[Spacelord11011]

hi there, seem to have multiple adware type things offering spyware fixers etc. Until yest i was also unable to access the internet.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:56, on 19/03/2008
Platform: Windows XP SP3, v.3282 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3282)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\WINDOWS\system32\sndt.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\antiviirus.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Belkin\F5D9050\Belkinwcui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\ntos.exe,
O2 - BHO: GNX Rolex - {31BE1B95-DE72-41F3-A6AD-3E38648CA2D8} - E:\WINDOWS\drnpfdxrgq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - D:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: etlrlws - {BEBA880D-1A1B-4A56-8E9F-1D488AA6CE80} - E:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RelevantKnowledge SNDT] "E:\WINDOWS\system32\sndt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [antiviirus] E:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [F5D9050] E:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Workflow] G:\Workflow.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Active Desktop Calendar] E:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: bokpkov - {7C276194-0BE7-43DE-9D4B-BE04DAF2A3F2} - E:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {F3DE6105-1386-4ACD-8C9D-CD1A62EC5921} - E:\WINDOWS\altvxvm.dll (file missing)
O21 - SSODL: WinRunOnce - {68647db8-7303-4f7a-8f16-d1f89284c7b9} - E:\WINDOWS\Installer\{68647db8-7303-4f7a-8f16-d1f89284c7b9}\WinRunOnce.dll (file missing)
O21 - SSODL: zip - {ccd3ee0d-7b72-4f2d-b891-67093750e6ff} - E:\WINDOWS\Installer\{ccd3ee0d-7b72-4f2d-b891-67093750e6ff}\zip.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O24 - Desktop Component 0: Privacy Protection - file:///E:\WINDOWS\privacy_danger\index.htm

--
End of file - 6788 bytes


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/19/2008 at 11:55 AM

Application Version : 4.0.1154

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 01:25:41

Memory items scanned : 394
Memory threats detected : 0
Registry items scanned : 5168
Registry threats detected : 0
File items scanned : 21083
File threats detected : 0


i couldn't use panda active scan as there was a problem with the webpage

any help would be greatly appreciated

Edited by Spacelord11011, 21 March 2008 - 03:30 PM.

[Advertisements]

spyware doctor has detected

adware.agent.bn
advertising.adware
aplication.trackingcookies
trojan-downloader.VB.AXA
Adware.LeosvrBar
RogueAntiSpyware.Ultimate_Cleaner
RogueAntiSpyware.SystemDefender
Adware.OneStepSearch
Spyware.Marketscore_netsetter
Trojan-Spy.ZBot
Adware.Winfixer
Spyware.Possible_Website_Hijack

any help would be appreciated

[Spacelord11011]

spyware doctor has detected

adware.agent.bn
advertising.adware
aplication.trackingcookies
trojan-downloader.VB.AXA
Adware.LeosvrBar
RogueAntiSpyware.Ultimate_Cleaner
RogueAntiSpyware.SystemDefender
Adware.OneStepSearch
Spyware.Marketscore_netsetter
Trojan-Spy.ZBot
Adware.Winfixer
Spyware.Possible_Website_Hijack

any help would be appreciated