Can someone look at my Hijackthis Log.....?

[cow_dung]

Here it is, my problem is that i keep on getting these random casino pop-ups...

Logfile of HijackThis v1.99.1
Scan saved at 2:14:09 AM, on 24/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
G:\Window Blinds\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
G:\Adobe Reader\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
G:\Hijackthis2\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Adobe Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17931C12-1B65-7806-C7CB-3EBF619A0323} - C:\DOCUME~1\ANGELA~1\APPLIC~1\EXITOO~1\Lite Dale.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - G:\AiRoboForm\RoboForm.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - G:\AiRoboForm\RoboForm.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "G:\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AutoInsQyule] C:\Program Files\Qyule\QyuleInstall.exe
O4 - HKLM\..\Run: [THGuard] "G:\Trojan Hunter\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Joy Deaf Cast Scr] C:\Documents and Settings\All Users\Application Data\Listrealjoydeaf\bashweb.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "G:\Crap Cleaner\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [drv dead] C:\DOCUME~1\ANGELA~1\APPLIC~1\WIPERD~1\Boobcreative.exe
O4 - HKCU\..\Run: [AutoInsQyule] C:\Program Files\Qyule\QyuleInstall.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Adobe Reader\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AD Black List - G:\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - G:\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Customize Menu &4 - file://G:\AiRoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - F:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://G:\AiRoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Highlight - G:\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - G:\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: RoboForm &2 - file://G:\AiRoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Search - G:\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20c5781d...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095640446184
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - Winlogon Notify: WB - G:\WINDOW~1\WINDOW~1\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[{I}{K}{E}]

Dont see anything strange.


copy your log on http://www.hijackthis.de/ and click analyze

[peat moss]

Tryed a popup stopper ? You sure have a lot of programs running at startup ! Try a better spyware program like Microsofts antispyware too.



http://www.alwaysfreeware.co.uk/popups.html

[cow_dung]

here are some of the problems im getting....
i'm getting random desktop icons



and random casino etc. pop ups on my desktop, even when im not on the internet!



-DeLeTrIuS-

[tesco]

Run a spyware remover program before trying hijackthis!

[cow_dung]

Run a spyware remover program before trying hijackthis!

i did! i ran spybot and ad-aware already, both up to date, but their still here.... also, do i need to empty the stuffs in my ad-aware quarantine folder?

[peat moss]

If its in quarantine, I would think your safe. Why not try a better spyware remover? Or trojan remover. Would think you have a malware problem , but putting icons on your desktop ? What a bunch of plicks.

[Djtima]

heres a clue:
http://download.mozilla.org/?product...win&lang=en-US

[peat moss]

heres a clue:
http://download.mozilla.org/?product...win&lang=en-US

Was going to suggest too, but some like certain things I guess. But sounds a like a hijack , probably gets it offline aswell ?

[cow_dung]

omg i know what i have! "LOP" is the name of the spyware
I read the results of having this spyware and its all correct!
Ad-aware says it cant remove this so can someone help me out? :crying:

-DeLeTrIuS-