Cant get rid of pop-ups and unwanted dodgy(RESOLVED)

  1. 29-12-2005  #1
    dpfoib
    dpfoib is offline Newbie

    Cant get rid of pop-ups and unwanted dodgy(RESOLVED)

    Hi,
    Could someone take a look at this Hijack This log and perhaps help with our problems with slow computer, pop-ups and dodgy icons appearing - We have spyware doctor and pc guard but the problem continues to persist - thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 16:32:40, on 29/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\blueyonder\PCguard\fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\blueyonder\PCguard\RPS.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\blueyonder\PCguard\PrtlAgt.exe
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\SDONS3WB\hijackthis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tfghoroszpsoybksa.net/xsT...zjRr0E0el.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faarvjjjnouscmdqodyb.com/...w1FEmFebI.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0B90F62C-55FA-E632-0415-AE075C1D2441} - C:\DOCUME~1\Paul\APPLIC~1\MEDIAR~1\BIAS TOOL.exe
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
    O2 - BHO: (no name) - {5053038A-C824-E26A-522C-B5E198C8BC8D} - C:\DOCUME~1\Paul\APPLIC~1\MEDIAR~1\BIAS TOOL.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LoveBlueGreyThat] C:\Documents and Settings\All Users\Application Data\theboneloveblue\dent beep.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\RPS.exe"
    O4 - HKLM\..\Run: [NewPhoneDashCity] C:\Documents and Settings\All Users\Application Data\about platform new phone\trans city.exe
    O4 - HKCU\..\Run: [DownloadMP3] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTMLownloadMP3:t
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [eq support] C:\DOCUME~1\Paul\APPLIC~1\THIRDC~1\Admin blue.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
    O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.byphotos.co.uk
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab
    O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} - https://insite.warwick.ac.uk/nps/por.../LocalExec.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader2.ocx
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  3. 29-12-2005  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Download both these uninstallers...and run them


    http://lop.com/new_uninstall.exe

    http://lop.com/toolbar_uninstall.exe


    REBOOT.


    Download Clean.bat to your desktop: for later use to clean out your TEMPORARY and PREFETCH files.
    http://www.thatcomputerguy.us/downloads/clean.bat



    You may want to print out the following directions or copy them to a text file on your desktop using notepad.
    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tfghoroszpsoybksa.net/xs...jRr0E0el.ht ml
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faarvjjjnouscmdqodyb.com..._w1FEmFebI.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

    O2 - BHO: (no name) - {0B90F62C-55FA-E632-0415-AE075C1D2441} - C:\DOCUME~1\Paul\APPLIC~1\MEDIAR~1\BIAS TOOL.exe
    O2 - BHO: (no name) - {5053038A-C824-E26A-522C-B5E198C8BC8D} - C:\DOCUME~1\Paul\APPLIC~1\MEDIAR~1\BIAS TOOL.exe

    O4 - HKLM\..\Run: [LoveBlueGreyThat] C:\Documents and Settings\All Users\APPLICation Data\theboneloveblue\dent beep.exe
    O4 - HKLM\..\Run: [NewPhoneDashCity] C:\Documents and Settings\All Users\APPLICation Data\about platform new phone\trans city.exe
    O4 - HKCU\..\Run: [eq support] C:\DOCUME~1\Paul\APPLIC~1\THIRDC~1\Admin blue.exe

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.



    HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

    SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



    Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

    Go to Start > Run and type: CLEANMGR.EXE and hit enter.
    When prompted select the C: drive and click ok.
    Check the boxes for:
    Temporary Internet Files
    Downloaded Program Files
    Recycle Bin
    Temporary Files
    Click OK or Enter

    For additional, more thorough cleaning and for multi-profile user configurations:
    (*) Run Clean.bat to clean up your TEMPorary files.


    ***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




    Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


    DELETE FILES:
    (none specified)



    DELETE FOLDERS
    C:\DOCUME~1\Paul\APPLIC~1\MEDIAR~1\
    --> Search for exact text MEDIAR* containing file BIAS TOOL.exe

    C:\Documents and Settings\All Users\APPLICation Data\theboneloveblue

    C:\Documents and Settings\All Users\APPLICation Data\about platform new phone

    C:\DOCUME~1\Paul\APPLIC~1\THIRDC~1\
    --> Search for exact text THIRDC* containing file Admin blue.exe




    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
  4. 30-12-2005  #3
    dpfoib
    dpfoib is offline Newbie
    Hi thanks for your response,
    My current security settings will not let me download the two uninstallers you recommended, what should I change to make this possible?
    Quote Originally Posted by dpfoib
    Hi,
    Could someone take a look at this Hijack This log and perhaps help with our problems with slow computer, pop-ups and dodgy icons appearing - We have spyware doctor and pc guard but the problem continues to persist - thanks!

