Author Topic: Numerous Nasties (Read 3724 times)

Seamoose · « **on:** December 10, 2005, 07:59:48 PM »

Hi there! Despite using Spybot, AdAware, NoAdware, Xoftspy etc often I am still getting some pop ups (also screen freezes a couple of times a day but not sure if this is related). Please help!

Some of the pop-ups are:
"Sfondi desktop" - asking me to download tacky screensavers which seems to be related to...
"Startnet Di Alessandro Casini"
Also a blue pop up "warning" me that "Spyware and Adware may be damaging my computer"
And a casino/gambling ad with some ugly cartoon chick on it (but I haven't got that for a couple of days.)
Also when I use NoAdware (is this good?) it tells me about a "severe" thing called VX2/ReplaceLink which it removes but it comes back on re-boot (at some point).
Oh, and in IE (which I don't use, but sometimes relatives still do out of habit), in the history file, it keeps telling me it has visited www.winfixer.com and advnt05.com, specifically a page called 'pop-send".

Thanks for your help in advance.

Logfile of HijackThis v1.99.1
Scan saved at 11:45:47 AM, on 11/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

guestolo · « **Reply #1 on:** December 10, 2005, 09:35:31 PM »

Can you do me a favor please

Your way behind on Windows updates
Can you first visit the following link
http://www.microsoft.com/windowsxp/downloa...1/expresso.mspx

Download the installer and double click to run
Follow the prompts
Reboot when prompted, afterwards come back here and post a fresh hijackthis log
NOTE: Don't install Service Pack 2 yet, this is not recommended until after we get you clean

Additionally, let me know the following please
Have you done any fixes with Hijackthis already?
Are you controlling anything from running on startup with Msconfig or any startup control software?

As far as the spyware removal tools
I would hold onto Ad-Aware and Spybot
Make sure you have the latest versions

I would dump NoAdware and Xoftspy if you didn't pay for either

Seamoose · « **Reply #2 on:** December 11, 2005, 07:19:29 AM »

Hi Guestolo - thanks for the help.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

First thing that happened when following your instructions was that Microsoft doesn't like my vibe:

"The product key used to install windows is invalid. Please contact MS … to obtain valid product key. U may contact Microsoft etc if u have purchased pirated Microsoft software etc etc…"

I have been getting the picture for a while that the dude who "set up" my computer for me a couple of years back installed some crud - as in pirated stuff right? I can never install the MS updates.

Please I have no idea - if my version of windows is illegal then I will buy the new one or whatever...

Moving on from that:

"Have you done any fixes with Hijackthis already?"

Nope. Wouldn't dare.

"Are you controlling anything from running on startup with Msconfig or any startup control software?"

Err, I did muck about with it once or twice to try and speed up boot up (gulp?) as in I unchecked this and that. (double gulp)

"As far as the spyware removal tools
I would hold onto Ad-Aware and Spybot
Make sure you have the latest versions

I would dump NoAdware and Xoftspy if you didn't pay for either"

I did pay for Xoftspy - but whatever - if it is no good i will dump it as suggested - whatever works (I just want to get on with the actual reasons I have a computer ... )

Thank you for the reply. I have not posted a new hijack this as it seems i have a problem with my Microsoft software??? I am not sure but I don't think I could follow the prompts.

Please advise from here.

Thank you again.

guestolo · « **Reply #3 on:** December 11, 2005, 12:31:28 PM »

Okay, I'll warn you, that because your copy of Windows is illegal
By not being able to apply any security patches on your machine
You keep yourself open for infections

After saying that, we'll try the best to clean you up and keep you that way
But no guarantees, the Windows updates are important in keeping your system secure

Can you do the following please
I want to see everything on startup
Go to START>>RUN>>type in msconfig

Hit OK
Under the STARTUP tab choose Enable ALL
Under the General tab choose Normal startup
Apply it and close>>reboot the computer

Back in Windows

From my signature below please run an online virus scan at Panda's
You will have to use Internet Explorer to run this
It's safe to supply them with a legit email address
Choose to scan "Local Disks"
When the scan is done click See Report
Choose to save the report to your desktop
Copy and paste back the whole contents of this report back here

Also, Post back a fresh hijackthis log

Seamoose · « **Reply #4 on:** December 11, 2005, 07:08:34 PM »

Hi,

Yes, will have to fork out and recitify that windows situation, but meanwhile...

I followed the start up/misconfig instructions and here is the panda report (it pasted a bit messy but i think it still makes sense. It is mercifully short.)

Incident Status Location

Dialer:dialer.asl Not desinfected C:\WINDOWS\Downloaded Program Files\internazionale_ver10.INF

And here is the new HJT...

Logfile of HijackThis v1.99.1
Scan saved at 11:01:12 AM, on 12/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\E-Color\Common\IconMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [HijackThis startup scan] C:\unzipped\hijackthis\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Thanks again, you rule!

guestolo · « **Reply #5 on:** December 11, 2005, 07:20:36 PM »

Can you do the following
Go to START>>RUN>>type in cmd
Hit OK

At the prompt copy and paste this into the black box then hit ENTER on your keyboard

cd C:\WINDOWS\Downloaded Program Files

Now you should be at this prompt
C:\WINDOWS\Downloaded Program Files>
copy and paste the following command in bold then hit ENTER

del internazionale_ver10.INF

then type in EXIT and hit ENTER

Open Hijackthis>>Open Misc tools section>>>Open Uninstall manager
Click the SAVE LIST button
Save this list to your desktop and then copy and paste the contents back here please

Seamoose · « **Reply #6 on:** December 11, 2005, 08:05:42 PM »

Here it is:

Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Illustrator 9.0
Adobe MPEG Encoder
Adobe Photoshop 7.0
Adobe Premiere 6.5
Adobe SVG Viewer
Advanced RealMedia Export Plug-in for Premiere 6.0
AKAI professional VST Collection v1.0
ArcSoft PhotoBase
ArcSoft PhotoStudio 2000
ArcSoft PhotoStudio Suite v2.0
BoDetect 3.5
Bojo OrganOne VSTi v1.05
Caere Scan Manager 5.1
Canon iP4200
Canon PhotoRecord
Canon PIXMA iP3000
Canon ScanGear Toolbox CS 2.2
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
Celtx (0.9.4)
ContextPlus
DirectX 9 Hotfix - KB839643
DivX 4.12 Codec
Easy-WebPrint
FlashFXP
Graphic Converter 2003
Hello (remove only)
HijackThis 1.99.1
Instant French Level 1
Ipswitch WS_FTP Home 2006
iTunes
Java 2 Runtime Environment, SE v1.4.2_01
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Macromedia HomeSite+
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5)
MSN Add-in for Windows Messenger
MSN Messenger 6.2
MSN Toolbar
NI Absynth v1.3.4-OxYGeN
NoAds
OmniPage Pro 9.0
OptusNet Dial-up
Outlook Express Q823353
Panda ActiveScan
Pioneer RecordNow DX
Pioneer RecordNow DX Update Manager
QuickBooks EasyStart: First Business 2005/06
QuickTime
Quintessential Player
ReaConverter 4.0 Pro
RealPlayer
Reason
ReCycle 2.0
S450
Search Assistant - My Web Search
Security Task Manager 1.6e
SmartUSB56 Voice Modem
Spybot - Search & Destroy 1.3
Steinberg Cubase SX 1.02
Steinberg Nuendo
Steinberg Nuendo/Cubase Dual Dongle Emu
TC Native Essentials 2.02
USB Flash Disk Utility
Windows Media Player 10
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB883357
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q331953
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinFast® Display Driver
WinFast® Display Driver
WinRAR archiver
XoftSpy

Cheers

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

O BTW as for "C:\WINDOWS\Downloaded Program Files>" it didn't really look like this it was more like Just "C:\"
I still entered the commands as you prompted - not much happened...

sorry think i stuffed it up give me a minute

Whoops - mucked up the instructions the first time but did it right the second... OK I have reposted the refreshed hijack this list in case it is different.

Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Illustrator 9.0
Adobe MPEG Encoder
Adobe Photoshop 7.0
Adobe Premiere 6.5
Adobe SVG Viewer
Advanced RealMedia Export Plug-in for Premiere 6.0
AKAI professional VST Collection v1.0
ArcSoft PhotoBase
ArcSoft PhotoStudio 2000
ArcSoft PhotoStudio Suite v2.0
BoDetect 3.5
Bojo OrganOne VSTi v1.05
Caere Scan Manager 5.1
Canon iP4200
Canon PhotoRecord
Canon PIXMA iP3000
Canon ScanGear Toolbox CS 2.2
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
Celtx (0.9.4)
ContextPlus
DirectX 9 Hotfix - KB839643
DivX 4.12 Codec
Easy-WebPrint
FlashFXP
Graphic Converter 2003
Hello (remove only)
HijackThis 1.99.1
Instant French Level 1
Ipswitch WS_FTP Home 2006
iTunes
Java 2 Runtime Environment, SE v1.4.2_01
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Macromedia HomeSite+
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5)
MSN Add-in for Windows Messenger
MSN Messenger 6.2
MSN Toolbar
NI Absynth v1.3.4-OxYGeN
NoAds
OmniPage Pro 9.0
OptusNet Dial-up
Outlook Express Q823353
Panda ActiveScan
Pioneer RecordNow DX
Pioneer RecordNow DX Update Manager
QuickBooks EasyStart: First Business 2005/06
QuickTime
Quintessential Player
ReaConverter 4.0 Pro
RealPlayer
Reason
ReCycle 2.0
S450
Search Assistant - My Web Search
Security Task Manager 1.6e
SmartUSB56 Voice Modem
Spybot - Search & Destroy 1.3
Steinberg Cubase SX 1.02
Steinberg Nuendo
Steinberg Nuendo/Cubase Dual Dongle Emu
TC Native Essentials 2.02
USB Flash Disk Utility
Windows Media Player 10
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB883357
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q331953
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinFast® Display Driver
WinFast® Display Driver
WinRAR archiver
XoftSpy

guestolo · « **Reply #7 on:** December 11, 2005, 10:27:08 PM »

Can you do the following please

It appears you have had Avast installed at one time and may of not been uninstalled completely
You may want to run the uninstall utility they supply
Look HERE
Save the uninstaller to the desktop
and then double click to run
In the path to the folder copy and paste the next path in bold

C:\Program Files\Alwil Software
Then click Uninstall

You may have to reboot the computer afterwards

Back in Windows

Access your add/remove programs and remove if you can
Search Assistant - My Web Search

Also remove
Spybot - Search & Destroy 1.3
Spybot isn't malware, but we should update you too the latest version

You should be prompted to reboot again, do so
Back in Windows

Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.

Download and Install Spybot 1.4 from
HERE
or HERE
Don't activate the Tea Timer when installing
You can do this after you are clean if you wish
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, then download all updates
After it's updated, don't run a scan yet

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

In safe mode
Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

Afterwards
Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections

Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Open Spybot 1.4
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer back to Normal mode

Back in Windows, I need to see a few logs please
1. Run hijackthis again and post a fresh log
2. Post the whole report from Ewido's you saved earlier
3. Post The entire contents of the log.txt file in the aproposfix folder

Seamoose · « **Reply #8 on:** December 12, 2005, 12:11:38 AM »

Ok I have stopped to ask a question rather than muck about and destroy my computer!

Firstly, I could not remove Search Assistant - My Web Search using the add/remove programs function. By the way you framed the instruction I guess this is not surprising.

I did remove spybot 1.3 and download 1.4 as per instructions.

Same for Apropos and Ewido. Did not run them (as instructed).

My main problem/question is that when I restart and go into the startup menu by tapping F8, the computer freezes everytime I choose SAFE MODE. Just sits there with the safe mode function highlighted but does not respond.

Suggestion?

Once again, many thanks.

guestolo · « **Reply #9 on:** December 12, 2005, 12:28:17 AM »

Can you do the following for now

Make sure you printed the instructions I gave you out

Physically disconnect your computer from the Internet
Close down all unnecessary programs running in the background
Open your task manager
End the process on any of these that don't need to be running
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\E-Color\Common\IconMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\slserv.exe

C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE

Then go ahead and try running the instructions I gave you previously
Let's see if we can kill some things in Normal mode with minimum running

Make sure that after you run Spybot you Reboot the computer

Seamoose · « **Reply #10 on:** December 12, 2005, 02:43:07 AM »

Cool: all done - Ewido sure found a whole load of crud!

Logfile of HijackThis v1.99.1
Scan saved at 6:36:10 PM, on 12/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [HijackThis startup scan] C:\unzipped\hijackthis\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Here's Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         6:00:13 PM, 12/12/2005
+ Report-Checksum:      2DDFC678

+ Scan result:

   HKLM\SOFTWARE\Classes\TypeLib\{B000D07B-6877-4D37-B6B2-BB800504ADE1} -> Dialer.Generic : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   :mozilla.20:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.54:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.81:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
   :mozilla.85:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.125:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.127:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
   :mozilla.128:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
   :mozilla.130:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
   :mozilla.134:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.135:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   :mozilla.136:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.137:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.157:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.158:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.167:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.181:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.220:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.221:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.222:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\choq3esr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
   :mozilla.68:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.69:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\lt\Application Data\Mozilla\Firefox\Profiles\zti7cp45.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@2o7[1].txt.bak -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@2o7[2].txt.bak -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Addynamix : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@advertising[1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@advertising[2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@atdmt[1].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@atdmt[2].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@bfast[1].txt.bak -> Spyware.Cookie.Bfast : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@bfast[2].txt.bak -> Spyware.Cookie.Bfast : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@bluestreak[1].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@bluestreak[2].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@casalemedia[1].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@casalemedia[2].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@centrport[1].txt.bak -> Spyware.Cookie.Centrport : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@commission-junction[1].txt.bak -> Spyware.Cookie.Commission-junction : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@commission-junction[2].txt.bak -> Spyware.Cookie.Commission-junction : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitslink : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitslink : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@doubleclick[1].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@doubleclick[2].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@fastclick[1].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@fastclick[2].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@gator[1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@hitbox[1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@hitbox[2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@linksynergy[2].txt.bak -> Spyware.Cookie.Linksynergy : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@mediaplex[1].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@mediaplex[2].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@paycounter[1].txt.bak -> Spyware.Cookie.Paycounter : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@paycounter[2].txt.bak -> Spyware.Cookie.Paycounter : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@qksrv[1].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@qksrv[2].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@questionmarket[1].txt.bak -> Spyware.Cookie.Questionmarket : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@questionmarket[2].txt.bak -> Spyware.Cookie.Questionmarket : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@revenue[2].txt.bak -> Spyware.Cookie.Revenue : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@sexlist[2].txt.bak -> Spyware.Cookie.Sexlist : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@targetnet[1].txt.bak -> Spyware.Cookie.Targetnet : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@valueclick[1].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@valueclick[2].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@weborama[1].txt.bak -> Spyware.Cookie.Weborama : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@weborama[2].txt.bak -> Spyware.Cookie.Weborama : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@xxxtoolbar[1].txt.bak -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\lt@xxxtoolbar[2].txt.bak -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
   C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup

::Report End

and finally Apropos:

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\lt\Desktop\aproposfix

************

Registry entries found:

************

No service found!

Removing hidden folder:
No folder found!

Deleting files:

Backing up files:
Done!

Removing registry entries:

REGEDIT4

Done!

Finished!

Cool! what now?

guestolo · « **Reply #11 on:** December 12, 2005, 08:13:55 PM »

Can you delete this folder if found
C:\Program Files\Enigma Software Group <-this folder

If you don't have any firewall
Make sure you have enabled XP's firewall immediately
http://www.microsoft.com/windowsxp/using/n...rnmore/icf.mspx

You don't need hijackthis set to run at startup
Up to you to have this feature enabled

Open Hijackthis>>Open Misc tools section>>Click on MAIN button
Uncheck Run Hijackthis scan at startup

Make sure the Messenger service is disabled
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Messenger

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
You can do the same for Alerter as well

What are you running for Anti-Virus software?
Do you need a free solution?
It's not safe being without an Active AV in the background

For added protections
You should install this free tool
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

Check for updates every couple of weeks
after every update just simply click the "enable protection...."

Afterwards, I want to try and remove a couple entries in your log
Do another scan with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

The next ones are not needed on startup, safe to fix also
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

If you don't make use of the Microsoft Office Shortcut Bar outside an office program
It's safe to disable this next one too, Office works fine without it
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Come back here and let me know how things are running
We should still get an AV installed and ran if you require one

Seamoose · « **Reply #12 on:** December 13, 2005, 01:40:31 AM »

Couldn't find
C:\Program Files\Enigma Software Group

I don't think I have a firewall - and Microsoft would not let me download one. Same problem. I understand the reccomendation here would be to get a legit version of XP and so I shall - but not this week! A bit expensive!

Stpped and disabled the Messenger and Alerter.

As for AV - I have the reccomended spyware detectors/killers - but I get the idea you are talking about something that runs in the background stopping them in the first place???

I added the Spywareblaster as reccomended - is this what you mean by an AV - or do I need something additional?

Did the Hijack this fixes and rebooted with no worries.

As for how the computer is running now - I had one screen freeze since but is this malware related? (it always happened since I got the PC - once or twice a day.)

Also I had one of the pop-ups reappear - the "Sfondi desktop" - asking me to download tacky screensavers which seems to be related to "Startnet Di Alessandro Casini" (one of those "do you want to ..." things with a yes /no click - like you get when downloading software) which pops up over the "Sfondi" one.

Anyway - have I missed anything? And thanks very much so far. I wasn't sure if you wanted another Hijack this log so what the hey... here 'tis

Logfile of HijackThis v1.99.1
Scan saved at 5:40:00 PM, on 13/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\E-Color\Common\IconMgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134441134249
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft.com/fwlink/?linkid=49480
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

guestolo · « **Reply #13 on:** December 13, 2005, 01:55:44 AM »

I didn't ask you to install a firewall yet
I asked you to make sure the one built into XP is enabled
This link will explain how to make sure it's running
http://www.microsoft.com/windowsxp/using/n...rnmore/icf.mspx

SpywareBlaster isn't the same thing as an Active AV
It's a tools that sets killbits to the registry to help prevent malware from being installed

Let's get an Anti-Virus software on your computer
Install either on of these 2 AV's
ONLY install ONE, more than one can cause conflicts
Both have a free edition

AVG 7 by Grisoft

Avast Home Edition by ALWIL

After either is installed, make sure it is updated and run a full system scan
Let it fix whatever it finds

When it's done, reboot the computer

Come back here and post one last hijackthis log
Let me know how things are running after that

After you have done the above
Additionally, I'm curious, are you now able to be into safe mode
Make sure you give it enough time to load

Seamoose · « **Reply #14 on:** December 13, 2005, 07:00:28 AM »

OK the XP firewall wasnt enabled (sorry got the wrong end of the stick there before) but now it is. Goes to show - I actually assumed the thing was running the whole time I've had this computer (Doh!)

I installed AVG 7 and ran it ok (the computer wigged out and restarted itself once but then the scan went ok the second time) Nothing found.

Also I got the blue pop up again (as desribed in the first post) "warning" of possible spyware.

Now I go try Safe Mode.

(Insert Gadzillions of appreciative remarks here:) )

Logfile of HijackThis v1.99.1
Scan saved at 10:53:59 PM, on 13/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134441134249
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft.com/fwlink/?linkid=49480
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Seamoose · « **Reply #15 on:** December 13, 2005, 07:15:44 AM »

Yep no worries with the Safe mode this time.

What next? Lets kill those nasty pop-ups!

Oh - also I have a pop up killer called No-Ads running - recommended???

Will check in again tommorrow. Thank you.

guestolo · « **Reply #16 on:** December 13, 2005, 10:09:54 AM »

Just on my way to work, can you do the following please in the meantime
Can you check for updates with AVG, in case there are any

I may repeat myself, but
Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.

==Download and save WinPFind.zip
UNZIP the contents to your desktop
Don't run it yet

Reboot into Safe mode

Once in safe mode
Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

Run another full scan with AVG

Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Click START SCAN
This could take some time as it will scan your drive
Close out after

Reboot back to Normal mode

Post the results of the WindPFind.txt located in the WinPFind folder
Post The entire contents of the log.txt file in the aproposfix folder

Seamoose · « **Reply #17 on:** December 13, 2005, 06:53:32 PM »

All done:

Updated AVG found no virus (but, when run in safe mode it did say that for both the Partition Table and the Boot Sector of disc C: that there was a "reading error." I don't know if this is relevant or not.)

Here is the (very long) WinPFind.txt

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
Internet Explorer Version: 6.0.2600.0000

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 27/01/2005 2:09:50 PM 4918270 C:\Program Files\Firefox Setup 1.0.exe

