Free Malware Removal Forum

[Blizzmosis]

Hello-

I've got popup ads that wont go away dispite all my efforts with spyware removal programs. Please help, much appreciated-

Chris

My log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:28 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\jwprxvl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Karen\My Documents\?icrosoft\d?dplay.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\service.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C3BB3852-82CD-AB17-E829-FA8A42F9259A} - C:\WINDOWS\system32\rpmgpeg.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Media Protection] wmpsvc.exe
O4 - HKLM\..\Run: [Windows Firewall Service] wfsvc.exe
O4 - HKLM\..\Run: [ke] C:\WINDOWS\system32\ke.exe
O4 - HKLM\..\Run: [ahgjdfkpew] C:\WINDOWS\system32\ahgjdfkpew.exe
O4 - HKLM\..\Run: [xynnx] C:\WINDOWS\system32\xynnx.exe
O4 - HKLM\..\Run: [ktcx] C:\WINDOWS\system32\ktcx.exe
O4 - HKLM\..\Run: [noehfskpraw] C:\WINDOWS\system32\noehfskpraw.exe
O4 - HKLM\..\Run: [ptp] C:\WINDOWS\system32\ptp.exe
O4 - HKLM\..\Run: [whcbfy] C:\WINDOWS\system32\whcbfy.exe
O4 - HKLM\..\Run: [apcrquamszi] C:\WINDOWS\system32\apcrquamszi.exe
O4 - HKLM\..\Run: [wrphxqe] C:\WINDOWS\system32\wrphxqe.exe
O4 - HKLM\..\Run: [ztxx] C:\WINDOWS\system32\ztxx.exe
O4 - HKLM\..\Run: [nbzopylhjl] C:\WINDOWS\system32\nbzopylhjl.exe
O4 - HKLM\..\Run: [jpjfrz] C:\WINDOWS\system32\jpjfrz.exe
O4 - HKLM\..\Run: [s] C:\WINDOWS\system32\s.exe
O4 - HKLM\..\Run: [aqymlmhvs] C:\WINDOWS\system32\aqymlmhvs.exe
O4 - HKLM\..\Run: [xamrpdw] C:\WINDOWS\system32\xamrpdw.exe
O4 - HKLM\..\Run: [funavfn] C:\WINDOWS\system32\funavfn.exe
O4 - HKLM\..\Run: [jwprxvl] C:\WINDOWS\system32\jwprxvl.exe
O4 - HKLM\..\Run: [ytqp] C:\WINDOWS\system32\ytqp.exe
O4 - HKLM\..\Run: [whndk] C:\WINDOWS\system32\whndk.exe
O4 - HKLM\..\Run: [osxrtdkcor] C:\WINDOWS\system32\osxrtdkcor.exe
O4 - HKLM\..\Run: [dtykxl] C:\WINDOWS\system32\dtykxl.exe
O4 - HKLM\..\Run: [doco] C:\WINDOWS\system32\doco.exe
O4 - HKLM\..\Run: [rziganik] C:\WINDOWS\system32\rziganik.exe
O4 - HKLM\..\Run: [mrrjokk] C:\WINDOWS\system32\mrrjokk.exe
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKLM\..\RunServices: [ke] C:\WINDOWS\system32\ke.exe
O4 - HKLM\..\RunServices: [ahgjdfkpew] C:\WINDOWS\system32\ahgjdfkpew.exe
O4 - HKLM\..\RunServices: [xynnx] C:\WINDOWS\system32\xynnx.exe
O4 - HKLM\..\RunServices: [ktcx] C:\WINDOWS\system32\ktcx.exe
O4 - HKLM\..\RunServices: [noehfskpraw] C:\WINDOWS\system32\noehfskpraw.exe
O4 - HKLM\..\RunServices: [ptp] C:\WINDOWS\system32\ptp.exe
O4 - HKLM\..\RunServices: [whcbfy] C:\WINDOWS\system32\whcbfy.exe
O4 - HKLM\..\RunServices: [apcrquamszi] C:\WINDOWS\system32\apcrquamszi.exe
O4 - HKLM\..\RunServices: [wrphxqe] C:\WINDOWS\system32\wrphxqe.exe
O4 - HKLM\..\RunServices: [ztxx] C:\WINDOWS\system32\ztxx.exe
O4 - HKLM\..\RunServices: [nbzopylhjl] C:\WINDOWS\system32\nbzopylhjl.exe
O4 - HKLM\..\RunServices: [jpjfrz] C:\WINDOWS\system32\jpjfrz.exe
O4 - HKLM\..\RunServices: [s] C:\WINDOWS\system32\s.exe
O4 - HKLM\..\RunServices: [aqymlmhvs] C:\WINDOWS\system32\aqymlmhvs.exe
O4 - HKLM\..\RunServices: [xamrpdw] C:\WINDOWS\system32\xamrpdw.exe
O4 - HKLM\..\RunServices: [funavfn] C:\WINDOWS\system32\funavfn.exe
O4 - HKLM\..\RunServices: [jwprxvl] C:\WINDOWS\system32\jwprxvl.exe
O4 - HKLM\..\RunServices: [ytqp] C:\WINDOWS\system32\ytqp.exe
O4 - HKLM\..\RunServices: [whndk] C:\WINDOWS\system32\whndk.exe
O4 - HKLM\..\RunServices: [osxrtdkcor] C:\WINDOWS\system32\osxrtdkcor.exe
O4 - HKLM\..\RunServices: [dtykxl] C:\WINDOWS\system32\dtykxl.exe
O4 - HKLM\..\RunServices: [doco] C:\WINDOWS\system32\doco.exe
O4 - HKLM\..\RunServices: [rziganik] C:\WINDOWS\system32\rziganik.exe
O4 - HKLM\..\RunServices: [mrrjokk] C:\WINDOWS\system32\mrrjokk.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Rcas] "C:\WINDOWS\CROSOF~1.NET\wowexec.exe" -vt ndrv
O4 - HKCU\..\Run: [Zldpbvy] "C:\Documents and Settings\Karen\My Documents\?icrosoft\d?dplay.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Print Spooler Service (adiluexii0bli5uo) - Unknown owner - C:\WINDOWS\system32\jpjfrz.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (file missing)
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (file missing)

--
End of file - 10250 bytes

[km2357]

Hello and welcome to The Malware Removal Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

Since I am still in training, I have to let experts check the content of my fixes before I post them so please be patient.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


I will be back as soon as possible with your first instructions!

[Blizzmosis]

Sounds good - thanks so much

Chris-

[Blizzmosis]

Hi again-

I solved my spyware problem. Thanks again for your time and efforts.

Chris

[km2357]

Hi Chris.

Your original HiJackThis Log showed you to be heavily infected. I would like for you to post a fresh HJT log for me to look at it to see whether or not your computer is clean.

[askey127]

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.