simmo123

Hi,

I have been getting these really annoying pop-ups from Ultimate Defender and Ultimate Cleaner, I would really like to know how to remove them.
I would also like to know how to remove suspected spyware that I believe is in my computer system.

Here is my log:

--------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:53:46 PM, on 1/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\cf91cc87.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\psc_mon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\winapi32.exe3072.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 67.15.57.172 auto.search.msn.com #NETVISION
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C0362E2-9A3D-CA0A-4D7C-0ACC6E59C44B} - C:\WINDOWS\System32\enhaopk.dll
O2 - BHO: (no name) - {1DE4FF35-051D-D32A-BDC1-01AD9BAC20B3} - C:\WINDOWS\System32\wojoaxf.dll
O2 - BHO: (no name) - {28B2014F-8E1B-3483-BE0F-09558879EA2E} - C:\WINDOWS\System32\qxlbycd.dll
O2 - BHO: (no name) - {2F5FF943-8759-8374-16AB-00F6947B435F} - C:\WINDOWS\System32\ijvcqhc.dll
O2 - BHO: (no name) - {350FD23C-42D9-BDA0-0110-076EEE37A649} - C:\WINDOWS\System32\sflaefj.dll
O2 - BHO: (no name) - {35AF2E3F-FD15-68A2-2602-0B0443F1BA33} - C:\WINDOWS\System32\dmrzqrm.dll
O2 - BHO: (no name) - {75A2B4AC-4733-ED1E-CC6D-055171DB6F5F} - C:\WINDOWS\System32\zvrdrei.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.02.0002.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.2001.0001\en-au\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.2001.0001\en-au\msntb.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\gntwain.dll,_mainRD
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [cf91cc87.exe] C:\WINDOWS\System32\cf91cc87.exe
O4 - HKLM\..\Run: [enhaopk.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\enhaopk.dll,fpnatk
O4 - HKLM\..\Run: [dmrzqrm.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\dmrzqrm.dll,dsixqic
O4 - HKLM\..\Run: [rnmiyrd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rnmiyrd.dll,ddjxskf
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\psc_mon.exe
O4 - HKLM\..\Run: [ieilewc.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ieilewc.dll,uqfkjr
O4 - HKLM\..\Run: [rhzeuin.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rhzeuin.dll,aqbeyed
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\testtestt.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\winapi32.exe3072.exe
O4 - HKCU\..\Run: [cf91cc87.exe] C:\Documents and Settings\John\Local Settings\Application Data\cf91cc87.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: .protected
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.easyaccesssite.com/11395-77.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{35F480D1-3218-4989-BB00-0F0854E5A355}: Domain = vic.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

src2206

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

simmo123

Okay thank you very much for replying.

src2206

I'll back as soon as possible

simmo123

No problem

tetonbob

Hello, simmo123 -

I understand you're trying to get help as quickly as possible, but you need to know how bad it is to post help all across the community for the same issue.

http://www.techsupportforum.com/secu...sting-log.html

This dilutes the help of malware fighters everywhere, as now more than one person has reviewed and commented in your many threads.

I see all these others have now closed.

http://forums.spybot.info/showthread.php?t=13366
http://www.lavasoftsupport.com/index.php?showtopic=8819
http://forums.pcpitstop.com/index.php?showtopic=140484
http://forums.pcpitstop.com/index.ph...&#entry1360876

We'll be helping you, if you will stay here and finish the vast amount of work there is to do to clean this system. You're seriously infected, and part of that is due to the apparent lack of Anti-Virus program on your machine. Another part is the lack of all Windows Updates. We'll be addressing that during the course of this fix.

Let us know you understand what I've said here, and are willing to do what it takes to clean up and protect your machine.

If you are, we will continue.

tetonbob

user's being helped here, at yet another forum....

http://discussions.virtualdr.com/sho...d.php?t=219762



This one's closed.