Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Seamoose

Pages: [1]

Tech Clinic / Numerous Nasties

« on: December 18, 2005, 12:26:58 AM »

DSL I believe, broadband anyway.

Yeah if the firewall I have is no good then I would definately like a better one, are there free options?

Cheers

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

Tech Clinic / Numerous Nasties

« on: December 17, 2005, 11:19:27 PM »

Good-o, here's the...

Logfile of HijackThis v1.99.1
Scan saved at 3:14:46 PM, on 18/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\E-Color\Common\IconMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134441134249
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft.com/fwlink/?linkid=49480
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

I just did a CCleaner registery issue fix and it gave me a few of these:

The COM component AVG.AvgAmInternalPluginConfigGui references an invalid CLSID. These are often left behind after uninstalling software.

or very similar. As I have only just installed AVG would these be best ignored or should I blast 'em?

Thanks again

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / Numerous Nasties

« on: December 17, 2005, 07:51:52 PM »

Actually after reading the comments about NoAdware at Spyware Warrior it would seem that the version I have installed (Version 2 - newer versions cost actual money to activate) WAS actually on the shonky list so I guess the results can safely be ignored and the software uninstalled. This is the log file and I must say it looks a laughable as it doesn't even name the nasties it claimed to have found and killed, including the VX2/LinkReplacer which I am starting to believe was made up entirely by the NoAdware people as I can't find that exact variant of VX2 anywhere (except for a couple of dodgy looking commercial sites) on the web, i.e. lots of VX2 variants, none of which seem to be called LinkReplacer.

[TYPE:COOKIE]

[ACTION:DELETED]

[VALUE:itc]

[TYPE:COOKIE]

[ACTION:DELETED]

[VALUE:com]

[TYPE:COOKIE]

[ACTION:DELETED]

[VALUE:statcounter]

[TYPE:COOKIE]

[ACTION:DELETED]

[VALUE:server.iad.liveperson]

[TYPE:COOKIE]

[ACTION:DELETED]

[VALUE:0]

I guess if this is no problem then we are done?

I don't seem to get any pop-ups anymore YAY! So I must thank you again - you rock Guestolo!

Tech Clinic / Numerous Nasties

« on: December 16, 2005, 12:30:52 AM »

Great

Thanks again for your help.

I haven't had any pop ups so far today so all is looking good, also i don't seem to be getting wierd dodgy adresses showing up in the IE history files anymore.

I have a couple more quick questions. I am happy to get rid of NoAdware if you think it is no good - but it seems to 'catch' a lot every day - mostly 'tracking cookies'. Why is this, and is this not a threat?

Also, NoAdware still picks up something called VX2/LinkReplacer which it labels as 'severe' and about which it states 'VX2 is a variant of the netpal/transponder spyware that is responsible for browser hijacking and pop-up ads.'

Do you have any comments about this?

Thanks again, hopefully we shall be done very soon now. You deserve a medal!

Tech Clinic / Numerous Nasties

« on: December 15, 2005, 10:43:45 PM »

The file in question seems to have something to do with - in fact directly opens - a "caere scan manager", which I presume must have something to do with our scanner, which I personally have never used ( my other half would have more of an idea about it ) - but it seems innocuous?

So far today have not had any pop up action. Haven't used the computer much though and it usually happens quite randomly, sometimes hours after booting up so *fingers crossed* eh?

Anything else I should do you think?

Would it be possible for you to advise me what I should regularly do - what software I should run, etc to avoid this from happening again? I am a little confused as to which programs to keep and use.

Thanks again.

Tech Clinic / Numerous Nasties

« on: December 15, 2005, 08:12:50 PM »

Hi - sorry life (well a party actually!) got in the way of the great Malware hunt but I'm back complete with hangover and have just done the Jotti thing...

