There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod computer connection crash dcom dell driver drivers email error excel firefox freeze google hard drive hardware hijackthis internet laptop logon logs off macro malware motherboard network networking problem ram redirect router screen slow software sound trojan usb userinit.exe virus vista webcam wifi windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
unwanted pop ups. (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
jimmy029's Avatar
Junior Member with 5 posts.
  
Join Date: May 2007
Experience: Intermediate
15-May-2007, 02:38 PM #1
unwanted pop ups.
Hi I been looking around your website and have noticed that you are able to help people get rid of unwanted popups...
I have this problem and it is driving me mad...

Can you help??I really need it..

Logfile of HijackThis v1.99.1
Scan saved at 19:38:16, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Common Files\{C06AAD6B-0AE9-2057-0902-04031022002c}\Update.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\System32\alg.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.iol.ie/cgi-bin/dslcd...iate=IB2220003
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://register.iol.ie/cgi-bin/dslcd...iate=IB2220003
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {67E9FE41-14FA-1B5B-F03B-69E33C9BAAC1} - C:\WINDOWS\system32\hhtsxst.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {84877FC7-64A4-4BCC-985F-DC13F4017BAE} - C:\Program Files\Internet Explorer\hokelot.dll
O2 - BHO: 0 - {A9F87D46-B4CF-4E02-E49E-6B1127BB7E99} - C:\Program Files\CyberLink\lavufavem.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program Files\Web Buying\v1.6.8\webbuying.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Broken Internet access because of LSP provider 'lsp32.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe


_____________________________________

Also here is an uninstall list after I run a list in the misc section of Hijack This...

21com-Casino
3GP Video Converter 3
Adobe Reader 7.0
Adobe® Photoshop® Album Starter Edition 3.0
Album Cover Art Downloader 1.6.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AudibleManager
AviSynth 2.5
Bebo - Skype 3.1
BlueSoleil
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
DeluxeCommunications
Disc2Phone
DVD Decrypter (Remove Only)
Enter Casino
EphPod
GameSpy Arcade
Google Toolbar for Internet Explorer
Hamsterball Gold 2.18m
Hijackthis 1.99.1
HijackThis 1.99.1
Icy Tower v1.3.1
igLoader 2,0,0,2
iMesh
iPod for Windows 2006-01-10
iTunes
iTunes Art Importer
J2SE Runtime Environment 5.0 Update 8
Lexmark 4300 Series
Lexmark X1100 Series
Macromedia Flash Player 8
Macromedia Shockwave Player
Mavis Beacon Teaches Typing 12 Standard
MediaMonkey 2.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 SR-1 Professional
Microsoft Windows Journal Viewer
Mp3-Tag Studio 3.05
MSN Messenger 6.2
MSXML 4.0 SP2 (KB927978)
MusicBrainz Picard 0.7.0
MusicBrainz Tagger 0.10.5
Napster
Napster Burn Engine
New.net Domains 7.48
Nokia Connectivity Cable Driver
Nokia PC Suite
PartyCasino
PCEye2000
PCFriendly
PokerRoom.com (remove only)
Power2Go 4.0
PowerDVD
PowerStarter
QuickTime
RelevantKnowledge
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SigmaTel MSCN Audio Player
Skype add-on for IE
Skype Plugin Manager
Smart Link 56K Voice Modem
Sony Ericsson PC Suite
SoundMAX
Spybot - Search & Destroy 1.4
Tag&Rename 3.2
Uninstall Startup Inspector
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Videora iPod Converter 0.92
Web Buying
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Yahoo! Internet Mail
ZENcast Organizer

Hope you can help me..
Thanks
Jimmy

Can you help at all??
Register for free to hide this ad!
Cheeseball81's Avatar
Moderator with 74,473 posts.
  
Join Date: Mar 2004
Location: New York
15-May-2007, 04:15 PM #2
Hi and welcome to TSG

* Click here to download LSP Fix.

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of rlls.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.

Boot into Safe Mode (start tapping the F8 key at Startup, before the Windows logo screen)

Find and delete this file: c:\windows\system32\rlls.dll

Reboot to Normal Mode.

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/supe....html?rid=3132


Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new Hijack This log.
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
jimmy029's Avatar
Junior Member with 5 posts.
  
Join Date: May 2007
Experience: Intermediate
16-May-2007, 01:31 PM #3
Hi Thanks for your very helpful information on this ....

Here is the spyware log and the Hijack log also....


