Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help - Malware/adware/virus


  • Please log in to reply
10 replies to this topic

#1 NigelHaddow

NigelHaddow

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tewkesbury, England
  • Local time:01:52 AM

Posted 28 February 2006 - 03:16 AM

I have run ewido, adaware, spywareguard, windows defender beta and avg, but am still getting virus infestations which I clean up every day. Santafree.exe keeps installing itself along with others and 60% of websites display "could not find server" which is really annoying. I checked all the original windows files yesterday and there was no probs there.

My hijack this log is:

Logfile of HijackThis v1.99.1
Scan saved at 06:43:40, on 02/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS0\System32\smss.exe
C:\WINDOWS0\System32\winlogon.exe
C:\WINDOWS0\system32\services.exe
C:\WINDOWS0\system32\lsass.exe
C:\WINDOWS0\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS0\System32\svchost.exe
C:\WINDOWS0\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS0\Explorer.EXE
C:\WINDOWS0\system32\nvsvc32.exe
C:\WINDOWS0\System32\svchost.exe
C:\WINDOWS0\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS0\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\KeirNet\K9\K9.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS0\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS0\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Startup: RegistryRepairPro.lnk = C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h20278.www2.hp.com/HPISWeb/Customer...SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100899274630
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133823870250
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS0\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS0\system32\UAService7.exe

Please could you help.

The whole family would be very grateful.

BC AdBot (Login to Remove)

 


m

#2 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 03 March 2006 - 02:56 PM

Hello NigelHaddow.

Welcome, I would like to take a look at this Log,
and I will get back to you as soon as I can.

Thank you,
ourwilly. :thumbsup:

Edited by ourwilly, 03 March 2006 - 02:57 PM.


#3 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 06 March 2006 - 10:49 AM

Hello NigelHaddow.

Sorry to keep you waiting. :thumbsup:

Please Print this out you will need to Follow these Instructions carefully.

Step 1.

Please check for the latest Updates for Ewido.
Do not scan with it yet!

Could you Please keep your Real-Time Protection Disabled until your system is clean

You will need Disable SpywareGuard's real-time protection for this fix to work.

* Right click the Spywareguard system tray icon to open the program.
* Click on "Options" and uncheck all the three boxes before clicking Save Settings.
* Then click on Menu | File | Exit and confirm you wish to close the program.

Please also Disable the Ewido Guard

* Open Ewido and select "Deactivate Guard" under the 'Additional' menu.
* Reboot to complete the change


I would like to suggest the removal 0f Incredimail
Please read this Artical: http://www.langa.com/newsletters/2002/2002-10-10.htm#6
You may want to remove this from your system using Add/Remove
Then Navigate to this path and Delete this Bold Folder
C:\Program Files\IncrediMail



Close any windows that are open.
Open HijackThis and select "Do A System Scan Only"
and place a "checkmark" next to all these entries:


O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

and select "Fix checked".


Step 2.

Reboot your computer into Safe Mode.
  • Now open ewido and click on scanner.
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite and reboot back into normal mode.


Step 3.

Please now Use Internet Explorer and Run the online Panda ActiveScan and perform a full system scan.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your e-mail address.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
  • Click on Local Disks to start the scan.
Upon scan completion, if anything malicious is detected, click See Report, then click Save Report and save it to your Desktop.

Once you have saved the Report Please Reboot your system

Please Re-scan with HijackThis and post:The new HJT Log
The Ewido scan Result's
And The Panda Result's.
Thank you,
ourwilly.

#4 NigelHaddow

NigelHaddow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tewkesbury, England
  • Local time:01:52 AM

Posted 15 March 2006 - 04:49 AM

Thanks for picking this one up.

I was able to do Ewido Scan as follows

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 05:58:42, 03/15/2006
+ Report-Checksum: 78AE1A52

+ Scan result:

C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Mum and Dad\Cookies\mum and dad@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup


::Report End


and Hijackthis scan

Logfile of HijackThis v1.99.1
Scan saved at 06:06:37, on 03/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS0\System32\smss.exe
C:\WINDOWS0\System32\winlogon.exe
C:\WINDOWS0\system32\services.exe
C:\WINDOWS0\system32\lsass.exe
C:\WINDOWS0\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS0\System32\svchost.exe
C:\WINDOWS0\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS0\system32\nvsvc32.exe
C:\WINDOWS0\System32\svchost.exe
C:\WINDOWS0\system32\UAService7.exe
C:\WINDOWS0\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS0\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\KeirNet\K9\K9.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS0\system32\wuauclt.exe
C:\WINDOWS0\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS0\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS0\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Startup: RegistryRepairPro.lnk = C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h20278.www2.hp.com/HPISWeb/Customer...SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100899274630
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133823870250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS0\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS0\system32\UAService7.exe

BUT - I couldn't get onto the Panda Website because of the "Page cannot be displayed" error that keeps occurring.