Here is a cut n paste of the results:

Service load: 0% 100%

File: scmgrcpl50.cpl
Status: OK
MD5 eeac213ab63aa86d0c46893199735e72
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

Also at the bottom of the page, after the disclaimers, there was the following - I found it hard to tell if it refers to my computer or what:

Last file scanned at least one scanner reported something about: a8o1v.exe, detected by:

Scanner Malware name
AntiVir X
ArcaVir Trojan.Kolweb.G
Avast X
AVG Antivirus Generic.DUM
BitDefender X
ClamAV X
Dr.Web Trojan.Click.767
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Trojan.Win32.Kolweb.g
NOD32 Win32/Kolweb.G
Norman Virus Control W32/Kolweb.G
UNA X
VBA32 Trojan.Win32.Kolweb.g

Thanks again!

Tech Clinic / Numerous Nasties

« on: December 15, 2005, 12:14:25 AM »

Hi,

cool - just got back home have worked thru instructions until the running of hijack this - will now go do the Jotti's Online Malware scan and get back to ya. No need to apologize for (very short) delay (I wasn't online anyway) - you are a saint.

Will need a couple of hours to know about the pop ups as they only happen once or twice a day and (seemingly) very randomly (little buggers).

(gosh - I'm liking my brackets today what?) (be back soon with the rest!)

Logfile of HijackThis v1.99.1
Scan saved at 4:08:12 PM, on 15/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\E-Color\Common\IconMgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134441134249
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft.com/fwlink/?linkid=49480
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Tech Clinic / Numerous Nasties

« on: December 13, 2005, 06:53:32 PM »

All done:

Updated AVG found no virus (but, when run in safe mode it did say that for both the Partition Table and the Boot Sector of disc C: that there was a "reading error." I don't know if this is relevant or not.)

Here is the (very long) WinPFind.txt

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
Internet Explorer Version: 6.0.2600.0000

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 27/01/2005 2:09:50 PM 4918270 C:\Program Files\Firefox Setup 1.0.exe

Checking %WinDir% folder...
PECompact2 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\LPT$VPN.857
qoologic 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\LPT$VPN.857
SAHAgent 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\LPT$VPN.857
UPX! 13/12/2004 12:43:22 PM 18432 C:\WINDOWS\ss3unstl.exe
UPX! 27/09/2005 12:38:50 PM 170053 C:\WINDOWS\tsc.exe
UPX! 2/12/2003 5:00:10 AM 45056 C:\WINDOWS\Unwash5.exe
PECompact2 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\VPTNFILE.857
qoologic 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\VPTNFILE.857
SAHAgent 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\VPTNFILE.857
UPX! 27/09/2005 12:38:50 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 27/09/2005 12:38:50 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 9/07/2005 8:03:06 PM 433152 C:\WINDOWS\SYSTEM32\aswBoot.exe
PEC2 23/08/2001 11:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 25/11/2001 6:31:48 AM 65536 C:\WINDOWS\SYSTEM32\DVDAudio.ax
UPX! 25/11/2001 6:28:14 AM 86528 C:\WINDOWS\SYSTEM32\DVDVideo.ax
PTech 4/11/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 8/09/2005 10:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/09/2005 10:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
PTech 21/06/2005 2:21:12 PM 382216 C:\WINDOWS\SYSTEM32\OVAControl.DLL
Umonitor 12/02/2002 7:14:12 PM 630784 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 23/08/2001 11:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 13/12/2005 9:44:10 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 13/12/2005 9:44:10 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 13/12/2005 9:44:10 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 13/12/2005 9:44:10 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 7/04/2002 9:52:54 PM 1804560 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
14/12/2005 9:02:06 AM S 2048 C:\WINDOWS\bootstat.dat
14/12/2005 8:56:32 AM H 24 C:\WINDOWS\p5cwc
8/12/2005 7:38:38 PM H 0 C:\WINDOWS\LastGood\INF\oem29.inf
8/12/2005 7:38:38 PM H 0 C:\WINDOWS\LastGood\INF\oem29.PNF
14/12/2005 8:59:22 AM H 8192 C:\WINDOWS\system32\config\default.LOG
14/12/2005 9:02:20 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
14/12/2005 9:02:10 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
14/12/2005 10:19:38 AM H 176128 C:\WINDOWS\system32\config\software.LOG
14/12/2005 9:03:34 AM H 1032192 C:\WINDOWS\system32\config\system.LOG
12/12/2005 2:44:36 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
14/12/2005 8:57:28 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 23/08/2001 11:00:00 PM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Avance Logic, Inc. 21/03/2002 2:41:28 PM 544768 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 23/08/2001 11:00:00 PM 558592 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 130048 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 294912 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 119808 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 29/08/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 19/08/2003 6:23:34 PM 61547 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Kristal Studio 3/03/2001 1:39:28 PM 121856 C:\WINDOWS\SYSTEM32\Mp3cnfg.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA® Corporation 19/01/2002 1:33:26 AM 36864 C:\WINDOWS\SYSTEM32\NVACpl.cpl
NVIDIA Corporation 9/03/2002 11:53:00 AM 106496 C:\WINDOWS\SYSTEM32\nvTUICpl.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
4/05/2000 10:57:38 PM 303104 C:\WINDOWS\SYSTEM32\scmgrcpl50.cpl
SmartLink 26/03/2002 5:23:56 PM 339968 C:\WINDOWS\SYSTEM32\slcpappl.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 270848 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 26/05/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 558592 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 130048 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 294912 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 119808 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29/08/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 270848 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
NVIDIA Corporation 9/03/2002 11:53:00 AM 106496 C:\WINDOWS\SYSTEM32\WinFast\Graphics\nvTUICpl.cpl
NVIDIA Corporation 2/04/2003 4:40:00 PM 139264 C:\WINDOWS\SYSTEM32\WinFast\WHQL\Graphics\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
26/06/2003 4:00:30 PM 986 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
23/04/2003 5:00:16 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
23/01/2002 11:35:12 PM 771 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\E-Color.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
24/04/2003 2:46:04 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
8/12/2005 8:38:16 PM 6918 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
23/04/2003 5:00:16 PM HS 84 C:\Documents and Settings\lt\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
24/04/2003 2:46:02 AM HS 62 C:\Documents and Settings\lt\Application Data\desktop.ini
20/09/2005 10:46:52 PM 20136 C:\Documents and Settings\lt\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   StumbleUpon.com 1.822    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
   {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}    = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
   {797F3885-5429-11D4-8823-0050DA59922B}    = C:\Program Files\Ipswitch\WS_FTP Home\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
   {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}    = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
   {797F3885-5429-11D4-8823-0050DA59922B}    = C:\Program Files\Ipswitch\WS_FTP Home\wsftpsi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\shell32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D44BBB61-E17F-4AE6-A502-8D7E0B29E616}
   SU Toolbar Helper = C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}
   FlashFXP Helper for Internet Explorer = C:\PROGRA~1\FlashFXP\IEFlash.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {22D003CE-6952-46C5-80B9-D19B479620AB}    = Stumble&Upon   : C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx
   {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}    = MSN Toolbar   : C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
   {327C2873-E90D-4c37-AA9D-10AC9BABA46C}    = Easy-WebPrint   : C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B13B4423-2647-4cfc-A4B3-C7D56CB83487}
   ButtonText    = Share in Hello   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
   Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
   Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
   History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\shell32.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} =    :
   {22D003CE-6952-46C5-80B9-D19B479620AB} = Stumble&Upon   : C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
   {4D5C8C2A-D075-11D0-B416-00C04FB90376} = Microsoft CommBand   : %SystemRoot%\System32\browseui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   StorageGuard   "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
   Prolific_PLUtil   C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
   PLFFAP   C:\WINDOWS\System32\HotfixQ0306270.exe
   Easy-PrintToolBox   C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
   nwiz   nwiz.exe /install
   NvCplDaemon   RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
   NeroCheck   C:\WINDOWS\System32\NeroCheck.exe
   iTunesHelper   "C:\Program Files\iTunes\iTunesHelper.exe"
   Desktop Service Centre   C:\Program Files\OptusNet Dial-up Internet\DSC.exe
   AVG7_CC   C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
   KernelFaultCheck   %systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
   Register Homesite+.exe   "C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   CTFMON.EXE   C:\WINDOWS\System32\ctfmon.exe
   NoAds   "C:\Program Files\NoAds\NoAds.exe"
   NvMediaCenter   RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
   system.ini   0
   win.ini   0
   bootini   0
   services   0
   startup   0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   ÿ

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\shell32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\shell32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} =
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 14/12/2005 10:29:05 AM

And here is the Apropos log.txt

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\lt\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C5TP7AF3flp9]
@="\\l5Go5SVWWVWWXW\\7CmPHKVWWVlYW1rwmx1\\W\\TNO9HcbW8MDQ9MNWHNKJN8Q8XNTN"
"Device"="\\\\.\\SchDump"
"DriverPath"="C:\\WINDOWS\\System32\\drivers\\msposdvd.sys"
"DriverName"="SCalFax"
"HideUninstallerName"="C:\\Program Files\\Lave emu\\dmi4dmod.exe"
"UninstallerPath"="C:\\WINDOWS\\System32\\pinipbrd.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{D12349B6-D58A-42ED-8E89-9DC68EAB6CB3}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\System32\\fec50_32.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xea8b41a-6a96-36df-38ce-e84cead3a5ca}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Lave emu\\cfmgntfs.exe"

************

Removing hidden service:
Service SCalFax removed.

Removing hidden folder:

Deleting files:

Deletion of file C:\WINDOWS\System32\drivers\msposdvd.sys succeeded!
Deletion of file C:\WINDOWS\System32\ciodsdmo.exe succeeded!
Deletion of file C:\WINDOWS\System32\fec50_32.dll succeeded!
Deletion of file C:\WINDOWS\System32\pinipbrd.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C5TP7AF3flp9]
[-HKEY_LOCAL_MACHINE\Software\C5TP7AF3flp9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D12349B6-D58A-42ED-8E89-9DC68EAB6CB3}]

Done!

Finished!

Thanks again - hope work was not too bad, really appreciate your help.

Tech Clinic / Numerous Nasties

« on: December 13, 2005, 07:15:44 AM »

Yep no worries with the Safe mode this time.

What next? Lets kill those nasty pop-ups!

Oh - also I have a pop up killer called No-Ads running - recommended???

Will check in again tommorrow. Thank you.

Tech Clinic / Numerous Nasties

« on: December 13, 2005, 07:00:28 AM »

OK the XP firewall wasnt enabled (sorry got the wrong end of the stick there before) but now it is. Goes to show - I actually assumed the thing was running the whole time I've had this computer (Doh!)

I installed AVG 7 and ran it ok (the computer wigged out and restarted itself once but then the scan went ok the second time) Nothing found.

Also I got the blue pop up again (as desribed in the first post) "warning" of possible spyware.

Now I go try Safe Mode.

(Insert Gadzillions of appreciative remarks here:) )

Logfile of HijackThis v1.99.1
Scan saved at 10:53:59 PM, on 13/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134441134249
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft.com/fwlink/?linkid=49480
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Tech Clinic / Numerous Nasties

« on: December 13, 2005, 01:40:31 AM »

Couldn't find
C:\Program Files\Enigma Software Group

I don't think I have a firewall - and Microsoft would not let me download one. Same problem. I understand the reccomendation here would be to get a legit version of XP and so I shall - but not this week! A bit expensive!

Stpped and disabled the Messenger and Alerter.

As for AV - I have the reccomended spyware detectors/killers - but I get the idea you are talking about something that runs in the background stopping them in the first place???

I added the Spywareblaster as reccomended - is this what you mean by an AV - or do I need something additional?

Did the Hijack this fixes and rebooted with no worries.

As for how the computer is running now - I had one screen freeze since but is this malware related? (it always happened since I got the PC - once or twice a day.)

Also I had one of the pop-ups reappear - the "Sfondi desktop" - asking me to download tacky screensavers which seems to be related to "Startnet Di Alessandro Casini" (one of those "do you want to ..." things with a yes /no click - like you get when downloading software) which pops up over the "Sfondi" one.

