enhaopk.dll,fpnatk O4 - HKLM\..\Run: [dmrzqrm.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\dmrzqrm.dll,dsixqic O4 - HKLM\..\Run: [rnmiyrd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rnmiyrd.dll,ddjxskf O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\psc_mon.exe O4 - HKLM\..\Run: [ieilewc.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ieilewc.dll,uqfkjr O4 - HKLM\..\Run: [rhzeuin.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rhzeuin.dll,aqbeyed O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\testtestt.exe O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\winapi32.exe3072.exe O4 - HKCU\..\Run: [cf91cc87.exe] C:\Documents and Settings\John\Local Settings\Application Data\cf91cc87.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Startup: .protected O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: .protected O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.easyaccesssite.com/11395-77.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{35F480D1-3218-4989-BB00-0F0854E5A355}: Domain = vic.bigpond.net.au O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe Duplicate deleted - please stick to one thread and do not post multiple threads - miekiemoes This post has been edited by miekiemoes: May 1 2007, 07:48 AM |
 |
 
|
|
May 1 2007, 08:23 AM
Post
#2
|
|
 Malware Killer Dog Group: Volunteer Security Advisor Posts: 4,092 Joined: 17-May 06 From: Belgium Member No.: 2,177 |
As a sidenote... You are really wasting our Helpers valuable time by posting at several other security forums as well:
http://forums.spybot.info/showthread.php?t=13366 http://www.lavasoftsupport.com/index.php?showtopic=8819 http://www.techsupportforum.com/security-c...move-virus.html http://forums.pcpitstop.com/index.php?showtopic=140484 http://forums.pcpitstop.com/index.php?show...p;#entry1360876 That's why I am going to close this thread. We prefer to help someone who doesn't waste our time. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap. Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 20th November 2009 - 10:46 PM |