Popups galore, tried everything to remove - please help

Question

afyfie 0 Newbie Poster

17 Years Ago

Hi out there,

Please can you help me clean my pc. I have all the current software and have tried numerous methods of celaning. If anyone has an i dea that would be great.

Many thanks and best regards

Andrew

Logfile of HijackThis v1.99.1
Scan saved at 11:49:44, on 24.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Medion Info Display\MdionLCM.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Pando Networks\Pando\Pando.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Messenger\Msmsgs.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Microsoft Works\WkDStore.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Programme\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pando] "C:\Programme\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Programme\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Pando] "C:\Programme\Pando Networks\Pando\pando.exe" /Automation
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://platinumplay.microgaming.com/platinumplay/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {50D18D1A-4251-485E-AEE7-0F08A0BDB325} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Programme\M-Audio\Install\EvoInst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programme\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Zope instance at C:\Zope-Instance (Zope_-1444516661) - Unknown owner - C:\Programme\Zope-2.9.2\bin\PythonService.exe

windows-virus

2 Contributors
5 Replies
217 Views
4 Days Discussion Span
Latest Post 17 Years Ago Latest Post by rpggamergirl

All 5 Replies

rpggamergirl 0 Light Poster

17 Years Ago

Hi Andrew,

Can you please rename Hijackthis.exe because I suspect that you may have the Vundo infection that can hide some entries in your log.
Navigate to the directory where you saved Hijackthis.exe:
C:\Program Files\HijackThis\HijackThis.exe

Right-click on hijackthis.exe, then select Rename.
Name it something like: some.exe (or whatever you want)

Then double-click some.exe to scan and then post the new logfile.

rpggamergirl 0 Light Poster

17 Years Ago

Did you run any scanners before you scan with Hijackthis?
You have vundo entries in your log and also a dialer but it seems to have their "file missing" already and you still have popups?

Please run Vundofix if you haven't yet.
1. Please download to your desktop
http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If vundofix doesn't find any files use this alternative "VirtumundoBegone"
Download VirtumundoBegone from here:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
and save it to your desktop. When you have done this doubleclick on VirtumundoBeGone.exe and follow the instructions. When it has finished, reboot. If you like, post the log that is created on your desktop called VBG.TXT in your next reply. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.

2. Also download and run Combofix:
Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

afyfie 0 Newbie Poster · Answer 1 · 2006-10-25T22:07:38+00:00

Hi and thanks so much for getting back to me.

did what you said - its no called some.exe and here is the new scan.
Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 17:56:25, on 25.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Zope-2.9.2\bin\PythonService.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Zope-2.9.2\bin\python.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Medion Info Display\MdionLCM.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Messenger\Msmsgs.exe
C:\Programme\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Microsoft Works\WkDStore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Logitech\Video\AlbumDB2.exe
C:\Program Files\some\some.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\lbscvnbx.dll (file missing)
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Programme\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {6F9904FA-5348-4F86-86F1-AC54D87E6E37} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pando] "C:\Programme\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [VoipStunt] "C:\Programme\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Pando] "C:\Programme\Pando Networks\Pando\pando.exe" /Automation
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://platinumplay.microgaming.com/platinumplay/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: ssqro - C:\WINDOWS\system32\ssqro.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Programme\M-Audio\Install\EvoInst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Zope instance at C:\Zope-Instance (Zope_-1444516661) - Unknown owner - C:\Programme\Zope-2.9.2\bin\PythonService.exe

Hi Andrew,
Can you please rename Hijackthis.exe because I suspect that you may have the Vundo infection that can hide some entries in your log.
Navigate to the directory where you saved Hijackthis.exe:
C:\Program Files\HijackThis\HijackThis.exe

Right-click on hijackthis.exe, then select Rename.
Name it something like: some.exe (or whatever you want)
Then double-click some.exe to scan and then post the new logfile.

afyfie 0 Newbie Poster · Answer 2 · 2006-10-27T18:43:04+00:00

Hi again, i ran ascan with kaspersky and it picked up a fewthings. The pop ups seem to have gone, but the pc was still not performing well.
I have done what you said and it found a few things - here are the logs

Vundo

VundoFix V6.2.6
Checking Java version...
Sun Java not detected
Scan started at 13:54:39 27.10.2006
Listing files found while scanning....
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\orqss.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\orqss.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\orqss.tmp
C:\WINDOWS\system32\orqss.tmp Has been deleted!
Performing Repairs to the registry.
Done!