Anyway - have I missed anything? And thanks very much so far. I wasn't sure if you wanted another Hijack this log so what the hey... here 'tis

Logfile of HijackThis v1.99.1
Scan saved at 5:40:00 PM, on 13/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\E-Color\Common\IconMgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134441134249
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft.com/fwlink/?linkid=49480
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Tech Clinic / Numerous Nasties

« on: December 12, 2005, 02:43:07 AM »

Cool: all done - Ewido sure found a whole load of crud!

Logfile of HijackThis v1.99.1
Scan saved at 6:36:10 PM, on 12/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [HijackThis startup scan] C:\unzipped\hijackthis\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Here's Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         6:00:13 PM, 12/12/2005
+ Report-Checksum:      2DDFC678

+ Scan result:

   HKLM\SOFTWARE\Classes\TypeLib\{B000D07B-6877-4D37-B6B2-BB800504ADE1} -> Dialer.Generic : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.54:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.81:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.85:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.125:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
   :mozilla.128:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
   :mozilla.130:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.134:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.135:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.136:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.137:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.157:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.158:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.167:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.181:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.220:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.221:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.222:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
   :mozilla.68:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.69:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@2o7[1].txt.bak -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@2o7[2].txt.bak -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Addynamix : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@advertising[1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@advertising[2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@atdmt[1].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@atdmt[2].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@bfast[1].txt.bak -> Spyware.Cookie.Bfast : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@bfast[2].txt.bak -> Spyware.Cookie.Bfast : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@bluestreak[1].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@bluestreak[2].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@casalemedia[1].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@casalemedia[2].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@centrport[1].txt.bak -> Spyware.Cookie.Centrport : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@commission-junction[1].txt.bak -> Spyware.Cookie.Commission-junction : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@commission-junction[2].txt.bak -> Spyware.Cookie.Commission-junction : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitslink : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitslink : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@doubleclick[1].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@doubleclick[2].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@fastclick[1].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@fastclick[2].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@gator[1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@hitbox[1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@hitbox[2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@linksynergy[2].txt.bak -> Spyware.Cookie.Linksynergy : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@mediaplex[1].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@mediaplex[2].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@paycounter[1].txt.bak -> Spyware.Cookie.Paycounter : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@paycounter[2].txt.bak -> Spyware.Cookie.Paycounter : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@qksrv[1].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@qksrv[2].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@questionmarket[1].txt.bak -> Spyware.Cookie.Questionmarket : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@questionmarket[2].txt.bak -> Spyware.Cookie.Questionmarket : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@revenue[2].txt.bak -> Spyware.Cookie.Revenue : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@sexlist[2].txt.bak -> Spyware.Cookie.Sexlist : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@targetnet[1].txt.bak -> Spyware.Cookie.Targetnet : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@valueclick[1].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@valueclick[2].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@weborama[1].txt.bak -> Spyware.Cookie.Weborama : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@weborama[2].txt.bak -> Spyware.Cookie.Weborama : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@xxxtoolbar[1].txt.bak -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@xxxtoolbar[2].txt.bak -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup

::Report End

and finally Apropos:

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\lt\Desktop\aproposfix

************

Registry entries found:

************

No service found!

Removing hidden folder:
No folder found!

Deleting files:

Backing up files:
Done!

Removing registry entries:

REGEDIT4

Done!

Finished!

Cool! what now?

Tech Clinic / Numerous Nasties

« on: December 12, 2005, 12:11:38 AM »

Ok I have stopped to ask a question rather than muck about and destroy my computer!

Firstly, I could not remove Search Assistant - My Web Search using the add/remove programs function. By the way you framed the instruction I guess this is not surprising.

I did remove spybot 1.3 and download 1.4 as per instructions.

Same for Apropos and Ewido. Did not run them (as instructed).

My main problem/question is that when I restart and go into the startup menu by tapping F8, the computer freezes everytime I choose SAFE MODE. Just sits there with the safe mode function highlighted but does not respond.