Checking %WinDir% folder...
PECompact2 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\LPT$VPN.857
qoologic 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\LPT$VPN.857
SAHAgent 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\LPT$VPN.857
UPX! 13/12/2004 12:43:22 PM 18432 C:\WINDOWS\ss3unstl.exe
UPX! 27/09/2005 12:38:50 PM 170053 C:\WINDOWS\tsc.exe
UPX! 2/12/2003 5:00:10 AM 45056 C:\WINDOWS\Unwash5.exe
PECompact2 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\VPTNFILE.857
qoologic 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\VPTNFILE.857
SAHAgent 27/09/2005 12:38:48 PM 15914303 C:\WINDOWS\VPTNFILE.857
UPX! 27/09/2005 12:38:50 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 27/09/2005 12:38:50 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 9/07/2005 8:03:06 PM 433152 C:\WINDOWS\SYSTEM32\aswBoot.exe
PEC2 23/08/2001 11:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 25/11/2001 6:31:48 AM 65536 C:\WINDOWS\SYSTEM32\DVDAudio.ax
UPX! 25/11/2001 6:28:14 AM 86528 C:\WINDOWS\SYSTEM32\DVDVideo.ax
PTech 4/11/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 8/09/2005 10:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/09/2005 10:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
PTech 21/06/2005 2:21:12 PM 382216 C:\WINDOWS\SYSTEM32\OVAControl.DLL
Umonitor 12/02/2002 7:14:12 PM 630784 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 23/08/2001 11:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 13/12/2005 9:44:10 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 13/12/2005 9:44:10 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 13/12/2005 9:44:10 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 13/12/2005 9:44:10 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 7/04/2002 9:52:54 PM 1804560 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
14/12/2005 9:02:06 AM S 2048 C:\WINDOWS\bootstat.dat
14/12/2005 8:56:32 AM H 24 C:\WINDOWS\p5cwc
8/12/2005 7:38:38 PM H 0 C:\WINDOWS\LastGood\INF\oem29.inf
8/12/2005 7:38:38 PM H 0 C:\WINDOWS\LastGood\INF\oem29.PNF
14/12/2005 8:59:22 AM H 8192 C:\WINDOWS\system32\config\default.LOG
14/12/2005 9:02:20 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
14/12/2005 9:02:10 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
14/12/2005 10:19:38 AM H 176128 C:\WINDOWS\system32\config\software.LOG
14/12/2005 9:03:34 AM H 1032192 C:\WINDOWS\system32\config\system.LOG
12/12/2005 2:44:36 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
14/12/2005 8:57:28 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 23/08/2001 11:00:00 PM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Avance Logic, Inc. 21/03/2002 2:41:28 PM 544768 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 23/08/2001 11:00:00 PM 558592 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 130048 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 294912 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 119808 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 29/08/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 19/08/2003 6:23:34 PM 61547 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Kristal Studio 3/03/2001 1:39:28 PM 121856 C:\WINDOWS\SYSTEM32\Mp3cnfg.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA® Corporation 19/01/2002 1:33:26 AM 36864 C:\WINDOWS\SYSTEM32\NVACpl.cpl
NVIDIA Corporation 9/03/2002 11:53:00 AM 106496 C:\WINDOWS\SYSTEM32\nvTUICpl.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
4/05/2000 10:57:38 PM 303104 C:\WINDOWS\SYSTEM32\scmgrcpl50.cpl
SmartLink 26/03/2002 5:23:56 PM 339968 C:\WINDOWS\SYSTEM32\slcpappl.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 270848 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 26/05/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 558592 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 130048 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 294912 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 119808 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29/08/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 270848 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 23/08/2001 11:00:00 PM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
NVIDIA Corporation 9/03/2002 11:53:00 AM 106496 C:\WINDOWS\SYSTEM32\WinFast\Graphics\nvTUICpl.cpl
NVIDIA Corporation 2/04/2003 4:40:00 PM 139264 C:\WINDOWS\SYSTEM32\WinFast\WHQL\Graphics\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
26/06/2003 4:00:30 PM 986 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
23/04/2003 5:00:16 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
23/01/2002 11:35:12 PM 771 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\E-Color.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
24/04/2003 2:46:04 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
8/12/2005 8:38:16 PM 6918 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
23/04/2003 5:00:16 PM HS 84 C:\Documents and Settings\lt\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
24/04/2003 2:46:02 AM HS 62 C:\Documents and Settings\lt\Application Data\desktop.ini
20/09/2005 10:46:52 PM 20136 C:\Documents and Settings\lt\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   StumbleUpon.com 1.822    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
   {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}    = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
   {797F3885-5429-11D4-8823-0050DA59922B}    = C:\Program Files\Ipswitch\WS_FTP Home\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
   {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}    = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
   {797F3885-5429-11D4-8823-0050DA59922B}    = C:\Program Files\Ipswitch\WS_FTP Home\wsftpsi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\shell32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D44BBB61-E17F-4AE6-A502-8D7E0B29E616}
   SU Toolbar Helper = C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}
   FlashFXP Helper for Internet Explorer = C:\PROGRA~1\FlashFXP\IEFlash.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {22D003CE-6952-46C5-80B9-D19B479620AB}    = Stumble&Upon   : C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx
   {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}    = MSN Toolbar   : C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
   {327C2873-E90D-4c37-AA9D-10AC9BABA46C}    = Easy-WebPrint   : C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B13B4423-2647-4cfc-A4B3-C7D56CB83487}
   ButtonText    = Share in Hello   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
   Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
   Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
   History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\shell32.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} =    :
   {22D003CE-6952-46C5-80B9-D19B479620AB} = Stumble&Upon   : C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
   {4D5C8C2A-D075-11D0-B416-00C04FB90376} = Microsoft CommBand   : %SystemRoot%\System32\browseui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   StorageGuard   "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
   Prolific_PLUtil   C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
   PLFFAP   C:\WINDOWS\System32\HotfixQ0306270.exe
   Easy-PrintToolBox   C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
   nwiz   nwiz.exe /install
   NvCplDaemon   RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
   NeroCheck   C:\WINDOWS\System32\NeroCheck.exe
   iTunesHelper   "C:\Program Files\iTunes\iTunesHelper.exe"
   Desktop Service Centre   C:\Program Files\OptusNet Dial-up Internet\DSC.exe
   AVG7_CC   C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
   KernelFaultCheck   %systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
   Register Homesite+.exe   "C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   CTFMON.EXE   C:\WINDOWS\System32\ctfmon.exe
   NoAds   "C:\Program Files\NoAds\NoAds.exe"
   NvMediaCenter   RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
   system.ini   0
   win.ini   0
   bootini   0
   services   0
   startup   0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   ÿ

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\shell32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\shell32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} =
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 14/12/2005 10:29:05 AM

And here is the Apropos log.txt

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\lt\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C5TP7AF3flp9]
@="\\l5Go5SVWWVWWXW\\7CmPHKVWWVlYW1rwmx1\\W\\TNO9HcbW8MDQ9MNWHNKJN8Q8XNTN"
"Device"="\\\\.\\SchDump"
"DriverPath"="C:\\WINDOWS\\System32\\drivers\\msposdvd.sys"
"DriverName"="SCalFax"
"HideUninstallerName"="C:\\Program Files\\Lave emu\\dmi4dmod.exe"
"UninstallerPath"="C:\\WINDOWS\\System32\\pinipbrd.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{D12349B6-D58A-42ED-8E89-9DC68EAB6CB3}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\System32\\fec50_32.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xea8b41a-6a96-36df-38ce-e84cead3a5ca}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Lave emu\\cfmgntfs.exe"

************

Removing hidden service:
Service SCalFax removed.

Removing hidden folder:

Deleting files:

Deletion of file C:\WINDOWS\System32\drivers\msposdvd.sys succeeded!
Deletion of file C:\WINDOWS\System32\ciodsdmo.exe succeeded!
Deletion of file C:\WINDOWS\System32\fec50_32.dll succeeded!
Deletion of file C:\WINDOWS\System32\pinipbrd.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C5TP7AF3flp9]
[-HKEY_LOCAL_MACHINE\Software\C5TP7AF3flp9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D12349B6-D58A-42ED-8E89-9DC68EAB6CB3}]

Done!

Finished!

Thanks again - hope work was not too bad, really appreciate your help.

guestolo · « **Reply #18 on:** December 14, 2005, 07:44:13 PM »

Sorry for the delay

Can you do one last thing please
Open Hijackthis>>Open Misc tools section>>Open Delete File on Reboot
In the Filename field, copy and paste the following path in bold below and then hit the OPEN button

C:\WINDOWS\ss3unstl.exe

Hijackthis should prompt that the file will be deleted and too reboot now
DON'T reboot yet
Instead, also enter this path to the Delete file on Reboot in hijackthis

C:\WINDOWS\p5cwc

This time allow the computer to reboot,

Back in Windows, post one last hijackthis log and let me know how things are running
Any more popups?

Could you also do the following please
I just want to check out one file
Can you go to this site
Jotti's Online Malware scan
Give this site time to load if busy

Use the browse button and navigate to this file on your hard drive
C:\WINDOWS\SYSTEM32\scmgrcpl50.cpl <-this file

Right click on it and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scans back here please

Seamoose · « **Reply #19 on:** December 15, 2005, 12:14:25 AM »

Hi,

cool - just got back home have worked thru instructions until the running of hijack this - will now go do the Jotti's Online Malware scan and get back to ya. No need to apologize for (very short) delay (I wasn't online anyway) - you are a saint.

Will need a couple of hours to know about the pop ups as they only happen once or twice a day and (seemingly) very randomly (little buggers).

(gosh - I'm liking my brackets today what?) (be back soon with the rest!)

Logfile of HijackThis v1.99.1
Scan saved at 4:08:12 PM, on 15/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\System32\HotfixQ0306270.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\E-Color\Common\IconMgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SU Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\System32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by16fd.bay16.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134441134249
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft.com/fwlink/?linkid=49480
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...645/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_5_0.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Leadtek Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PurgeIE XP Service (PurgeIEservice) - Unknown owner - C:\Program Files\PurgeIE\PurgeIE_Service.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

News:

Author Topic: Numerous Nasties (Read 3724 times)