Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible browser hijacker on my PC?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible browser hijacker on my PC?

Unread postby SheppeyRed » May 24th, 2007, 3:37 pm

Hi all again,

Ok, I'm having a problem accessing the website:-

http://splitter.lbbhost.com/

Where I keep being taken to a page that is msotly blank apart from mentioning the website webbywarehouse.com and having a link to another website. I've asked soem friends to try and access the site that I'm trying to access as well as my ISP and they all say they can access the intended site. I'm normally pretty careful online and didn't think I had a browser hijacker but that doesn't mean that I haven't been caught out! ;)

I've done a HijackThis scan and included the log file below this. If there is an issue I'd appreciate any help that anyone can give me. Cheers.

HijackThis scan results:-

Logfile of HijackThis v1.99.1
Scan saved at 20:36:45, on 24/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\DOCUME~1\Shaun\LOCALS~1\Temp\dtemp-3cafe4c44266101-20.dop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheppeyunited.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheppeyunited.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4BD9653E-D4C7-454B-9151-A8517B84BA08} - (no file)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_3.0.131-deleon.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_3.0.131-deleon.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [Gainward] "C:\WINDOWS\TBPanel.exe" /A
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Matrox Powerdesk] "C:\WINDOWS\system32\PDesk\PDesk.exe" /Autolaunch
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Color Indicator.lnk = C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmcache.html
O8 - Extra context menu item: Download All with BitBeamer - res://C:\Program Files\BitBeamer\ieplugin.dll/getlinks
O8 - Extra context menu item: Download with BitBeamer - res://C:\Program Files\BitBeamer\ieplugin.dll/download
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.8.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2651339911
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://D:\system\intralaunch.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/C ... tNoMFC.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/ ... veData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... _1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5721D8E-2409-47D8-A599-F75B929D908E}: NameServer = 192.168.2.1,4.2.2.2
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\System32\lexbces.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am
Advertisement
Register to Remove

Unread postby John B. » May 26th, 2007, 3:41 am

Hi! :hello2: and welcome to the Malware Removal forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.
I am currently looking over your log. As I am a trainee, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby John B. » May 26th, 2007, 7:18 am

Hi,

I've got one question before you begin with the fix:
Did you set this registry setting yourself:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80

Please copy the fix to Notepad/Word, or print it, because you won't always have internet access!

P2P Warning!
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
Additional information on the safety of Peer to Peer programs themselves is here :
Clean/Infected P2P Programs
Please decide if you want to keep using P2P so I can put it in my next speech if you don't want to keep it.

Step 1: Redownload HijackThis
Download a copy of hijackthis.exe from here: http://downloads.malwareremoval.com/HijackThis.exe and save it to the desktop.

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it hjtinstall.bat Please save it on your desktop.

@echo off
if not exist "C:\Program Files\HJThis" md "C:\Program Files\HJThis"
move "%userprofile%\desktop\HijackThis.exe" "C:\Program Files\HJThis"
ren "C:\Program Files\HJThis\HijackThis.exe" search.exe
echo @echo off > "%userprofile%\desktop\Search.bat"
echo "C:\Program Files\HJThis\search.exe" >> "%userprofile%\desktop\Search.bat"
start "C:\Program Files\HJThis\search.exe"
del hjtinstall.bat


Double click hjtinstall.bat. A window will open and it should automatically close. If it doesn't close by itself please close it manually.

Step 2: Disable SpySweeper
Please disable SpySweeper as it may interfere with the fix.
  • Open SpySweeper
  • Click Options
  • Click program options
  • Uncheck load at windows startup
  • On the left click shields and uncheck all there
  • Uncheck home page shield
  • Uncheck automaticly restore default without notifiction
  • Close SpySweeper
Once your log is clean you can re-enable those settings in SpySweeper.

Step 3: Disable Windows Defender
Please disable Windows Defender Real Time Protection as it may interfere with the fix. To disable Windows Defender:
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • Click Save
  • Close Windows Defender
Once your log is clean you can re-enable Windows Defender Real Time Protection.

Step 4: Delete program
Ewido is a very old version so please remove this one. I'll tell you how to install and configure the new version.
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    ewido anti-spyware
Step 5: Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: (no name) - {4BD9653E-D4C7-454B-9151-A8517B84BA08} - (no file)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.8.cab

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
Step 6: Download AVG Anti-Spyware
This is the new version of Ewido, with a new name.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
IMPORTANT! Do not scan yet with AVG Anti-Spyware! We will do this later.