    Logfile of HijackThis v1.99.1
    Scan saved at 16:32:40, on 29/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\blueyonder\PCguard\fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\blueyonder\PCguard\RPS.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\blueyonder\PCguard\PrtlAgt.exe
    C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\SDONS3WB\hijackthis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tfghoroszpsoybksa.net/xsT...zjRr0E0el.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faarvjjjnouscmdqodyb.com/...w1FEmFebI.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0B90F62C-55FA-E632-0415-AE075C1D2441} - C:\DOCUME~1\Paul\APPLIC~1\MEDIAR~1\BIAS TOOL.exe
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
    O2 - BHO: (no name) - {5053038A-C824-E26A-522C-B5E198C8BC8D} - C:\DOCUME~1\Paul\APPLIC~1\MEDIAR~1\BIAS TOOL.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LoveBlueGreyThat] C:\Documents and Settings\All Users\Application Data\theboneloveblue\dent beep.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\RPS.exe"
    O4 - HKLM\..\Run: [NewPhoneDashCity] C:\Documents and Settings\All Users\Application Data\about platform new phone\trans city.exe
    O4 - HKCU\..\Run: [DownloadMP3] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTMLownloadMP3:t
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [eq support] C:\DOCUME~1\Paul\APPLIC~1\THIRDC~1\Admin blue.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
    O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.byphotos.co.uk
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab
    O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} - https://insite.warwick.ac.uk/nps/por.../LocalExec.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader2.ocx
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  5. 30-12-2005  #4
    dpfoib
    dpfoib is offline Newbie
    Hi,
    Managed to get the security settings to let me onto the site, but when I press 'run' its coming up as C :\Documents and settings\Paul\local setting\Temporary Internet Files\Content IES\ SDON5340\new_uninstall [1].exe is not a valid win32 application.......?
  6. 30-12-2005  #5
    dpfoib
    dpfoib is offline Newbie
    Hi,
    Managed to download and run the second uninstaller, but having problems running the first one. Wont let me run it, saying not a valid win32...something or other???
    Quote Originally Posted by VopThis
    Download both these uninstallers...and run them


    http://lop.com/new_uninstall.exe

    http://lop.com/toolbar_uninstall.exe


    REBOOT.


    Download Clean.bat to your desktop: for later use to clean out your TEMPORARY and PREFETCH files.
    http://www.thatcomputerguy.us/downloads/clean.bat



    You may want to print out the following directions or copy them to a text file on your desktop using notepad.
    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tfghoroszpsoybksa.net/xs...jRr0E0el.ht ml
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.faarvjjjnouscmdqodyb.com..._w1FEmFebI.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

    O2 - BHO: (no name) - {0B90F62C-55FA-E632-0415-AE075C1D2441} - C:\DOCUME~1\Paul\APPLIC~1\MEDIAR~1\BIAS TOOL.exe
    O2 - BHO: (no name) - {5053038A-C824-E26A-522C-B5E198C8BC8D} - C:\DOCUME~1\Paul\APPLIC~1\MEDIAR~1\BIAS TOOL.exe

    O4 - HKLM\..\Run: [LoveBlueGreyThat] C:\Documents and Settings\All Users\APPLICation Data\theboneloveblue\dent beep.exe
    O4 - HKLM\..\Run: [NewPhoneDashCity] C:\Documents and Settings\All Users\APPLICation Data\about platform new phone\trans city.exe
    O4 - HKCU\..\Run: [eq support] C:\DOCUME~1\Paul\APPLIC~1\THIRDC~1\Admin blue.exe

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.



    HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

    SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



    Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

    Go to Start > Run and type: CLEANMGR.EXE and hit enter.
    When prompted select the C: drive and click ok.
    Check the boxes for:
    Temporary Internet Files
    Downloaded Program Files
    Recycle Bin
    Temporary Files
    Click OK or Enter

    For additional, more thorough cleaning and for multi-profile user configurations:
    (*) Run Clean.bat to clean up your TEMPorary files.


    ***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




    Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


    DELETE FILES:
    (none specified)



    DELETE FOLDERS
    C:\DOCUME~1\Paul\APPLIC~1\MEDIAR~1\
    --> Search for exact text MEDIAR* containing file BIAS TOOL.exe

    C:\Documents and Settings\All Users\APPLICation Data\theboneloveblue

    C:\Documents and Settings\All Users\APPLICation Data\about platform new phone

    C:\DOCUME~1\Paul\APPLIC~1\THIRDC~1\
    --> Search for exact text THIRDC* containing file Admin blue.exe




    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
  7. 30-12-2005  #6
    VopThis
    VopThis is offline Senior Member (Canada)
    The nature of the LOP infection has been changing over time. Accordingly, existing tools are becoming less or even totally ineffective.



    Suggest that you run the following scan and than complete everything starting at fixing HJT items that were listed for removal and then file deletions.



    Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    3. From the main ewido screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.



    Post you latest HJT log and any current observations.
  8. 30-12-2005  #7
    dpfoib
    dpfoib is offline Newbie
    Hi - thanks - doing as you suggest as right now!
    Quote Originally Posted by VopThis
    The nature of the LOP infection has been changing over time. Accordingly, existing tools are becoming less or even totally ineffective.



    Suggest that you run the following scan and than complete everything starting at fixing HJT items that were listed for removal and then file deletions.



    Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    3. From the main ewido screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.



    Post you latest HJT log and any current observations.
  9. 30-12-2005  #8
    dpfoib
    dpfoib is offline Newbie
    Hi, CLEANMGR/EXE and EWIDO here is the report;

    Created on: 19:28:00, 30/12/2005
    + Report-Checksum: 702ADF10

    0: System Process
    4: System Process
    188: C:\WINDOWS\System32\svchost.exe
    212: C:\WINDOWS\System32\wdfmgr.exe
    396: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    436: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    464: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    528: C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    708: \SystemRoot\System32\smss.exe
    788: \??\C:\WINDOWS\system32\csrss.exe
    812: \??\C:\WINDOWS\system32\winlogon.exe
    856: C:\WINDOWS\system32\services.exe
    868: C:\WINDOWS\system32\lsass.exe
    904: C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    976: C:\WINDOWS\system32\ctfmon.exe
    1020: C:\WINDOWS\system32\svchost.exe
    1076: C:\WINDOWS\system32\svchost.exe
    1124: C:\WINDOWS\Explorer.EXE
    1196: C:\Program Files\Palm\HOTSYNC.EXE
    1216: C:\WINDOWS\System32\svchost.exe
    1248: C:\WINDOWS\system32\pctspk.exe
    1260: C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    1284: C:\Program Files\SpywareGuard\sgmain.exe
    1292: C:\WINDOWS\System32\svchost.exe
    1300: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
    1380: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    1432: C:\WINDOWS\System32\svchost.exe
    1452: C:\Program Files\blueyonder IST\bin\mpbtn.exe
    1552: C:\Program Files\iTunes\iTunesHelper.exe
    1568: C:\Program Files\QuickTime\qttask.exe
    1608: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    1620: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    1700: C:\WINDOWS\system32\spoolsv.exe
    1800: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    1816: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    1828: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    1896: C:\Program Files\ewido anti-malware\ewidoctrl.exe
    1952: C:\Program Files\Spyware Doctor\swdoctor.exe
    1972: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    2220: C:\Program Files\Internet Explorer\IEXPLORE.EXE
    2232: C:\Program Files\SpywareGuard\sgbhp.exe
    2552: C:\Program Files\iPod\bin\iPodService.exe
    2708: C:\WINDOWS\System32\alg.exe
    3348: C:\WINDOWS\system32\wuauclt.exe
    3512: C:\Program Files\ewido anti-malware\SecuritySuite.exe
    Here is the Hijack This log;

    Logfile of HijackThis v1.99.1
    Scan saved at 19:30:40, on 30/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\Paul\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
    O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
    O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.byphotos.co.uk
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab
    O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} - https://insite.warwick.ac.uk/nps/por.../LocalExec.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135887195484
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader2.ocx
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    THANKS
  10. 30-12-2005  #9
    VopThis
    VopThis is offline Senior Member (Canada)
    HJT log looks clean.


    I am very surprised that it went this well this soon. Good work on your part.



    Let us know if there are any other further apparent issues.
  11. 31-12-2005  #10
    dpfoib
    dpfoib is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    Quote Originally Posted by VopThis
    HJT log looks clean.


    I am very surprised that it went this well this soon. Good work on your part.



    Let us know if there are any other further apparent issues.
    Hi,
    So far, so good! Many many thanks for all of your help - very much appreciated.
    Regards Donna
+ Reply to Thread
« pop ups | lost color »