Then i did a Virtumundo just in case

[10/27/2006, 14:19:29] - VirtumundoBeGone v1.5 ( "C:\Dokumente und Einstellungen\Andrew\Desktop\VirtumundoBeGone.exe" )
[10/27/2006, 14:19:41] - Detected System Information:
[10/27/2006, 14:19:41] - Windows Version: 5.1.2600, Service Pack 2
[10/27/2006, 14:19:41] - Current Username: Andrew (Admin)
[10/27/2006, 14:19:41] - Windows is in NORMAL mode.
[10/27/2006, 14:19:41] - Searching for Browser Helper Objects:
[10/27/2006, 14:19:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/27/2006, 14:19:41] - BHO 2: {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} ()
[10/27/2006, 14:19:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/27/2006, 14:19:42] - Checking for HKLM\...\Winlogon\Notify\lbscvnbx
[10/27/2006, 14:19:42] - Key not found: HKLM\...\Winlogon\Notify\lbscvnbx, continuing.
[10/27/2006, 14:19:42] - BHO 3: {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} (PaltalkWebLogin)
[10/27/2006, 14:19:42] - BHO 4: {6F9904FA-5348-4F86-86F1-AC54D87E6E37} ()
[10/27/2006, 14:19:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/27/2006, 14:19:42] - Checking for HKLM\...\Winlogon\Notify\ssqro
[10/27/2006, 14:19:42] - Found: HKLM\...\Winlogon\Notify\ssqro - This is probably Virtumundo.
[10/27/2006, 14:19:42] - Assigning {6F9904FA-5348-4F86-86F1-AC54D87E6E37} MSEvents Object
[10/27/2006, 14:19:42] - BHO list has been changed! Starting over...
[10/27/2006, 14:19:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/27/2006, 14:19:42] - BHO 2: {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} ()
[10/27/2006, 14:19:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/27/2006, 14:19:42] - Checking for HKLM\...\Winlogon\Notify\lbscvnbx
[10/27/2006, 14:19:42] - Key not found: HKLM\...\Winlogon\Notify\lbscvnbx, continuing.
[10/27/2006, 14:19:42] - BHO 3: {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} (PaltalkWebLogin)
[10/27/2006, 14:19:42] - BHO 4: {6F9904FA-5348-4F86-86F1-AC54D87E6E37} (MSEvents Object)
[10/27/2006, 14:19:42] - ALERT: Found MSEvents Object!
[10/27/2006, 14:19:42] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/27/2006, 14:19:42] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/27/2006, 14:19:42] - Finished Searching Browser Helper Objects
[10/27/2006, 14:19:42] - *** Detected MSEvents Object
[10/27/2006, 14:19:42] - Trying to remove MSEvents Object...
[10/27/2006, 14:19:43] - Terminating Process: IEXPLORE.EXE
[10/27/2006, 14:19:43] - Terminating Process: RUNDLL32.EXE
[10/27/2006, 14:19:43] - Disabling Automatic Shell Restart
[10/27/2006, 14:19:43] - Terminating Process: EXPLORER.EXE
[10/27/2006, 14:19:43] - Suspending the NT Session Manager System Service
[10/27/2006, 14:19:43] - Terminating Windows NT Logon/Logoff Manager
[10/27/2006, 14:19:44] - Re-enabling Automatic Shell Restart
[10/27/2006, 14:19:44] - File to disable: C:\WINDOWS\system32\ssqro.dll
[10/27/2006, 14:19:44] - Removing HKLM\...\Browser Helper Objects\{6F9904FA-5348-4F86-86F1-AC54D87E6E37}
[10/27/2006, 14:19:44] - Removing HKCR\CLSID\{6F9904FA-5348-4F86-86F1-AC54D87E6E37}
[10/27/2006, 14:19:44] - Adding Kill Bit for ActiveX for GUID: {6F9904FA-5348-4F86-86F1-AC54D87E6E37}
[10/27/2006, 14:19:44] - Deleting ATLEvents/MSEvents Registry entries
[10/27/2006, 14:19:44] - Removing HKLM\...\Winlogon\Notify\ssqro
[10/27/2006, 14:19:44] - Searching for Browser Helper Objects:
[10/27/2006, 14:19:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/27/2006, 14:19:44] - BHO 2: {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} ()
[10/27/2006, 14:19:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/27/2006, 14:19:44] - Checking for HKLM\...\Winlogon\Notify\lbscvnbx
[10/27/2006, 14:19:44] - Key not found: HKLM\...\Winlogon\Notify\lbscvnbx, continuing.
[10/27/2006, 14:19:44] - BHO 3: {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} (PaltalkWebLogin)
[10/27/2006, 14:19:44] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/27/2006, 14:19:44] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/27/2006, 14:19:44] - Finished Searching Browser Helper Objects
[10/27/2006, 14:19:44] - Finishing up...
[10/27/2006, 14:19:44] - A restart is needed.
[10/27/2006, 14:19:56] - Attempting to Restart via STOP error (Blue Screen!)

OK and finally the combofix log

Andrew - 06-10-27 14:25:22,31 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\Andrew\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Programme\Gemeinsame Dateien\{38459504-0BB7-1031-1007-050922050031}
C:\Programme\Gemeinsame Dateien\{F8459504-0BB7-1031-1007-050922050031}

((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))

2006-10-12 08:20 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-11 20:36 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-10-08 00:54 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2006-10-08 00:54 118,784 --a------ C:\WINDOWS\system32\pdfmona.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-27 14:26 -------- d-a------ C:\Programme\Gemeinsame Dateien
2006-10-27 14:23 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\Skype
2006-10-27 14:22 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\OpenOffice.org2
2006-10-27 09:59 -------- d-------- C:\Programme\ShareScope
2006-10-27 09:43 -------- d-------- C:\Programme\Google
2006-10-25 00:13 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-10-25 00:04 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-25 00:04 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-24 23:56 -------- d-------- C:\Programme\CA
2006-10-24 23:55 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\Lavasoft
2006-10-24 23:37 -------- d-------- C:\Programme\Logitech
2006-10-24 20:53 -------- d-------- C:\Programme\Kaspersky Lab
2006-10-24 20:47 -------- d---s---- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\Microsoft
2006-10-24 20:47 -------- d-------- C:\Programme\Sunbelt Software
2006-10-22 22:03 -------- d-------- C:\Programme\VSToolbar
2006-10-20 09:07 -------- d-------- C:\Programme\Symantec Technical Support
2006-10-19 22:18 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\SearchToolbarCorp
2006-10-17 21:00 93000 --a------ C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-10-17 17:40 -------- d-------- C:\Programme\PartyGaming
2006-10-15 19:48 -------- d-------- C:\Programme\Lexmark X1100 Series
2006-10-13 12:49 -------- d-------- C:\Programme\Java
2006-10-13 12:31 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\Windows Live Safety Center
2006-10-13 10:57 -------- d-------- C:\Programme\Windows Live Safety Center
2006-10-13 10:34 -------- d-------- C:\Programme\Gemeinsame Dateien\Java
2006-10-13 00:57 -------- d-------- C:\Programme\Grisoft
2006-10-12 15:40 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\Ahead
2006-10-12 14:38 -------- d-------- C:\Programme\Yahoo!
2006-10-12 14:34 -------- d-------- C:\Programme\Steinberg
2006-10-12 14:32 -------- d-------- C:\Programme\Microsoft ActiveSync
2006-10-12 14:29 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-12 14:29 -------- d-------- C:\Programme\Home Cinema
2006-10-12 14:26 -------- d-------- C:\Programme\pdf995
2006-10-12 14:26 -------- d-------- C:\Programme\PageBreeze
2006-10-12 14:22 -------- d-------- C:\Programme\MIDIOX
2006-10-12 14:21 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-10-12 14:17 -------- d-------- C:\Programme\Ableton
2006-10-12 14:16 -------- d-------- C:\Programme\AIM95
2006-10-12 14:07 -------- d-------- C:\Programme\Ipswitch
2006-10-12 14:03 -------- d-------- C:\Programme\Citrix
2006-10-12 14:02 -------- d-------- C:\Programme\CandleWorks
2006-10-12 14:00 -------- d-------- C:\Programme\CoffeeCup Software
2006-10-12 13:58 -------- d-------- C:\Programme\AvantGo
2006-10-12 10:00 -------- d-------- C:\Programme\Microsoft Works
2006-10-12 09:49 -------- d-------- C:\Programme\Messenger
2006-10-12 09:49 -------- d-------- C:\Programme\Medion Info Display
2006-10-12 09:48 -------- d-------- C:\Programme\Internet Explorer
2006-10-12 09:43 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-10-12 09:43 -------- d-------- C:\Programme\Gemeinsame Dateien\LightScribe
2006-10-11 20:39 700 --a------ C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\update.log
2006-10-11 20:39 -------- d-------- C:\Programme\Common Files
2006-10-11 20:36 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\Logs
2006-10-08 12:40 27538 --a------ C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\wklnhst.dat
