Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please review my HJT logfile Thankyou

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please review my HJT logfile Thankyou

Unread postby lmortiss » December 15th, 2005, 2:08 pm

Logfile of HijackThis v1.99.1
Scan saved at 18:06:39, on 15/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital TV\dvbapp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: http://www.mybittorrent.com
O1 - Hosts: http://www.computermarkets.co.uk
O1 - Hosts: compactiongames.about.com
O1 - Hosts: http://www.amazon.co.uk
O1 - Hosts: http://www.annoyances.org
O1 - Hosts: http://www.barefoothorse.com
O1 - Hosts: web.ukonline.co.uk
O1 - Hosts: http://www.equinerehab.co.nz
O1 - Hosts: ww2.focusmm.co.uk
O1 - Hosts: shop.game.net
O1 - Hosts: http://www.gogames.co.uk
O1 - Hosts: http://www.thehorseexchange.com
O1 - Hosts: http://www.thehorseexchange.com
O1 - Hosts: www.malwareremoval.com/forum
O1 - Hosts: http://www.thehorseexchange.com
O1 - Hosts: http://www.play.com
O1 - Hosts: psms.gamebase.ca
O1 - Hosts: http://www.scummvm.org
O1 - Hosts: http://www.barefoottrim.com
O1 - Hosts: housecall60.trendmicro.com
O1 - Hosts: http://www.tribeequus.com
O1 - Hosts: vba.ngemu.com
O1 - Hosts: http://www.bt.com
O1 - Hosts: http://www.cahoot.com
O1 - Hosts:
O1 - Hosts: http://www.adviceguide.org.uk
O1 - Hosts: http://www.citizensadvice.org.uk
O1 - Hosts:
O1 - Hosts: http://www.adviceguide.org.uk
O1 - Hosts: http://www.wales.gov.uk
O1 - Hosts: http://www.nationaldebtline.co.uk
O1 - Hosts: http://www.nochex.com
O1 - Hosts:
O1 - Hosts: http://www.firstfinancial.co.uk
O1 - Hosts: http://www.housingcorp.gov.uk
O1 - Hosts: http://www.national-lottery.co.uk
O1 - Hosts: http://www.housing.wales.gov.uk
O1 - Hosts: http://www.xe.net
O1 - Hosts: http://www.easybg.com
O1 - Hosts: http://www.andr.net
O1 - Hosts: astalavista.box.sk
O1 - Hosts: http://www.crackserver.com
O1 - Hosts: http://www.cracksweb.com
O1 - Hosts: http://www.crackz.ws
O1 - Hosts: crackzplanet.net
O1 - Hosts: http://www.ffflovers.glt.pl
O1 - Hosts: http://www.freeserials.com
O1 - Hosts: jazz3d.cjb.net
O1 - Hosts: uk.geocities.com
O1 - Hosts: nwow.free.fr
O1 - Hosts: nfodb.net
O1 - Hosts: http://www.serialz.to
O1 - Hosts: http://www.serials.ws
O1 - Hosts: http://www.scteam.org
O1 - Hosts: search.astalavista.de
O1 - Hosts: directdl.com
O1 - Hosts: http://www.astalavista.us
O1 - Hosts: codeguys.rpc1.org
O1 - Hosts: http://www.creative.com
O1 - Hosts: http://www.daytek.ca
O1 - Hosts: http://www.dtg.org.uk
O1 - Hosts: members.driverguide.com
O1 - Hosts: http://www.liteonit.com.tw
O1 - Hosts: http://www.liteonit.com.tw
O1 - Hosts: club.cdfreaks.com
O1 - Hosts: dhc014.rpc1.org
O1 - Hosts: http://www.nvidia.com
O1 - Hosts: http://www.soundblaster.com
O1 - Hosts: forum.rpc1.org
O1 - Hosts: http://www.epson.co.uk
O1 - Hosts: http://www.ultima.com.tw
O1 - Hosts: http://www.windrivers.com
O1 - Hosts: forums.afterdawn.com
O1 - Hosts: http://www.audiovideosoft.com
O1 - Hosts: www6.cd-wow.com
O1 - Hosts: http://www.cdcovers.cc
O1 - Hosts: http://www.dvdanswers.com
O1 - Hosts: mintiebear.bravehost.com
O1 - Hosts: movies.go.com
O1 - Hosts: http://www.imdb.com
O1 - Hosts: ukdvdr.co.uk
O1 - Hosts: http://www.vcdquality.com
O1 - Hosts: videodetective.com
O1 - Hosts: http://www.dvd.reviewer.co.uk
O1 - Hosts: home.bt.yahoo.com
O1 - Hosts: uk.tickle.com
O1 - Hosts: http://www.microsoft.com
O1 - Hosts: panel.gfkmedia.co.uk
O1 - Hosts: http://www.safer-networking.org
O1 - Hosts: login.passport.net
O1 - Hosts: http://www.solo.pipex.net
O1 - Hosts: http://www.mortiis.com
O1 - Hosts: uk.geocities.yahoo.com
O1 - Hosts: privacy.yahoo.com
O1 - Hosts: uk.yahoo.com
O1 - Hosts: http://www.free-isp-uk.co.uk
O1 - Hosts: http://www.uko1.co.uk
O1 - Hosts: http://www.freeukisp.co.uk
O1 - Hosts: http://www.net4nowt.com
O1 - Hosts: http://www.ukonline.net
O1 - Hosts: http://www.uku.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital TV.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .MP4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/y ... r1_8us.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/d ... se1524.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8706711256
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/template ... rol023.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/a ... Atchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{48994251-BDD1-45E5-A208-BC13B05F93F9}: NameServer =
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

