Hi,
I am on Windows XP Home and keep getting trend micro pop-ups telling me i have 2 viruses, ADW MWAREWIPE.A & ADW REPLACE.C i have no idea what they r or how to get rid of them, im not too shabby with following directions so if anyone can help i would be sooo grateful. thanks!!

megsy

Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here when you post the Hijack This log.

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.

Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

thankyou so much for the quick response will check it out and tell you how it went!

megsy

Hi Jabuck,
Im sorry but for some reason i cant load up kaspersky on my internet window! any other address in the whole world will load up except this one, it just times out. i have also googled it and clicked on the shortcut and also written the address in myself and still nothing- how frustrating!

megsy

See if this one will load, if not just post the HT log and we will go from there.

Run this free online scan from Panda

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.

Hi Jabuck,
Well, Well, Well.
it looks as though im up to the hilt in stuff... thanks for the scan program, what r your thoughts on this 1?!!
and another thing how come trend micro, spybot, and ad aware didnt pik up on this stuff?!
plus after every virus pik up it says "not disinfected" but i got rid of it to save msg space...
Incident Status Location Adware:adware/emediacodec C:\WINDOWS\system32\ldD6C8.tmp Adware:adware/emediacodec C:\WINDOWS\SYSTEM32\dfrgsrv.exe Adware:adware/adsmart C:\WINDOWS\SYSTEM32\kernels64.exe Adware:adware/swimsuitnetwork C:\WINDOWS\SYSTEM32\MYDLL.dll
Adware:adware/securityerror C:\WINDOWS\SYSTEM3\ot.ico Adware:adware/razespyware C:\WINDOWS\SYSTEM32\white.lst Adware:adware/cws.searchmeup C:\WINDOWS\flag.bla Adware:adware/wupd C:\PROGRAM FILES\MediaGateway Potentially unwanted tool:application/winantivirus2006 C:\PROGRAM FILES\COMMON FILES\WinAntiVirus Pro 2006 Adware:adware/cws.yexe C:\WINDOWS\inet20001 Potentially unwanted tool:application/malwarewipe HKEY_CLASSES_ROOT\CLSID\{A5C70510-5A01-B2A5-CF84-D6DC13859967} Spyware:Cookie/2o7 C:\Documents and Settings\Nobes\Cookies\nobes@2o7[1].txt Spyware:Cookie/Falkag
C:\Documents and Settings\Nobes\Cookies\nobes@as-us.falkag[1].txt Spyware:Cookie/Casalemedia C:\Documents and Settings\Nobes\Cookies\nobes@casalemedia[1].txt Spyware:Cookie/Com.com C:\Documents and Settings\Nobes\Cookies\nobes@image.checkmystats.com[2].txt Spyware:Cookie/Serving-sys
C:\Documents and Settings\Nobes\Cookies\nobes@serving-sys[2].txt Spyware:Cookie/Tribalfusion C:\Documents and Settings\Nobes\Cookies\nobes@tribalfusion[1].txt Adware:Adware/WinHound C:\boot.inx Spyware:Cookie/2o7 C:\Documents and Settings\Nobes\Cookies\nobes@2o7[1].txt Spyware:Cookie/Falkag C:\Documents and Settings\Nobes\Cookies\nobes@as-us.falkag[2].txt Spyware:Cookie/Casalemedia C:\Documents and Settings\Nobes\Cookies\nobes@casalemedia[1].txt
Spyware:Cookie/Com.com C:\Documents and Settings\Nobes\Cookies\nobes@image.checkmystats.com[2].txt Spyware:Cookie/Serving-sys C:\Documents and Settings\Nobes\Cookies\nobes@serving-sys[2].txt Spyware:Cookie/Tribalfusion C:\Documents and Settings\Nobes\Cookies\nobes@tribalfusion[1].txt Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll Potentially unwanted tool:Application/Seekmo C:\Program Files\Microsoft AntiSpyware\Quarantine\99A74A1A-6A3B-405B-9ADC-DBF464\06050912-9F75-452E-82CC-84127C Adware:Adware/SpywareQuake C:\WINDOWS\system32\1024\ld9C75.tmp Virus:Trj/DNSChanger.AQ C:\WINDOWS\system32\crifx.exe Virus:Trj/DNSChanger.AQ Disinfected C:\WINDOWS\system32\hgqhp.exe Possible Virus. C:\WINDOWS\system32\hpCBDE.tmp Possible Virus. C:\WINDOWS\system32\hpD476.tmp Adware:Adware/WinHound C:\WINDOWS\system32\kernels64.exe Dialer:Dialer.FGG C:\WINDOWS\system32\maxd64.exe Virus:Trj/DNSChanger.BD Disinfected C:\WINDOWS\system32\yaemu.exe Virus:Trj/Agent.AYY Disinfected C:\WINDOWS\system32\z211z.dll Virus:Trj/Agent.AYY Disinfected C:\WINDOWS\system32\z985z.dll
Your help in this is very much appreciated!!

megsy

Please post the HT log, we will need it to shut down the running process and locate other malware.

Please follow the directions at this link to remove Spyware Quake Spyware Quake Removal

Then post a HT log and a new Panda log.

Hi Jabuck,
I really hope i have done this right, the panda scan takes for aaages, do i need to do another?
thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 12:29:57 PM, on 18/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Nobes\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hpA4A6.tmp (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17DDDAEB-1773-4F2D-9F41-CC198BC103BB}: NameServer = 85.255.116.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{17DDDAEB-1773-4F2D-9F41-CC198BC103BB}: NameServer = 85.255.116.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{17DDDAEB-1773-4F2D-9F41-CC198BC103BB}: NameServer = 85.255.116.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

megsy

You were loaded up with a varity of baddies. This HT log was after you ran the Spyware Quake removal procedure wasn't it, as it looks so.

Please download Fixwareout from this link

http://swandog46.geekstogo.com/Fixwareout.exe

or

http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click next, then Install, then make sure "Run fixit" is checked and click finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Post a copy at the log located at C:\fixwareout\report.txt

When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Place a check to the left of the following items and press “fix checked”.

Run HT again, close all browsers and windows except HT, place a ckeck to the left of the following items and press "fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hpA4A6.tmp (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Remove if you did not set this

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{17DDDAEB-1773-4F2D-9F41-CC198BC103BB}: NameServer = 85.255.116.131

O17 - HKLM\System\CS1\Services\Tcpip\..\{17DDDAEB-1773-4F2D-9F41-CC198BC103BB}: NameServer = 85.255.116.131

O17 - HKLM\System\CS2\Services\Tcpip\..\{17DDDAEB-1773-4F2D-9F41-CC198BC103BB}: NameServer = 85.255.116.131

You should run that Panda scan and post it.

Clean-out (purge) the system restore folder if you use it.For instructions on how to purge system restore click Here

To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.

You should add "spywareblaster" to your armerment of spyware weaponry. it's free. Just do a goole search for it, install it, update it. It runs in the background re-writing spyware script before it inters the computer. Very good tool.

Hey there Jabuck,
Well ive just about had it, dont know if i got rid of everything, i did the panda scan and i think there is still stuff on my comp.
Thanks for all your help anyway, it was great to have someone help me out,
really appreciate it!

Logfile of HijackThis v1.99.1
Scan saved at 1:58:08 PM, on 18/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\oodag.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\WordWeb\wweb32.exe
C:\DOCUME~1\Nobes\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

megsy

You log is clean, glad we could help.