spyware??

From: Jen (anonymous_at_discussions.microsoft.com)
Date: 05/27/04 

Date: Thu, 27 May 2004 03:52:28 -0700

I have had trouble with my computer trying to dial up to
the internet all the time, and trying to open advertising
pages. I've tried to get help and have been told it is
spyware. So now I have heaps of software downloaded and
updated regularly but still have the problem. I have Ad
Aware, Spybot, CWShredder, Bitdefender, Pestpatrol, The
cleaner, Stinger, SpywareGuard, and SpywareBlaster. I am
sending a Hijack this! log with this.

Please help ASAP

Logfile of HijackThis v1.97.7
Scan saved at 8:51:31 PM, on 27/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender
Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan
Server\bdss.exe
C:\Program Files\Softwin\BitDefender Standard
Edition\vsserv.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\kdlbvl.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://home.australis.com.au/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://home.australis.com.au
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-
174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32
\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program
Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6
\avgcc32.exe /startup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ioujdsb] C:\WINDOWS\kdlbvl.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1
\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1
\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1
\CookiePatrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The
Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The
Cleaner\tcm.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1
\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\progra~1
\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [KeyPatrol] C:\PROGRA~1\PESTPA~1
\KeyPatrol.exe
O4 - Startup: SpywareGuard.lnk = C:\Program
Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program
Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to
IncrediMail Style Box - C:\PROGRA~1\INCRED~1
\bin\resources\WebMenuImg.htm
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF:
START_PAGE_URL=http://home.australis.com.au
O15 - Trusted Zone: http://bigbrother.ten.com.au
O15 - Trusted Zone: http://*.office.microsoft
O16 - DPF: ppctlcab -
http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
(Microsoft Office Template and Media Control) -
http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7}
(Scanner Class) -
http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office
Update Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.inf
o.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A}
(Microsoft.WinRep) -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.c
ab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE}
(OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc.ca
b
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004033001/housecall.an
tivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE}
(Microsoft Office Tools on the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/download
s/outc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
(QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/dj/qdiagh.cab?306
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}
(IMDownloader Class) -
http://www2.incredimail.com/contents/setup/downloader/imlo
ader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0209CA95-C856-
401D-A3E8-E14444A12DF6}: NameServer = 202.87.164.10
202.87.164.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{0209CA95-C856-
401D-A3E8-E14444A12DF6}: NameServer = 202.87.164.10
202.87.164.11