Spyware problem!!

I seem to have a bad spyware problem on my computer. It is running very slowly and I am getting a lot of pop ups. Can you help me get rid of this. I have posted my log file below:

Logfile of HijackThis v1.99.1
Scan saved at 8:31:08 AM, on 4/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
C:\Program Files\eFax Messenger Plus\HotTray.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marsha\Local Settings\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Marsha\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Marsha\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
O2 - BHO: (no name) - {9C9E9A27-C910-4441-8680-2DFE85E5BFAD} - C:\WINDOWS\System32\ffmn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Marsha\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\Tvm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: ZIPscript.lnk = C:\NavPress\ZIPscrpt.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O4 - Global Startup: eFax Tray Menu.lnk = C:\Program Files\eFax Messenger Plus\HotTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM32\MAXSPEED.EXE
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM32\MAXSPEED.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {8517FE74-CC6B-48BF-B2DC-1EA8C5E175B0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8517FE74-CC6B-48BF-B2DC-1EA8C5E175B0} - (no file) (HKCU)
O16 - DPF: Win32 Classes -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101448940864
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Filter: text/html - {FC4F1150-54BA-44E0-8A63-1DF7132B2765} - C:\WINDOWS\System32\ffmn.dll
O18 - Filter: text/plain - {FC4F1150-54BA-44E0-8A63-1DF7132B2765} - C:\WINDOWS\System32\ffmn.dll
O23 - Service: PRTG 4 Service - Paessler Router Traffic Grapher (PRTG4Service) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thank you.

Who is Participating?
Here is your anylized log, run it again in safe mode with system restore disabled then remove what the log says to.
Rich RumbleSecurity SamuraiCommented:
First, turn off system restore, since your using Xp, then using a few tools try to remove the programs/pest's- again only after turning off system restore.

Try these tools to remove the pest's
Additionally you might want to test if these webbrowsers help you in avoiding malware/spyware:

http://www.getfirefox.com and http://www.opera.com

Richrumbles suggestion to use the microsoft Antispyware (beta) is a good choice. It is running all the time in background and pops up, when some program wants to change anything important in your windows system, like changing IE settings, adding programs to autostart etc.
A bit too colourfull, but still not annoying.

Another solution would be spybot search & destroy, it comes with a resident program called teatimer, preventing changes to the system too, maybe a bit more sophisticated, and LESS colourfull ;-) You can get it from here: http://www.safer-networking.org/en/index.html

A third solution (though payware) is acronis privacy expert 8, it comes with a bundle of features, including a resident spyware shield.
http://www.acronis.com/homecomputing/products/privacyexpert/   There is a 15 days trial version available.

Acronis Privacy Expert Suite is not only an anti-spyware solution.
It delivers the best value on the market with the must-have security and privacy tools:
Internet clean-up: protect your Internet privacy removing traces of your surfing;
System clean-up: eliminate traces of your system activities;
Disk clean-up: securely destroy all the data on your old hard disk;
File shredder: make your deleted data unrecoverable by undelete or unerase utilities;
Pop-up blocker: stop unwanted pop-up ads;
Data destruction methods: wipe out all data without possibility to recover through the use of 8 powerful data destruction methods.

Being a computer maniac, I use all three programs (but not all of them parallel activated). My best choice was to use firefox and using an account w/o administrator rights. Most spyware is not able to infest my system because I have no proper rights to do so, so the spyware is locked out too.

Good luck,

aej1973Author Commented:
Thank you very much for all the help, the system looks much better now. I have one more question;

I had a back ground picture before my system got infected with the spyware but now as a back ground picture I only have a black screen on  my desktop. How do I get my original picture back? Thanks a ton again for all the help.

Is it listed in desktop -> properties ->desktop ->background?

-> Search Button.

Or you simply download it again from the internet.

Or reactivate the active desktop :)

Righclick the background and set it there.

C:\WINDOWS\System32\rundll32.exe could be executed to run a malicious .dll file.
The file itsself is 100% windows safe.

Also do NOT run hijackthis from a temp directory,
Create a nice dir for it to run from.
aej1973Author Commented:
Hello: I am sorry for the delay in getting back. I was on the road for a few days.
When I get to the desktop properties it gives me a option only to change the screen saver and there is no desktop option.Also when I turn on the computer I get the following message;

c:/document ~/admin/local~?temp/se.dll
Module cannot be found

What is to be done, it takes a lot of time before the system starts up. The spyware problem seems to have been taken care of. Thank you for the help.


This is probably a "reach" but -
Run "Regedit" and navigate to this key:
What is showing in the right-hand pane?

aej1973Author Commented:
Name: default
Data: Value not set

This is what is there on the right hand side. Thanks.
Download and run adaware and microsoft anti-spyware.  These two together do a great job for me and they're free!!
These are the locations that XP loads background images from:
%USERPROFILE%\My Documents\My Pictures (& sub-folders)
%AppData%\Microsoft\Internet Explorer
%ProgramFiles%\Plus!\Themes (& sub-folders)

Check them.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.