Suggestion?

Once again, many thanks.

Tech Clinic / Numerous Nasties

« on: December 11, 2005, 08:05:42 PM »

Here it is:

Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Illustrator 9.0
Adobe MPEG Encoder
Adobe Photoshop 7.0
Adobe Premiere 6.5
Adobe SVG Viewer
Advanced RealMedia Export Plug-in for Premiere 6.0
AKAI professional VST Collection v1.0
ArcSoft PhotoBase
ArcSoft PhotoStudio 2000
ArcSoft PhotoStudio Suite v2.0
BoDetect 3.5
Bojo OrganOne VSTi v1.05
Caere Scan Manager 5.1
Canon iP4200
Canon PhotoRecord
Canon PIXMA iP3000
Canon ScanGear Toolbox CS 2.2
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
Celtx (0.9.4)
ContextPlus
DirectX 9 Hotfix - KB839643
DivX 4.12 Codec
Easy-WebPrint
FlashFXP
Graphic Converter 2003
Hello (remove only)
HijackThis 1.99.1
Instant French Level 1
Ipswitch WS_FTP Home 2006
iTunes
Java 2 Runtime Environment, SE v1.4.2_01
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Macromedia HomeSite+
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5)
MSN Add-in for Windows Messenger
MSN Messenger 6.2
MSN Toolbar
NI Absynth v1.3.4-OxYGeN
NoAds
OmniPage Pro 9.0
OptusNet Dial-up
Outlook Express Q823353
Panda ActiveScan
Pioneer RecordNow DX
Pioneer RecordNow DX Update Manager
QuickBooks EasyStart: First Business 2005/06
QuickTime
Quintessential Player
ReaConverter 4.0 Pro
RealPlayer
Reason
ReCycle 2.0
S450
Search Assistant - My Web Search
Security Task Manager 1.6e
SmartUSB56 Voice Modem
Spybot - Search & Destroy 1.3
Steinberg Cubase SX 1.02
Steinberg Nuendo
Steinberg Nuendo/Cubase Dual Dongle Emu
TC Native Essentials 2.02
USB Flash Disk Utility
Windows Media Player 10
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB883357
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q331953
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinFast® Display Driver
WinFast® Display Driver
WinRAR archiver
XoftSpy

Cheers

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

O BTW as for "C:\WINDOWS\Downloaded Program Files>" it didn't really look like this it was more like Just "C:\"
I still entered the commands as you prompted - not much happened...

sorry think i stuffed it up give me a minute

Whoops - mucked up the instructions the first time but did it right the second... OK I have reposted the refreshed hijack this list in case it is different.

Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Illustrator 9.0
Adobe MPEG Encoder
Adobe Photoshop 7.0
Adobe Premiere 6.5
Adobe SVG Viewer
Advanced RealMedia Export Plug-in for Premiere 6.0
AKAI professional VST Collection v1.0
ArcSoft PhotoBase
ArcSoft PhotoStudio 2000
ArcSoft PhotoStudio Suite v2.0
BoDetect 3.5
Bojo OrganOne VSTi v1.05
Caere Scan Manager 5.1
Canon iP4200
Canon PhotoRecord
Canon PIXMA iP3000
Canon ScanGear Toolbox CS 2.2
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
Celtx (0.9.4)
ContextPlus
DirectX 9 Hotfix - KB839643
DivX 4.12 Codec
Easy-WebPrint
FlashFXP
Graphic Converter 2003
Hello (remove only)
HijackThis 1.99.1
Instant French Level 1
Ipswitch WS_FTP Home 2006
iTunes
Java 2 Runtime Environment, SE v1.4.2_01
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Macromedia HomeSite+
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5)
MSN Add-in for Windows Messenger
MSN Messenger 6.2
MSN Toolbar
NI Absynth v1.3.4-OxYGeN
NoAds
OmniPage Pro 9.0
OptusNet Dial-up
Outlook Express Q823353
Panda ActiveScan
Pioneer RecordNow DX
Pioneer RecordNow DX Update Manager
QuickBooks EasyStart: First Business 2005/06
QuickTime
Quintessential Player
ReaConverter 4.0 Pro
RealPlayer
Reason
ReCycle 2.0
S450
Search Assistant - My Web Search
Security Task Manager 1.6e
SmartUSB56 Voice Modem
Spybot - Search & Destroy 1.3
Steinberg Cubase SX 1.02
Steinberg Nuendo
Steinberg Nuendo/Cubase Dual Dongle Emu
TC Native Essentials 2.02
USB Flash Disk Utility
Windows Media Player 10
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB883357
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q331953
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinFast® Display Driver
WinFast® Display Driver
WinRAR archiver
XoftSpy

Tech Clinic / Numerous Nasties

« on: December 11, 2005, 07:08:34 PM »

Hi,

Yes, will have to fork out and recitify that windows situation, but meanwhile...

I followed the start up/misconfig instructions and here is the panda report (it pasted a bit messy but i think it still makes sense. It is mercifully short.)

Incident Status Location

Dialer:dialer.asl Not desinfected C:\WINDOWS\Downloaded Program Files\internazionale_ver10.INF

And here is the new HJT...

Logfile of HijackThis v1.99.1
Scan saved at 11:01:12 AM, on 12/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\E-Color\Common\IconMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [HijackThis startup scan] C:\unzipped\hijackthis\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Thanks again, you rule!

Tech Clinic / Numerous Nasties

« on: December 11, 2005, 07:19:29 AM »

Hi Guestolo - thanks for the help.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

First thing that happened when following your instructions was that Microsoft doesn't like my vibe:

"The product key used to install windows is invalid. Please contact MS … to obtain valid product key. U may contact Microsoft etc if u have purchased pirated Microsoft software etc etc…"

I have been getting the picture for a while that the dude who "set up" my computer for me a couple of years back installed some crud - as in pirated stuff right? I can never install the MS updates.

Please I have no idea - if my version of windows is illegal then I will buy the new one or whatever...

Moving on from that:

"Have you done any fixes with Hijackthis already?"

Nope. Wouldn't dare.

"Are you controlling anything from running on startup with Msconfig or any startup control software?"

Err, I did muck about with it once or twice to try and speed up boot up (gulp?) as in I unchecked this and that. (double gulp)

"As far as the spyware removal tools
I would hold onto Ad-Aware and Spybot
Make sure you have the latest versions

I would dump NoAdware and Xoftspy if you didn't pay for either"

I did pay for Xoftspy - but whatever - if it is no good i will dump it as suggested - whatever works (I just want to get on with the actual reasons I have a computer ... )

Thank you for the reply. I have not posted a new hijack this as it seems i have a problem with my Microsoft software??? I am not sure but I don't think I could follow the prompts.

Please advise from here.

Thank you again.

Tech Clinic / Numerous Nasties

« on: December 10, 2005, 07:59:48 PM »

Hi there! Despite using Spybot, AdAware, NoAdware, Xoftspy etc often I am still getting some pop ups (also screen freezes a couple of times a day but not sure if this is related). Please help!

Some of the pop-ups are:
"Sfondi desktop" - asking me to download tacky screensavers which seems to be related to...
"Startnet Di Alessandro Casini"
Also a blue pop up "warning" me that "Spyware and Adware may be damaging my computer"
And a casino/gambling ad with some ugly cartoon chick on it (but I haven't got that for a couple of days.)
Also when I use NoAdware (is this good?) it tells me about a "severe" thing called VX2/ReplaceLink which it removes but it comes back on re-boot (at some point).
Oh, and in IE (which I don't use, but sometimes relatives still do out of habit), in the history file, it keeps telling me it has visited www.winfixer.com and advnt05.com, specifically a page called 'pop-send".

Thanks for your help in advance.

Logfile of HijackThis v1.99.1
Scan saved at 11:45:47 AM, on 11/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - Seamoose

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties

Tech Clinic / Numerous Nasties