2006-10-08 00:58 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\pdf995
2006-10-07 21:02 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\AdobeUM
2006-10-02 16:45 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\VoipStunt
2006-10-01 19:10 -------- d-------- C:\Programme\Boson Software
2006-09-28 09:14 -------- d-------- C:\Programme\Audio Recorder Pro
2006-09-26 14:08 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\DataDesign
2006-09-21 14:36 -------- d-------- C:\Dokumente und Einstellungen\Andrew\Anwendungsdaten\Creative
2006-09-21 14:33 -------- d-------- C:\Programme\Creative
2006-09-21 11:54 -------- d-------- C:\Programme\IP Labs Photoservice
2006-09-19 17:37 -------- d-------- C:\Programme\Pando Networks
2006-09-17 19:14 -------- d-------- C:\Programme\OpenOffice.org 2.0
2006-09-14 13:12 -------- d-------- C:\Programme\VTtrader
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-11 18:58 -------- d-------- C:\Programme\MSN Messenger
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"MSMSGS"="\"C:\\Programme\\Messenger\\Msmsgs.exe\" /background"
"LogitechSoftwareUpdate"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot"
"VoipStunt"="\"C:\\Programme\\VoipStunt.com\\VoipStunt\\VoipStunt.exe\" -nosplash -minimized"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"Yahoo! Pager"="\"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Pando"="\"C:\\Programme\\Pando Networks\\Pando\\pando.exe\" /Automation"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AntivirusRegistration"="C:\\Programme\\CA\\Etrust Antivirus\\Register.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"RTHDCPL"="RTHDCPL.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe"
"RemoteControl"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"InstantOn"="\"C:\\Programme\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
"MedionVFD"="\"C:\\Programme\\Medion Info Display\\MdionLCM.exe\""
"Lexmark X1100 Series"="\"C:\\Programme\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"MMTray"="\"C:\\Programme\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"mmtask"="\"C:\\Programme\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"Adobe Photo Downloader"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"AlcFDMonitor"="C:\\WINDOWS\\ALCFDRTM.EXE"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"Pando"="\"C:\\Programme\\Pando Networks\\Pando\\Pando.exe\" /Automation"
@=""
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"kis"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintuh32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-10-27 14:26:43.59
C:\ComboFix.txt ... 06-10-27 14:26

again, thanks for your trouble - i was really completely lost without your help.

Regards,
Andrew

Did you run any scanners before you scan with Hijackthis?
You have vundo entries in your log and also a dialer but it seems to have their "file missing" already and you still have popups?

Please run Vundofix if you haven't yet.
1. Please download to your desktop
http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
If vundofix doesn't find any files use this alternative "VirtumundoBegone"
Download VirtumundoBegone from here:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
and save it to your desktop. When you have done this doubleclick on VirtumundoBeGone.exe and follow the instructions. When it has finished, reboot. If you like, post the log that is created on your desktop called VBG.TXT in your next reply. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.
2. Also download and run Combofix:
Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

rpggamergirl 0 Light Poster · Answer 3 · 2006-10-28T18:50:25+00:00

Good job you also run the VirtumondoBeGone because vundofix was seeing the vundo dll file --> ssqro.dll
but it didn't delete it, all it deleted were the reversed files of the vundo dll(those with extensions .bak, .tmp, .ini etc)

VSToolbar <-- uninstall this program please.

Can you please also post a new hijackthis log and tell me how the pc is going.

Popups galore, tried everything to remove - please help

Recommended Answers Collapse Answers

All 5 Replies

Recommended Answers