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 16/05/2006 at 18:25 pm

Application Version : 3.7.1018

Core Rules Database Version : 3239
Trace Rules Database Version: 1250

Scan type : Complete Scan
Total Scan Time : 00:06:49

Memory items scanned : 368
Memory threats detected : 6
Registry items scanned : 5444
Registry threats detected : 115
File items scanned : 3682
File threats detected : 52

Adware.DeluxeCommunications
C:\WINDOWS\SYSTEM32\DXCLIB303562752.DLL
C:\WINDOWS\SYSTEM32\DXCLIB303562752.DLL
C:\PROGRAM FILES\DELUXECOMMUNICATIONS\DXCBHO.DLL
C:\PROGRAM FILES\DELUXECOMMUNICATIONS\DXCBHO.DLL
[DeluxeCommunications] C:\PROGRAM FILES\DELUXECOMMUNICATIONS\DXC.EXE
C:\PROGRAM FILES\DELUXECOMMUNICATIONS\DXC.EXE
[DeluxeCommunications] C:\PROGRAM FILES\DELUXECOMMUNICATIONS\DXC.EXE
HKLM\Software\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}
HKCR\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}
HKCR\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}\InprocServer32
HKCR\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}\InprocServer32#ThreadingModel
HKU\S-1-5-21-1834990594-2678258827-2887544184-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks#{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}
HKCR\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}
HKU\S-1-5-21-1834990594-2678258827-2887544184-1007\Software\DeluxeCommunications
HKLM\Software\DeluxeCommunications
HKLM\Software\DeluxeCommunications\Internet Explorer
HKLM\Software\DeluxeCommunications\Internet Explorer#PInfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeluxeCommunicatio ns
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeluxeCommunicatio ns#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeluxeCommunicatio ns#UninstallString
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#DeluxeCommunications [ C:\Program Files\DeluxeCommunications\Dxc.exe ]
HKU\S-1-5-21-1834990594-2678258827-2887544184-1007\Software\Microsoft\Windows\CurrentVersion\Run#DeluxeCommunications [ C:\Program Files\DeluxeCommunications\Dxc.exe ]
C:\Program Files\DeluxeCommunications\DxcCore.dll
C:\Program Files\DeluxeCommunications

Trojan.NewDotNet-Installer
C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET7_48.DLL
C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET7_48.DLL
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL

Trojan.Update-Mcboo
C:\PROGRAM FILES\COMMON FILES\{C06AAD6B-0AE9-2057-0902-04031022002C}\UPDATE.EXE
C:\PROGRAM FILES\COMMON FILES\{C06AAD6B-0AE9-2057-0902-04031022002C}\UPDATE.EXE

Adware.IPWins
C:\PROGRAM FILES\IPWINDOWS\IPWINS.EXE
C:\PROGRAM FILES\IPWINDOWS\IPWINS.EXE
[IpWins] C:\PROGRAM FILES\IPWINDOWS\IPWINS.EXE
HKU\S-1-5-21-1834990594-2678258827-2887544184-1007\Software\IpWins
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\UnInstall.exe
C:\Program Files\ipwindows

Trojan.NewDotNet
[New.net Startup] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32#ThreadingModel
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\ProgID
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKCR\Tldctl2.URLLink
HKCR\Tldctl2.URLLink\CLSID
HKCR\Tldctl2.URLLink\CurVer
HKCR\Tldctl2.URLLink.1
HKCR\Tldctl2.URLLink.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayNam e
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#UninstallS tring
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayIco n
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayVer sion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#URLInfoAbo ut
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#URLUpdateI nfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#VersionMaj or
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#VersionMin or
HKU\S-1-5-21-1834990594-2678258827-2887544184-1007\Software\New.net
HKLM\Software\New.net
HKLM\Software\New.net#DiscardTag
HKLM\Software\New.net#FirstTime
HKLM\Software\New.net#Prt
HKLM\Software\New.net#NextUpgradeHi
HKLM\Software\New.net#NextUpgradeLo
HKLM\Software\New.net#UpgradeCounter
HKLM\Software\New.net#Activity
HKLM\Software\New.net#InstalledVersion
HKLM\Software\New.net#InstalledPath
HKLM\Software\New.net#Tag
HKLM\Software\New.net#Source
C:\Program Files\NewDotNet

Trojan.ZQuest
HKLM\Software\Classes\CLSID\{84877FC7-64A4-4BCC-985F-DC13F4017BAE}
HKCR\CLSID\{84877FC7-64A4-4BCC-985F-DC13F4017BAE}
HKCR\CLSID\{84877FC7-64A4-4BCC-985F-DC13F4017BAE}
HKCR\CLSID\{84877FC7-64A4-4BCC-985F-DC13F4017BAE}\InProcServer32
HKCR\CLSID\{84877FC7-64A4-4BCC-985F-DC13F4017BAE}\InProcServer32#ThreadingModel
C:\PROGRAM FILES\INTERNET EXPLORER\HOKELOT.DLL
HKLM\Software\Classes\CLSID\{A9F87D46-B4CF-4E02-E49E-6B1127BB7E99}
HKCR\CLSID\{A9F87D46-B4CF-4E02-E49E-6B1127BB7E99}
HKCR\CLSID\{A9F87D46-B4CF-4E02-E49E-6B1127BB7E99}\InProcServer32
HKCR\CLSID\{A9F87D46-B4CF-4E02-E49E-6B1127BB7E99}\InProcServer32#ThreadingModel
C:\PROGRAM FILES\CYBERLINK\LAVUFAVEM.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84877FC7-64A4-4BCC-985F-DC13F4017BAE}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9F87D46-B4CF-4E02-E49E-6B1127BB7E99}