Step 7: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Step 8: Boot into Safe Mode
Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Step 9: Run AVG Anti-Spyware
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Step 10: Reboot
Your computer will automatically switch to normal mode.

Step 11: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Step 12: Post logs
Please post the following logs in a reply to this topic:
  • Tell me if the problem is still occuring
  • Tell me if you want to keep on using P2P
  • Tell me if you set the registry setting yourself
  • Uninstall log
  • AVG log
  • Fresh HijackThis log

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby SheppeyRed » May 26th, 2007, 7:22 am

[quote="John B."]Hi,

I've got one question before you begin with the fix:
Did you set this registry setting yourself:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80

Hi John and cheers for the help so far. As for peer-peer networking, I do use uTorrent for downloading TV programs from the net.

Would that be the cause of the reference here?
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am

Unread postby John B. » May 27th, 2007, 7:40 am

SheppeyRed wrote:Would that be the cause of the reference here?


I don't know yet. That's why I want you to do the steps, if you're not doing them already, I told you to do :)

Also fix this entry with HijackThis:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
In Step 5 or if you've done that already do it before you make a fresh HijackThis log. Then also check if the problem is solved and tell it to me.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby SheppeyRed » May 27th, 2007, 7:52 am

John B. wrote:
SheppeyRed wrote:Would that be the cause of the reference here?


I don't know yet. That's why I want you to do the steps, if you're not doing them already, I told you to do :)

Also fix this entry with HijackThis:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
In Step 5 or if you've done that already do it before you make a fresh HijackThis log. Then also check if the problem is solved and tell it to me.


Okey doke - I'm on the case right now. I was just about to boot into safe mode when I noticed this reply. ;)
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am

Unread postby SheppeyRed » May 27th, 2007, 1:23 pm

OK, first off - no joy. :cry:

Still get the webpage advertising webbtwarehouse.com rather than the Nutsplitters railway site.

Secondly, I couldn't unistall Ewido as it wasn't listed in the add/remove programs facility in Control Panel and I couldn't find a program folder for it either. Perhaps it's a rogue registry entry left over from an unistall?

Finally, here - as requested - are the 3 logs you asked me to post if the problem persisted:-

HijackThis log:-

Logfile of HijackThis v1.99.1
Scan saved at 18:15:34, on 27/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\SpamPal\spampal.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
F:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheppeyunited.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheppeyunited.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_3.0.131-deleon.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_3.0.131-deleon.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [Gainward] "C:\WINDOWS\TBPanel.exe" /A
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Matrox Powerdesk] "C:\WINDOWS\system32\PDesk\PDesk.exe" /Autolaunch
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Color Indicator.lnk = C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmcache.html
O8 - Extra context menu item: Download All with BitBeamer - res://C:\Program Files\BitBeamer\ieplugin.dll/getlinks
O8 - Extra context menu item: Download with BitBeamer - res://C:\Program Files\BitBeamer\ieplugin.dll/download
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2651339911
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://D:\system\intralaunch.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/C ... tNoMFC.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/ ... veData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... _1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5721D8E-2409-47D8-A599-F75B929D908E}: NameServer = 192.168.2.1,4.2.2.2
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\System32\lexbces.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

AVG log:-

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:55:07 27/05/2007

+ Scan result:



:mozilla.130:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.131:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.132:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.241:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.243:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.303:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.846:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.86:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.87:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.252:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adbureau : Cleaned.
:mozilla.253:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adbureau : Cleaned.
:mozilla.542:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbureau : Cleaned.
:mozilla.543:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbureau : Cleaned.
:mozilla.579:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbureau : Cleaned.
:mozilla.580:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Adbureau : Cleaned.
:mozilla.919:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.920:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.681:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.156:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.624:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.625:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.626:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.627:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.628:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.629:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.630:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.631:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.93:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.94:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.148:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.279:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.399:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.237:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.238:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.563:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.847:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.165:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.30:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.320:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.321:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.166:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.167:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.168:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.169:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.170:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.171:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.172:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.326:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.327:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.328:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.329:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.330:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.331:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.332:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.333:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.334:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.335:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.439:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.440:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.441:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.442:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.443:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.444:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.445:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.446:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.447:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.448:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.201:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.279:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.409:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.410:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.411:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.506:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.507:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.217:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.448:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.522:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.87:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.88:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.89:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.90:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.91:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.116:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.210:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.244:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.226:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.227:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.468:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.469:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.535:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.536:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.11:C:\Documents and Settings\Shaun\Application Data\Thunderbird\Profiles\3kn6ltkb.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.12:C:\Documents and Settings\Shaun\Application Data\Thunderbird\Profiles\3kn6ltkb.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.153:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.154:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.267:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.268:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.587:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.588:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.650:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.285:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.623:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.641:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.636:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.650:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.651:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.878:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.879:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.880:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.881:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.922:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.923:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.924:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.443:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.659:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.74:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.759:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.404:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.405:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.790:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.791:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.792:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.793:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.853:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.854:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.855:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.856:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.410:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.865:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.25:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.26:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.27:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.29:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.32:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.33:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.34:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.36:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.37:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.411:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.412:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.413:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.414:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.415:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.416:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.41:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.43:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.800:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.801:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.802:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.803:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.146:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.18:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.19:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.20:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.21:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.22:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.23:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.277:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.429:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.430:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.431:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.432:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.433:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.809:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.180:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.181:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.183:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.353:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.354:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.355:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.356:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.462:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.463:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.464:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.465:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.268:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.665:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.666:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.667:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.668:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.935:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.936:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.439:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Spinbox : Cleaned.
:mozilla.10:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.11:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.12:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.13:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.14:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.15:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.21:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.22:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.23:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.24:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.26:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.27:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.28:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.71:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.72:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.73:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.74:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.75:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.76:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.77:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.78:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.7:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.8:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.9:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.452:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.453:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.810:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.811:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.812:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.813:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.873:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.874:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.526:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.527:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.528:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.615:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.544:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.234:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.235:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.236:F:\Backups\5b34ghbx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.561:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.562:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.79:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.80:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.81:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.82:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.83:C:\Documents and Settings\Shaun\Application Data\Mozilla\Firefox\Profiles\5b34ghbx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.554:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.555:C:\Documents and Settings\Shaun\Application Data\Netscape\NSB\Profiles\kx9b6kw9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Plus!\Themes\Windows default (256 color).theme -> Trojan.Maget : Cleaned with backup (quarantined).