Many thanks for your attention.


NPH

#5 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 15 March 2006 - 02:42 PM

Hello NigelHaddow.

Please Open Internet Explorer. When it is open click on Tools and then Internet Options.
Then click on the Connections tab and then press the Lan Settings button.
Do you have it set to use a proxy server?


Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Now Download WinPFind.zip from Here
- Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
Reboot your computer into Safe Mode.

Open the C:\WinPFind folder and double-click on WinPFind.exe.
- Click on the Start Scan button and wait for it to finish.
This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
When it is done, the results of the scan will be displayed and it will create a log file at C:\WinPFind\WinPFind.txt.

Reboot back into Normal Mode.

Please Copy & Paste the WinPFind.txt result's into this thread.

Thank you,
ourwilly. :thumbsup:

#6 NigelHaddow

NigelHaddow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tewkesbury, England
  • Local time:01:52 AM

Posted 16 March 2006 - 09:29 AM

Thanks for your reply.

Done the above. Here's the WinPfind Log


Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 07/07/2005 17:46:04 2351561 C:\DominateGame.exe
aspack 10/06/2004 07:31:30 4996929 C:\msbb_kyf.dat
PTech 10/06/2004 07:31:30 4996929 C:\msbb_kyf.dat

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack 03/18/2005 17:19:58 2337488 C:\WINDOWS0\SYSTEM32\d3dx9_25.dll
aspack 05/26/2005 15:34:52 2297552 C:\WINDOWS0\SYSTEM32\d3dx9_26.dll
PEC2 03/31/2003 12:00:00 41397 C:\WINDOWS0\SYSTEM32\dfrg.msc
PTech 11/04/2005 16:27:24 534280 C:\WINDOWS0\SYSTEM32\LegitCheckControl.DLL
PECompact2 03/10/2006 00:10:36 4799320 C:\WINDOWS0\SYSTEM32\MRT.exe
aspack 03/10/2006 00:10:36 4799320 C:\WINDOWS0\SYSTEM32\MRT.exe
aspack 01/05/2002 13:40:18 332288 C:\WINDOWS0\SYSTEM32\msvcp70.dll
aspack 08/04/2004 07:56:36 708096 C:\WINDOWS0\SYSTEM32\ntdll.dll
Umonitor 08/04/2004 07:56:44 657920 C:\WINDOWS0\SYSTEM32\rasdlg.dll
winsync 03/31/2003 12:00:00 1309184 C:\WINDOWS0\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 01/18/2006 09:24:50 752608 C:\WINDOWS0\SYSTEM32\drivers\avg7core.sys
FSG! 01/18/2006 09:24:50 752608 C:\WINDOWS0\SYSTEM32\drivers\avg7core.sys
PEC2 01/18/2006 09:24:50 752608 C:\WINDOWS0\SYSTEM32\drivers\avg7core.sys
aspack 01/18/2006 09:24:50 752608 C:\WINDOWS0\SYSTEM32\drivers\avg7core.sys
PTech 08/04/2004 05:41:38 1309184 C:\WINDOWS0\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS0\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
03/16/2006 09:11:42 S 2048 C:\WINDOWS0\bootstat.dat
03/16/2006 09:11:46 H 20480 C:\WINDOWS0\system32\config\default.LOG
03/16/2006 09:11:54 H 1024 C:\WINDOWS0\system32\config\SAM.LOG
03/16/2006 09:11:44 H 16384 C:\WINDOWS0\system32\config\SECURITY.LOG
03/16/2006 09:11:56 H 65536 C:\WINDOWS0\system32\config\software.LOG
03/16/2006 09:11:56 H 1093632 C:\WINDOWS0\system32\config\system.LOG
03/16/2006 02:00:34 H 1024 C:\WINDOWS0\system32\config\systemprofile\ntuser.dat.LOG
03/03/2006 02:12:34 S 558 C:\WINDOWS0\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
03/03/2006 02:12:34 S 144 C:\WINDOWS0\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
02/23/2006 00:57:52 HS 388 C:\WINDOWS0\system32\Microsoft\Protect\S-1-5-18\User\a021dfeb-2686-4f88-90ca-240e57b8d213
02/23/2006 00:57:52 HS 24 C:\WINDOWS0\system32\Microsoft\Protect\S-1-5-18\User\Preferred
03/16/2006 09:14:56 H 370 C:\WINDOWS0\Tasks\MP Scheduled Scan.job
03/16/2006 09:10:58 H 6 C:\WINDOWS0\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 08/04/2004 07:56:58 68608 C:\WINDOWS0\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 08/21/2003 02:37:38 10435072 C:\WINDOWS0\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 08/04/2004 07:56:58 549888 C:\WINDOWS0\SYSTEM32\appwiz.cpl
Microsoft Corporation 08/04/2004 07:56:58 110592 C:\WINDOWS0\SYSTEM32\bthprops.cpl
Microsoft Corporation 08/04/2004 07:56:58 135168 C:\WINDOWS0\SYSTEM32\desk.cpl
Microsoft Corporation 08/04/2004 07:56:58 80384 C:\WINDOWS0\SYSTEM32\firewall.cpl
Microsoft Corporation 08/04/2004 07:56:58 155136 C:\WINDOWS0\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 08/04/2004 07:56:58 358400 C:\WINDOWS0\SYSTEM32\inetcpl.cpl
Microsoft Corporation 08/04/2004 07:56:58 129536 C:\WINDOWS0\SYSTEM32\intl.cpl
Microsoft Corporation 08/04/2004 07:56:58 380416 C:\WINDOWS0\SYSTEM32\irprops.cpl
Microsoft Corporation 08/04/2004 07:56:58 68608 C:\WINDOWS0\SYSTEM32\joy.cpl