Adware.WebBuying Assistant
HKLM\Software\Classes\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}
HKCR\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}
HKCR\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}
HKCR\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}#AppID
HKCR\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}\InprocServer32
HKCR\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}\InprocServer32#ThreadingModel
HKCR\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}\ProgID
HKCR\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}\Programmable
HKCR\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}\TypeLib
HKCR\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}\VersionIndependentProgID
C:\PROGRAM FILES\WEB BUYING\V1.6.8\WEBBUYING.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C318CD44-E327-4377-A28E-6EC16A921AE8}

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C1B4DEC2-2623-438e-9CA2-C9043AB28508}

Adware.Tracking Cookie
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@adopt.euroclick[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@kanoodle[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@ad.zanox[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@atdmt[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@banners.searchingbooth[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@doubleclick[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@ads.marketingsector[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@ads.k8l[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@adtech[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@bluestreak[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@fastclick[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@stats.rabodirect[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@targetnet[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@www.adtrak[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@hitbox[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@ehg-bskyb.hitbox[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@azjmp[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@cgi-bin[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@ads.adbrite[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@ads.z-quest[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@cpvfeed[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@partygaming.122.2o7[1].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@adbrite[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@videoegg.adbureau[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@dxcdirect[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@ad.yieldmanager[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@ad.103092804[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@2o7[2].txt
C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@rotator.its.adjuggler[1].txt

Adware.WhenU
HKCR\WUSN.1
HKCR\WUSN.1#WUSN_Id
C:\Program Files\Save\SaveNowupdate.exe
C:\Program Files\Save

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR

Trojan.WinBo32/Enhance
HKLM\Software\System\sysold
HKLM\Software\System\sysold#sys011066750613-.exe

Trojan.Svchosts
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLIENT_IP-IPX\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#Type
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#Start
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Security
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Enum#NextInstance

Adware.Web Buying
C:\Program Files\Web Buying\v1.6.8\wbuninst.exe
C:\Program Files\Web Buying\v1.6.8\webbuying.exe
C:\Program Files\Web Buying\v1.6.8
C:\Program Files\Web Buying
HKU\S-1-5-21-1834990594-2678258827-2887544184-1007\Software\WebBuying
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying#DisplayN ame
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying#Uninstal lString

Adware.Casino Games (Golden Palace Casino)
C:\CASINO\ENTER CASINO\CASINO.EXE
________________________________________________________
________________________________________________________
________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 18:33:09, on 16/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.iol.ie/cgi-bin/dslcd...iate=IB2220003
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://register.iol.ie/cgi-bin/dslcd...iate=IB2220003
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {67E9FE41-14FA-1B5B-F03B-69E33C9BAAC1} - C:\WINDOWS\system32\hhtsxst.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe


thanks
Jimmy
Cheeseball81's Avatar
Moderator with 74,473 posts.
  
Join Date: Mar 2004
Location: New York
16-May-2007, 05:36 PM #4
Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
jimmy029's Avatar
Junior Member with 5 posts.
  
Join Date: May 2007
Experience: Intermediate
20-May-2007, 10:33 AM #5
Contents of Active Scan
Hi asw requested here is the contents of the active scan.
Sorry for the delay

it would not let me post all the files as it was over 30000 characters..
so i have posted all the entries that it has classes as not Disinfected
i have had to spread it over two posts



Incident Status Location

Spyware:spyware/marketscore Not disinfected c:\windows\system32\rlvknlg.exe

Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Kitty Henchey\Desktop\Click to Find and Fix Errors.url
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall6_38.exe
Potentially unwanted tool:application/mediapipe Not disinfected c:\program files\License_Manager
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\ToolBar

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@ad.yieldmanager[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@adrevolver[3].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@cassava[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@clickbank[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@fastclick[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@findwhat[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@mediaplex[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@tribalfusion[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@www.myaffiliateprogram[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kitty Henchey\Cookies\kitty henchey@zedo[2].txt
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\Kitty Henchey\Desktop\tag software\TagASaurus.exe
jimmy029's Avatar
Junior Member with 5 posts.
  