I would like to wish All you at Malware
A Very Merry Xmas and Prosperous New Year

LLoyd Moritss
Active Member
Posts: 4
Joined: March 23rd, 2005, 5:48 am
Register to Remove

Unread postby NonSuch » December 15th, 2005, 4:43 pm

Happy Holidays to you, and welcome back to the forums! :)

HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it on your "C" drive and name it HJT, HijackThis, or something similar. Then place the program, HijackThis.exe, into that new folder. Delete the HijackThis zip file.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

Click on Fix Checked when finished and exit HijackThis.

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on "Options" at the top of the window, then click on the "advanced" button. deselect "Only delete files in Windows Temp folders older than 48 hours." Click on "OK."
  • Click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.

Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

1) Run Ad-Aware, and click Check for updates now.

2) Select Configurations (click the Gear wheel at the top) as follows:
  • General Button > Safety & Settings: Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Click Proceed.

3) To start the scan, Click > "Scan Now" at left
  • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
  • Select "Search for low-risk threats"
  • Select "Perform full system scan"
  • Click Next
4) When the scan has completed, select Next.
  • In the Scanning Results window, select the "Critical Objects" tab.
  • Right-click on the screen and choose "Select all objects"
  • Click Next to remove the infections found, and click OK to the prompt.
  • Restart the computer.

Then, please run this online virus scan:
ActiveScan Allow it to remove all that it may find. Reboot when finished.

You are also using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of perceived vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 5.0 Update 6 .

To check your version to see if it is the latest version, Please go to this link to verify your version to get the updates needed:

You'll need to use IE and allow ActiveX for this update. Follow the instructions on that page to verify Your Java software.

Or you can get the manual download here:

Once you have installed the latest update, please go to Add/Remove Programs and remove all older instances of Java listed there.

When you've finished with all of the above, please post a fresh HijackThis log into this same thread. Also, please let me know how your system is running now. :)
User avatar
Posts: 28239
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby NonSuch » December 28th, 2005, 4:25 pm

Whilst we appreciate that you may be busy, it has been 10 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum.

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Posts: 28239
Joined: February 23rd, 2005, 7:08 am
Location: California

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 71 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware