Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uptown Engine Need Help Removing


  • Please log in to reply
1 reply to this topic

#1 msbrandi2u

msbrandi2u

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 12 February 2008 - 12:03 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:45 AM, on 2/12/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\ESSSPK.EXE
C:\PROGRAM FILES\802.11 WIRELESS LAN\802.11G WIRELESS CARDBUS & PCI ADAPTER HW.51 V1.00\WLANCU.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

F1 - win.ini: load=essspk.exe
O2 - BHO: (no name) - {EBFB8E4D-65FA-3323-DA5B-3DE674F55E96} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\SYSTEM\UPMEDIA\CONTENTTOOL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\RunServices: [AVP] "C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe" -r
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [MalwareAlarm] C:\PROGRAM FILES\MALWAREALARM\MalwareAlarm.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\.DEFAULT\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MalwareAlarm] C:\PROGRAM FILES\MALWAREALARM\MalwareAlarm.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - .DEFAULT Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe (User 'Default user')
O4 - Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\PROGRAM FILES\DEFENDER PRO\DEFENDER PRO INTERNET SECURITY 6.0\SCIEPLUGIN.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.7.44/applet/ca...nasta-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game3.pogo.com/v/8.1.7.44/applet/pool2/pool-en_US.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_bigcityad...BGamePlayer.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://games.bigfishgames.com/en_cinematyc...inematycoon.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: Tornado 21 - http://download2.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/v/8.1.6.21/applet/pa...aigow-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/8.1.6.3/applet/bla...kjack-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/fr...cell2-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/wo...class-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.6.21/applet/po...ppit2-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.7.44/applet/ma...jong2-en_US.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/8.1.7.44/applet/sp...dkeno-en_US.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://pogoclub.oberon-media.com/online2/p...mjolauncher.cab
O16 - DPF: Heavy Cannon by pogo - http://www.pogo.com/v/8.1.1.1/applet/heavy...annon-en_US.cab
O16 - DPF: Perfect Passer by pogo - http://game3.pogo.com/v/8.1.7.44/applet/pe...asser-en_US.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/v/8.1.7.44/applet/to...down2-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.7.44/applet/fa...fancy-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.7.44/applet/wo...earch-en_US.cab
O16 - DPF: Backgammon by pogo - http://game3.pogo.com/v/8.1.7.44/applet/ba...ammon-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.7.44/applet/pe...peaks-en_US.cab
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/8.1.7.44/applet/bo...wling-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.7.44/applet/sh...shoes-en_US.cab

--
End of file - 7088 bytes

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:39 AM

Posted 22 February 2008 - 03:34 PM

Hi msbrandi2u, :thumbsup:

If you still need help please post a new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide for use before posting a HijackThis Log , and I'll be happy to look at it for you.

Thanks for your patience. :blink:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users