Join Date: May 2007
Experience: Intermediate
20-May-2007, 10:34 AM #6
part two
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\!update.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\b122.exe
Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\b136.exe
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\Cookies\kitty henchey@adtech[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\Cookies\kitty henchey@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\Cookies\kitty henchey@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\Cookies\kitty henchey@mediaplex[1].txt
Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\i11B.tmp
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\nsy101.tmp\Services.dll
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\sdexe.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temporary Internet Files\Content.IE5\HO91Z5TV\122[1].net
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temporary Internet Files\Content.IE5\IMBCJW9S\hGFdeYYm64pUIdwQ[1].exe
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Kitty Henchey\Local Settings\Temporary Internet Files\Content.IE5\IQUX5H0A\VTTC[1].exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1670OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1670OinUninstaller.exe
Adware:Adware/888Bar Not disinfected C:\Program Files\Common Files\{306AAD6B-0AE9-2057-0902-04031022002c}\Bar888.dll
Adware:Adware/888Bar Not disinfected C:\Program Files\Common Files\{306AAD6B-0AE9-2057-0902-04031022002c}\UnInstall.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{C06AAD6B-0AEA-2057-0902-04031022002c}\system.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{C06AAD6B-0AEA-2057-0902-04031022002c}\Update.exe
Adware:Adware/Itbill Not disinfected C:\Program Files\fsupport\notifier.exe
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\License_Manager\license_manager.exe

Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-18\Dc1\system.dll
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-18\Dc1\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc55\ipwins.dll
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc55\UnInstall.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc65\ipwins.dll
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc65\ipwins.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc65\UnInstall.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc79\ipwins.dll
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc79\ipwins.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc79\UnInstall.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc80\ipwins.dll
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc80\ipwins.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc80\UnInstall.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc81\ipwins.dll
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc81\ipwins.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-1007\Dc81\UnInstall.exe
Potentially unwanted tool:Application/OSSProxy Not disinfected C:\RECYCLER\S-1-5-21-1834990594-2678258827-2887544184-500\Dc1.dll
Adware:Adware/DigInk Not disinfected C:\WINDOWS\109uninst.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_48.exe
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\bkd.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\system32\bund1\2new.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\system32\bund1\ClientBundle1.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\bund1\Delcom.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\bund1\mac.exe[109uninst.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\bund1\mac.exe[TagASaurus.exe]
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\bund1\Yzz.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\system32\bund1\zq.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\drivers\core.sys
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\WINDOWS\system32\entry.dll
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\unsvchosts.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\VTTC.exe
Cheeseball81's Avatar
Moderator with 74,473 posts.
  
Join Date: Mar 2004
Location: New York
20-May-2007, 09:32 PM #7
Now post a new Hijack This log so we can proceed with removal.
jimmy029's Avatar
Junior Member with 5 posts.
  
Join Date: May 2007
Experience: Intermediate
23-May-2007, 12:53 PM #8
hijack as requested
Hi Here is hijack log as requested...thanks


Logfile of HijackThis v1.99.1
Scan saved at 17:55:00, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.iol.ie/cgi-bin/dslcd...iate=IB2220003
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://register.iol.ie/cgi-bin/dslcd...iate=IB2220003
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {67E9FE41-14FA-1B5B-F03B-69E33C9BAAC1} - C:\WINDOWS\system32\hhtsxst.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
Cheeseball81's Avatar
Moderator with 74,473 posts.
  
Join Date: Mar 2004
Location: New York
23-May-2007, 05:00 PM #9
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote:
Files to delete:
C:\WINDOWS\system32\dxclib303562752.dll
C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\!update.exe
C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\b122.exe
C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\b136.exe
C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\i11B.tmp
C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\nsy101.tmp
C:\Documents and Settings\Kitty Henchey\Local Settings\Temp\sdexe.exe
C:\Program Files\Common Files\Yazzle1670OinAdmin.exe
C:\Program Files\Common Files\Yazzle1670OinUninstaller.exe
C:\WINDOWS\109uninst.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall7_48.exe
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\system32\bkd.exe
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\entry.dll
C:\WINDOWS\system32\unsvchosts.exe
C:\WINDOWS\VTTC.exe

Folders to delete:
C:\Program Files\DeluxeCommunications
C:\Program Files\Common Files\{306AAD6B-0AE9-2057-0902-04031022002c}
C:\Program Files\License_Manager
C:\WINDOWS\system32\bund1

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

O2 - BHO: (no name) - {67E9FE41-14FA-1B5B-F03B-69E33C9BAAC1} - C:\WINDOWS\system32\hhtsxst.dll (file missing)

O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe

O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe

O20 - AppInit_DLLs: dxclib303562752.dll


Reboot and post another Hijack This log please.

Also, empty your Recycle Bin.
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
Closed Thread Bookmark and Share   techguy.org/573774

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 12:15 PM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2010, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.