::Report end

Unisntall List:-

3D Canvas
3Deep
AceFTP 3 Freeware
Ad-Aware SE Plus
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Photoshop CS
Adobe Reader 8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Age of Mythology
Ahead InCD EasyWrite Reader
Alt-Tab Task Switcher Powertoy for Windows XP
Apache HTTP Server 2.2.3
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
a-squared Free 2.0
ASUS Probe V2.15.07
AsusUpdate V3.29.04
AudioCrusher
AVG 7.5
AVG Anti-Spyware 7.5
Boomerang SST
Borland C++Builder 5
Caesar 3
Calculator Powertoy for Windows XP
Canon CanoScan Toolbox 4.1
CCleaner (remove only)
Civ3 Conquests v1.22 Full
Civ3 MultiTool
Civilization II Multiplayer
Civilization III
Civilization III - Play the World v1.14F
Civilization III - Play the World v1.21F
Civilization III - Play the World v1.27F
Civilization III Play the World
Civilization III v1.29f
Civilization III: Conquests
Civilization III: Conquests 1.02 Update
CmdHere Powertoy For Windows XP
Complete CD Maker Deluxe
Cossacks - Back To War
Cossacks 2 - Battle for Europe
Deus Ex
Deus Ex - Invisible War
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Easy Video Joiner 3.20
EasyTerm 4.3
E-Color Indicator
Emperor: Rise of the Middle Kingdom 1.0.1.0
Empire Earth
Empire Earth - The Art of Conquest
EW : Cossacks
EXPERTool
Gangsters
Getleft v1.2a2
GiPo@MoveOnBoot 1.9.5
Google Earth
Google Toolbar for Internet Explorer
GPSoftware Directory Opus
GSpot Codec Information Appliance
GTK+ 2.10.6-1 runtime environment
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hitman - Codename 47
Hitman 2: Silent Assassin
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
IconArt
IGI 2
Image Resizer Powertoy for Windows XP
ImageMixer VCD2
IrfanView (remove only)
ISpellEnFrGe
Java 2 Runtime Environment, SE v1.4.1_01
Java 2 Runtime Environment, SE v1.4.2_06
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia FreeHand MXa
MailWasher Free
Manual CanoScan 3000,3000F
Master of Olympus - Zeus
Matrox Graphics Software (remove only)
Max Payne
Max Payne 2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Embedding Fonts Tool (III)
Microsoft Windows Journal Viewer
mIRC
Mozilla Firefox (2.0.0.3)
Mozilla Thunderbird (2.0.0.0)
MSN Messenger 7.0
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser
MSXML4 Parser
MyJongg II
Nero 6 Ultra Edition
Nero Media Player
NeroVision Express 2
Netscape Browser (remove only)
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA WDM Drivers
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
Nvu 1.0
OmniPage SE
Opera 9.21
PCI Audio Applications
PCI Audio Driver
PerformanceTest v6.1
PGP 8.1
PhotoFiltre
Picture Package
Pinnacle Hollywood FX 4.6
Pinnacle Studio LINX
Pinnacle Systems PCI Performance Enhancer
PokerRoom.com (remove only)
Pop-Up Stopper Free Edition
Project IGI
QuickTime
RealPlayer
Refupdate 2.0
Registry Mechanic
Rhinoceros 3.0 Evaluation
Rise of Nations
Sam Spade version 1.14
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Serif PhotoPlus 6.0
Shockwave
Sid Meier's Pirates!
Sierra Utilities
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Sony USB Driver
SpamPal
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
Spy Sweeper
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Startup Manager 1.0
Studio 8
Studio Content CD
Swat It v2.1
The GIMP 2.2.13
Thief 2
Thief:The Dark Project
Tom Clancy's Splinter Cell
TorrentStorm
Tweakui Powertoy for Windows XP
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Viewpoint Manager (Remove Only)
Viewpoint Toolbar
VMN Toolbar
Web Album Generator 1.6.5
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.0
WinZip
XanaNews 1.17.5.2
Xenu's Link Sleuth
XTrkCad
XviD MPEG-4 Video Codec
ZoneAlarm
Zoom Search Engine 5.0

Many thanks for your help so far John,

Shaun
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am

Unread postby John B. » May 28th, 2007, 10:47 am

Hi Shuan,

True, the ewido entry is a leftover.

Lets see if there's something in your hosts file which redirects you to another website.

Step 1: Delete service
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixService.bat Please save it on your desktop.

@echo off
sc stop "ewido anti-spyware 4.0 guard"
sc delete "ewido anti-spyware 4.0 guard"
exit


Double click FixService.bat. A window will open and close. This is normal.

Step 2: Remove HijackThis entry
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside the item listed below (if present):

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
Step 3: Check your hosts file
  • Click on Start
  • Click on Run
  • Copy and paste from the list below the correct one for your operating system. Be sure and include the word notepad
    • For XP:
      notepad C:\WINDOWS\system32\drivers\etc\hosts
    • For 2k:
      notepad C:\WINNT\SYSTEM32\DRIVERS\ETC\hosts
    • For 98 & ME:
      notepad C:\WINDOWS\hosts
  • Click OK, notepad will then open with your host file
  • Copy and paste the whole hosts file in a reply together with a fresh HijackThis log

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby SheppeyRed » May 28th, 2007, 11:04 am

Hi John,

OK, did as you asked me to and couldn't find a reference to Ewido - only to what appears to be the AVG antispyware equivalent.

Here are the new logs you requested:-

hosts file:-

# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost

HijackThis logfile:-

Logfile of HijackThis v1.99.1
Scan saved at 16:01:12, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\SpamPal\spampal.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Games\SIERRA\Master of Olympus - Zeus\Zeus.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheppeyunited.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sheppeyunited.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_3.0.131-deleon.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_3.0.131-deleon.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [Gainward] "C:\WINDOWS\TBPanel.exe" /A
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Matrox Powerdesk] "C:\WINDOWS\system32\PDesk\PDesk.exe" /Autolaunch
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: E-Color Indicator.lnk = C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmcache.html
O8 - Extra context menu item: Download All with BitBeamer - res://C:\Program Files\BitBeamer\ieplugin.dll/getlinks
O8 - Extra context menu item: Download with BitBeamer - res://C:\Program Files\BitBeamer\ieplugin.dll/download
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar_en_3.0.131-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2651339911
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file://D:\system\intralaunch.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/C ... tNoMFC.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/ ... veData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... _1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5721D8E-2409-47D8-A599-F75B929D908E}: NameServer = 192.168.2.1,4.2.2.2
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\System32\lexbces.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Many thanks for your help so far,

Shaun
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am

Unread postby John B. » May 29th, 2007, 6:08 am

Hi Shaun,

There's really no sign of any infection or something else blocking it. Lets see if it's hidden.