Sun Microsystems 12/01/2005 20:46:08 53352 C:\WINDOWS0\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 03/31/2003 12:00:00 187904 C:\WINDOWS0\SYSTEM32\main.cpl
Microsoft Corporation 08/04/2004 07:56:58 618496 C:\WINDOWS0\SYSTEM32\mmsys.cpl
Microsoft Corporation 03/31/2003 12:00:00 35840 C:\WINDOWS0\SYSTEM32\ncpa.cpl
Microsoft Corporation 08/04/2004 07:56:58 25600 C:\WINDOWS0\SYSTEM32\netsetup.cpl
Microsoft Corporation 08/04/2004 07:56:58 257024 C:\WINDOWS0\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 04/01/2005 15:16:00 73728 C:\WINDOWS0\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 08/04/2004 07:56:58 32768 C:\WINDOWS0\SYSTEM32\odbccp32.cpl
Microsoft Corporation 08/04/2004 07:56:58 114688 C:\WINDOWS0\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 09/23/2004 18:57:40 323072 C:\WINDOWS0\SYSTEM32\QuickTime.cpl
Symantec Corporation 08/13/1997 16:34:10 169472 C:\WINDOWS0\SYSTEM32\S32LuCp1.cpl
Microsoft Corporation 08/04/2004 07:56:58 298496 C:\WINDOWS0\SYSTEM32\sysdm.cpl
Microsoft Corporation 03/31/2003 12:00:00 28160 C:\WINDOWS0\SYSTEM32\telephon.cpl
Microsoft Corporation 08/04/2004 07:56:58 94208 C:\WINDOWS0\SYSTEM32\timedate.cpl
WIBU-SYSTEMS AG 12/27/2001 10:59:22 716800 C:\WINDOWS0\SYSTEM32\Wibuke32.cpl
Microsoft Corporation 08/04/2004 07:56:58 148480 C:\WINDOWS0\SYSTEM32\wscui.cpl
Microsoft Corporation 05/26/2005 03:16:30 174360 C:\WINDOWS0\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 08/04/2004 07:56:58 68608 C:\WINDOWS0\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 08/04/2004 07:56:58 549888 C:\WINDOWS0\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 08/04/2004 07:56:58 110592 C:\WINDOWS0\SYSTEM32\dllcache\bthprops.cpl
Microsoft Corporation 08/04/2004 07:56:58 135168 C:\WINDOWS0\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 08/04/2004 07:56:58 80384 C:\WINDOWS0\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 08/04/2004 07:56:58 155136 C:\WINDOWS0\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 08/04/2004 07:56:58 358400 C:\WINDOWS0\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 08/04/2004 07:56:58 129536 C:\WINDOWS0\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 08/04/2004 07:56:58 380416 C:\WINDOWS0\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 08/04/2004 07:56:58 68608 C:\WINDOWS0\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 03/31/2003 12:00:00 187904 C:\WINDOWS0\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 08/04/2004 07:56:58 618496 C:\WINDOWS0\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 03/31/2003 12:00:00 35840 C:\WINDOWS0\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 08/04/2004 07:56:58 25600 C:\WINDOWS0\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 08/04/2004 07:56:58 257024 C:\WINDOWS0\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 08/04/2004 07:56:58 32768 C:\WINDOWS0\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 08/04/2004 07:56:58 114688 C:\WINDOWS0\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 08/04/2004 07:56:58 155648 C:\WINDOWS0\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 08/04/2004 07:56:58 298496 C:\WINDOWS0\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 03/31/2003 12:00:00 28160 C:\WINDOWS0\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 08/04/2004 07:56:58 94208 C:\WINDOWS0\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 08/04/2004 07:56:58 148480 C:\WINDOWS0\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 05/26/2005 03:16:30 174360 C:\WINDOWS0\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
02/12/2006 13:24:26 1759 C:\Documents and Settings\All Users.WINDOWS0\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
11/19/2004 16:24:46 HS 84 C:\Documents and Settings\All Users.WINDOWS0\Start Menu\Programs\Startup\desktop.ini
12/01/2004 20:27:40 1727 C:\Documents and Settings\All Users.WINDOWS0\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/19/2004 16:10:58 HS 62 C:\Documents and Settings\All Users.WINDOWS0\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
11/19/2004 16:24:46 HS 84 C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Startup\desktop.ini
06/18/2005 08:57:12 1568 C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Startup\Launch K9.lnk
02/18/2006 07:31:22 1002 C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Startup\RegistryRepairPro.lnk
01/25/2006 22:13:26 650 C:\Documents and Settings\Mum and Dad\Start Menu\Programs\Startup\SpywareGuard.lnk

Checking files in %USERPROFILE%\Application Data folder...
11/19/2004 16:10:58 HS 62 C:\Documents and Settings\Mum and Dad\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Easy CD Ripper
{8331A1DE-43C5-4F79-A2AE-0E656856B193} = C:\PROGRA~1\Kongsoft\EASYCD~1\MENUHA~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{00020000-0000-1011-8004-0000C06B5161}
= C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{74CC49F7-EB32-4A08-B204-948962A6E3DB} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
NeroCheck C:\WINDOWS0\system32\\NeroCheck.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS0\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
NvMediaCenter RUNDLL32.EXE C:\WINDOWS0\system32\NvMcTray.dll,NvTaskbarInit
RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
{1290A33C-85F5-4164-A1BE-7DD299D4986A} "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
Lexmark X84-X85 Button Monitor C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
Lexmark X84-X85 Button Manager C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
PrinTray C:\WINDOWS0\System32\spool\DRIVERS\W32X86\3\printray.exe
Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Windows Registry Repair Pro C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 3


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key "DP-am
Hint company
FileName0 C:\WINDOWS0\system32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 1
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
v 1
s 1
n 1
l 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS0\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS0\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS0\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 03/16/2006 09:36:07


Good luck.

NPH

#7 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 18 March 2006 - 07:22 PM

Hello NigelHaddow.

Step 1.

I would like to recommend before going any further to install One of these free Firewalls:
This will give you more control over what can or can't access the internet.

Free Zone Alarm
Sunbelt Kerio Personal Firewall.


Step 2.

Now Open Notepad, (Start | Run, type Notepad)
Click Format from the Notepad menu and ensure "Word Wrap" is NOT selected.
Copy the content of the quote box below into Notepad.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{74CC49F7-EB32-4A08-B204-948962A6E3DB}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D}"=-



Click : File | Save As
Change the Save as type to All Files
Save it to your desktop as fix.reg


Locate Fix.reg on your desktop and double-click it.
When asked if you want to merge with the registry, click YES.
Wait for the merged successfully prompt.


Step 3.

Please open Internet Explorer.
Select : Tools | Reset Web Settings | Yes

Then Try and run either of these Online Scanner's
please allow iexplore.exe internet access

kaspersky
bitdefender

and save the scan result's, When finished reboot your system.

Please re-scan with HijackThis and post:The new HJT log
and the result's from the online scan
Thank you,
ourwilly.

#8 NigelHaddow

NigelHaddow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tewkesbury, England
  • Local time:01:52 AM

Posted 23 March 2006 - 10:19 AM

Got the Kerio downloaded and running ok

Did the fix.reg, but it didn't like the fix. Came up with an error message.

Did Kaspersky. Here's the log.


Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 179932
Number of viruses found: 6
Number of infected objects: 54
Number of suspicious objects: 2
Duration of the scan process: 04:16:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Dad and Mum\Local Settings\Application Data\Identities\{AF4B4A29-371A-4194-A46E-DC8361C6E5BE}\Microsoft\Outlook Express\Inbox.dbx/[From ruth_po <ruth_po@hotmail.com>][Date Wed, 13 Oct 2004 20:16:19 +0200 (CEST)]/UNNAMED/aug Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Dad and Mum\Local Settings\Application Data\Identities\{AF4B4A29-371A-4194-A46E-DC8361C6E5BE}\Microsoft\Outlook Express\Inbox.dbx/[From ruth_po <ruth_po@hotmail.com>][Date Wed, 13 Oct 2004 20:16:19 +0200 (CEST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Dad and Mum\Local Settings\Application Data\Identities\{AF4B4A29-371A-4194-A46E-DC8361C6E5BE}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Dad and Mum\Local Settings\Application Data\Identities\{AF4B4A29-371A-4194-A46E-DC8361C6E5BE}\Microsoft\Outlook Express\Jackie.dbx/[From haddowa2004 <haddowa2004@hotmail.com>][Date Mon, 5 Jul 2004 21:18:17 +0200 (CEST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Dad and Mum\Local Settings\Application Data\Identities\{AF4B4A29-371A-4194-A46E-DC8361C6E5BE}\Microsoft\Outlook Express\Jackie.dbx/[From haddowa2004 <haddowa2004@hotmail.com>][Date Mon, 5 Jul 2004 21:18:17 +0200 (CEST)]/UNNAMED/name.exe Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Dad and Mum\Local Settings\Application Data\Identities\{AF4B4A29-371A-4194-A46E-DC8361C6E5BE}\Microsoft\Outlook Express\Jackie.dbx/[From haddowa2004 <haddowa2004@hotmail.com>][Date Mon, 5 Jul 2004 21:18:17 +0200 (CEST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Dad and Mum\Local Settings\Application Data\Identities\{AF4B4A29-371A-4194-A46E-DC8361C6E5BE}\Microsoft\Outlook Express\Jackie.dbx/[From hartygal <hartygal@msn.com>][Date Mon, 18 Oct 2004 16:02:04 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Dad and Mum\Local Settings\Application Data\Identities\{AF4B4A29-371A-4194-A46E-DC8361C6E5BE}\Microsoft\Outlook Express\Jackie.dbx/[From hartygal <hartygal@msn.com>][Date Mon, 18 Oct 2004 16:02:04 +0100]/UNNAMED/onclick.exe Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Dad and Mum\Local Settings\Application Data\Identities\{AF4B4A29-371A-4194-A46E-DC8361C6E5BE}\Microsoft\Outlook Express\Jackie.dbx/[From hartygal <hartygal@msn.com>][Date Mon, 18 Oct 2004 16:02:04 +0100]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Dad and Mum\Local Settings\Application Data\Identities\{AF4B4A29-371A-4194-A46E-DC8361C6E5BE}\Microsoft\Outlook Express\Jackie.dbx Mail MS Outlook 5: infected - 4, suspicious - 2 skipped
C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\IM\Identities\{25B3EDAD-AFB5-41C0-9AC4-572E2AE2F522}\Message Store\ebay1.imm/[From eBay <custservice_id_3@ebay.com>][Date Wed, 31 Aug 2005 10:52:04 +0300]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\IM\Identities\{25B3EDAD-AFB5-41C0-9AC4-572E2AE2F522}\Message Store\ebay1.imm/[From eBay Inc <custservice_ref_12885336473@ebay.com>][Date Sun, 31 Jul 2005 08:27:43 +0600]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\IM\Identities\{25B3EDAD-AFB5-41C0-9AC4-572E2AE2F522}\Message Store\ebay1.imm Mail: infected - 2 skipped
C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\IM\Identities\{25B3EDAD-AFB5-41C0-9AC4-572E2AE2F522}\Message Store\Nigel.imm/[From Halifax bank <anti-fraud.ref.num96620561857803@halifax.co.uk>][Date Tue, 14 Jun 2005 12:21:04 -0300]/html Infected: Trojan-Spy.HTML.Bankfraud.hs skipped
C:\Documents and Settings\Mum and Dad\Local Settings\Application Data\IM\Identities\{25B3EDAD-AFB5-41C0-9AC4-572E2AE2F522}\Message Store\Nigel.imm Mail: infected - 1 skipped
C:\Documents and Settings\Mum and Dad\Local Settings\Temporary Internet Files\Content.IE5\Z9GC1Z7T\ysb_prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Administrator" <postmaster@nethania.co.uk>][Date Wed, 25 Aug 2004 13:57:17 +0530]/UNNAMED/message.zip/MESSAGE.SCR Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Administrator" <postmaster@nethania.co.uk>][Date Wed, 25 Aug 2004 13:57:17 +0530]/UNNAMED/message.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Administrator" <postmaster@nethania.co.uk>][Date Wed, 25 Aug 2004 13:57:17 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From 0hoz00e6vywpkh@pop1.vsnl.net][Date Tue, 24 Aug 2004 15:08:37 +0530]/UNNAMED/Text.com Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From 0hoz00e6vywpkh@pop1.vsnl.net][Date Tue, 24 Aug 2004 15:08:37 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Automatic Email Delivery Software" <postmaster@nethania.co.uk>][Date Mon, 23 Aug 2004 18:15:05 +0530]/instruction.zip/instruction.scr Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Automatic Email Delivery Software" <postmaster@nethania.co.uk>][Date Mon, 23 Aug 2004 18:15:05 +0530]/instruction.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From jagdeep@snbindia.com][Date Mon, 23 Aug 2004 13:50:02 +0530]/UNNAMED/MESSAGE.BAT Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From jagdeep@snbindia.com][Date Mon, 23 Aug 2004 13:50:02 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Returned mail" <postmaster@nethania.co.uk>][Date Sat, 11 Sep 2004 16:56:09 +0530]/UNNAMED/attachment.zip/attachment.htm .scr Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Returned mail" <postmaster@nethania.co.uk>][Date Sat, 11 Sep 2004 16:56:09 +0530]/UNNAMED/attachment.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Returned mail" <postmaster@nethania.co.uk>][Date Sat, 11 Sep 2004 16:56:09 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Administrator" <noreply@nethania.co.uk>][Date Sat, 11 Sep 2004 13:12:13 +0530]/UNNAMED/fcuesss.zip/fcuesss.zip/fcuesss.scr Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Administrator" <noreply@nethania.co.uk>][Date Sat, 11 Sep 2004 13:12:13 +0530]/UNNAMED/fcuesss.zip/fcuesss.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Administrator" <noreply@nethania.co.uk>][Date Sat, 11 Sep 2004 13:12:13 +0530]/UNNAMED/fcuesss.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Administrator" <noreply@nethania.co.uk>][Date Sat, 11 Sep 2004 13:12:13 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Returned mail" <noreply@nethania.co.uk>][Date Tue, 31 Aug 2004 13:47:41 +0530]/UNNAMED/letter.zip/letter.exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Returned mail" <noreply@nethania.co.uk>][Date Tue, 31 Aug 2004 13:47:41 +0530]/UNNAMED/letter.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Returned mail" <noreply@nethania.co.uk>][Date Tue, 31 Aug 2004 13:47:41 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Administrator <postmaster@teleline.es>][Date Mon, 30 Aug 2004 09:19:38 +0200]/message.zip/message.exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Administrator <postmaster@teleline.es>][Date Mon, 30 Aug 2004 09:19:38 +0200]/message.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From jagdeep@snbindia.com][Date Mon, 30 Aug 2004 12:38:00 +0530]/UNNAMED/attachment.scr Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From jagdeep@snbindia.com][Date Mon, 30 Aug 2004 12:38:00 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From gerstats@xtra.co.nz][Date Sat, 28 Aug 2004 15:48:55 +0530]/UNNAMED/message.zip/message.zip/message.html .exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From gerstats@xtra.co.nz][Date Sat, 28 Aug 2004 15:48:55 +0530]/UNNAMED/message.zip/message.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From gerstats@xtra.co.nz][Date Sat, 28 Aug 2004 15:48:55 +0530]/UNNAMED/message.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From gerstats@xtra.co.nz][Date Sat, 28 Aug 2004 15:48:55 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Bounced mail" <postmaster@nethania.co.uk>][Date Fri, 27 Aug 2004 18:09:50 +0530]/UNNAMED/message.zip/message.zip/message.html .exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Bounced mail" <postmaster@nethania.co.uk>][Date Fri, 27 Aug 2004 18:09:50 +0530]/UNNAMED/message.zip/message.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Bounced mail" <postmaster@nethania.co.uk>][Date Fri, 27 Aug 2004 18:09:50 +0530]/UNNAMED/message.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Bounced mail" <postmaster@nethania.co.uk>][Date Fri, 27 Aug 2004 18:09:50 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From todd@eurobank.bg][Date Fri, 27 Aug 2004 13:38:27 +0530]/UNNAMED/letter.exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From todd@eurobank.bg][Date Fri, 27 Aug 2004 13:38:27 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery Subsystem" <noreply@nethania.co.uk>][Date Thu, 26 Aug 2004 17:18:06 +0530]/UNNAMED/mail.scr Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery Subsystem" <noreply@nethania.co.uk>][Date Thu, 26 Aug 2004 17:18:06 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From 0how00fj8tc1bl@pop1.vsnl.net][Date Thu, 26 Aug 2004 12:57:15 +0530]/UNNAMED/file.zip/file.zip/FILE.SCR Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From 0how00fj8tc1bl@pop1.vsnl.net][Date Thu, 26 Aug 2004 12:57:15 +0530]/UNNAMED/file.zip/file.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From 0how00fj8tc1bl@pop1.vsnl.net][Date Thu, 26 Aug 2004 12:57:15 +0530]/UNNAMED/file.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx/[From 0how00fj8tc1bl@pop1.vsnl.net][Date Thu, 26 Aug 2004 12:57:15 +0530]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Identities\{724DB359-EA2D-485A-B085-5C25349021CD}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 39 skipped

Scan process completed.

Hijack this log too
Scan saved at 13:30:12, on 03/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS0\System32\smss.exe
C:\WINDOWS0\System32\winlogon.exe
C:\WINDOWS0\system32\services.exe
C:\WINDOWS0\system32\lsass.exe
C:\WINDOWS0\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS0\System32\svchost.exe
C:\WINDOWS0\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS0\system32\nvsvc32.exe
C:\WINDOWS0\System32\svchost.exe
C:\WINDOWS0\system32\UAService7.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS0\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS0\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\KeirNet\K9\K9.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS0\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS0\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Startup: RegistryRepairPro.lnk = C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h20278.www2.hp.com/HPISWeb/Customer...SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100899274630
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133823870250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS0\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS0\system32\UAService7.exe

Thanks

NPH


#9 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 23 March 2006 - 05:38 PM

Hello NigelHaddow.

Thank you for installing the firewall this will give you more control
on what can access the internet from now on.

Important -
You must do this on every Email User Account
Please open Outlook Express and Navigate to and Delete Anything inside each of These Folders
That you do not recoignize or any Legitimate mail you do not wish to keep

inbox
outbox
Sent Items
Drafts


Please Right Click and Delete on each e-mail you wish to purge.


Then Go to Edit | Empty 'Deleted Items' Folder
to purge everything.


Please then Run the ATF-Cleaner

and can you please let me know how your system is running now.

Thank you,
ourwilly.

#10 NigelHaddow

NigelHaddow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tewkesbury, England
  • Local time:01:52 AM

Posted 29 March 2006 - 08:57 AM

Hi

I am still having problems accessing some web pages. I have checked all firewall and access settings. I can sometimes access pages by typing in the address line but not when I link in from a google search.

It seems random too. One day I can get onto Ebay, for example, the next day it throws up the "page cannot be displayed" error.

Is there any more I can do?

regards


Nigel

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:52 AM

Posted 02 April 2006 - 07:18 PM

Hi NigelHaddow. I am helping ourwilly with your log.

I do not see any problems in any of the current logs that were posted. Since the problem is not continuous (it does work on some days) then that would lead me to believe that the issue could be with the DNS servers and the ISP. I would suggest that the next time this problem occurs contact your ISP and tell them what is happening so that they can check things on their end.

Let us know what they have to say.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users