Please copy the fix to Notepad/Word, or print it, because you won't always have internet access!

Step 1: Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!

Step 2: Run Kaspersky Online Scan
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Step 3: Download and Run WinPFind3
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save the log on your desktop.
Step 4: Download and Run Gmer
Download Gmer to your Desktop and unzip it to your Desktop.
http://www.gmer.net/gmer.zip

Disconnect from internet and close running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double click gmer.exe.
Let the gmer.sys driver load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
If no warning....
Click the rootkit tab
To the right of the program you will see a bunch of boxes that have been checked... leave everything checked. Then click the Scan button. Wait for the scan to finish.
Once done click the Copy button.
Open Notepad and hit ctrl+v to paste the log. Save the log to your desktop please.

Step 5: Post logs
You may need several replies.
  • Kaspersky log
  • WinPFind3 log
  • Gmer log

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Kaspersky online

Unread postby SheppeyRed » May 29th, 2007, 8:16 am

Tried to run this scanner but I'm afraid I lost patience with it.

After an hour and forty minutes it was still only 1% of the way through it's scan.

It would take several days to run a scan in full at that rate. :shock:
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am

Unread postby SheppeyRed » May 29th, 2007, 9:34 am

Sorry - forgot to clarify.

It's Kaspersky that's taking ages. I know the online scanner website warns that the scan can and will take several hours but I need to use the PC for some work I'm doing. Does it matter if I do the scan at the end or do I need to do it before the other two procedures/scans that you've asked me to do?

If I can do it last then I'll leave it until last thing tonight or even try and leave it running overnight when I know I won't be using the PC! ;)

Many thanks for your help so far,

Shaun
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am

Unread postby John B. » May 30th, 2007, 7:03 am

You can run Kaspersky whenever you want :)
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby SheppeyRed » May 30th, 2007, 9:06 am

John B. wrote:You can run Kaspersky whenever you want :)


I may not run it at all as I'm becoming deeply unimpressed with the scan results - and very suspicious of the way the scan is progressing.

It's just scanned my entire Outlook Express saved messages folder with numerous databases for the folders I have (I filter my e-mail quite heavily and have numerous folders for each recipient I receive e-mails from) and zipped through the entire lot in under 15 minutes.

Then it got to Mozilla Thunderbird.

I have the same messages saved in Thunderbird in the same folder structure (there are reasons for this! ;) ) - and Kaspersky is taking 20-30 minutes per database. At this rate it's going to take 15-20 hours to scan my Thunderbird folder alone - if not longer. :shock:

Add in the fact that you can only run this online scan with Internet Explorer and not Firefox, Netscape or Opera and I am getting less and less impressed by the minute with Kaspersky.

I resent being forced into using Microsoft products whether by accident or by design and Kaspersky seems to have a real problem with Mozilla products if my experience is anything to go by.

It has slowed the PC's performance to an absolute crawl too while scanning Firefox's saved messages. I can barely use my PC - it has taken me nearly an hour to try and compose this post whereas performance was near normal when scanning Outlook Express's saved messages.

I'll leave the scan running for now but if it hasn't finished scanning Thunderbird's saved messages within the next 2-3 hours then I'm going to cancel the scan and won't run it again.

The only way I can see to run a scan in anything less than a day or two is to delete all my saved e-mail messages from Thunderbird - and I'm not prepared to do that as Thunderbird is my e-mail client of choice, not one of Microsoft's e-mail clients. :(
SheppeyRed
Regular Member
 
Posts: 30
Joined: December 1st, 2006, 8:15 am

Unread postby John B. » May 30th, 2007, 11:34 am

Please skip Kaspersky, we'll try another scanner if we need to!
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 270 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware