0

G'day everyone,
This is my first post here and could really use some help.
I've picked up some virus or something.
I've got an icon in the system tray that keeps popping up saying that I have data miners, data trasfers, credit hijacking, virus, all sorts of stuff (even when I'm offline) and has taken over my desktop wallpaper which all points to one website: www.<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>adware</a>punisher.com
I've also lost my google and ebay toolbar and I picked some other crap one somewhere.
I've run AVG, Xoftspy, <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor ... all sorts of stuff, but nothing's getting rid of it.
So I searched the net for <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>adware</a>punisher virus and found this site where someone's had a similar problem (www.daniweb.com/techtalkforums/thread38430.html) that someone was very kind to help out.
Well I'm in the same boat. So I've downloaded everything crunchie said on that other post, but it looks to be slightly different.
So here's my Hijackthis file:


Logfile of HijackThis v1.99.1
<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>scan</a> saved at 3:06:52 PM, on 29/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Telstra\Cable Login\bpcService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows & Internet Cleaner\WICleaner.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\shell386.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broadproductions.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broadproductions.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [BigPond] "I:\5100.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\RunServices: [Windows Automatical Updater] dcz.exe
O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner] C:\Program Files\Windows & Internet Cleaner\WICleaner.exe /ErIEIndex
O4 - HKCU\..\Run: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [Windows & Internet Cleaner] C:\Program Files\Windows & Internet Cleaner\WICleaner.exe /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor] "C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner] C:\Program Files\Windows & Internet Cleaner\WICleaner.exe /ErIEIndex
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134122074280
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\sdhelp.exe


Any help would be very appreciated. This thing is driving me crazy!
Thanks in advance.
Cheers,
Jeremy

2
Contributors
6
Replies
7
Views
11 Years
Discussion Span
Last Post by XE-351
0

Download smitRem.exe and save the file to your desktop.
If you cannot access that link, here are alternate links:
smitRem.exe
smitRem.exe
Double click on the file to extract it to its own folder on the desktop.


If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1) Run Ad-Aware, and click Check for updates now.
2) Select Configurations (click the Gear wheel at the top) as follows:

  • General Button > Safety & Settings: Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Don't run it yet! Exit Ad-aware.


Next, please reboot your computer in SafeMode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named PC Tools <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor (SDhelper) and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".


Uninstall this Software from Add/Remove Programs in Control Panel:-
spyware Doctor (if found)


Run HijackThis, and press "Scan". When the scan is complete place a check mark next to the following entries:-

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: winapi32.MyBHO - {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} - C:\WINDOWS\system32\winapi32.dll
O4 - HKLM\..\RunServices: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor] "C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\swdoctor.exe" /Q
O9 - Extra button: <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O23 - Service: PC Tools <a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor\sdhelp.exe

After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked". Close Hijackthis.

Delete this file:-
C:\WINDOWS\system32\shell386.exe

Delete this folder:-
C:\Program Files\<a href='http://www.adwarepunisher.com/?aff=108&saff=15'>spyware</a> Doctor


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:

  • Then select "Settings"
  • Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
  • Select "OK" and you will return to scanning options.
  • Click on Complete System Scan and the scan will begin.
    This scan can take quite a while to run, so please be patient .
  • While the scan is in progress, you will be prompted to clean the first infected file it finds.
  • Choose Clean.
  • Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again. The best place to save it would probably be your Desktop.

Close Ewido


Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.


Reboot back into Windows. Go to Panda ActiveScan website --> HERE
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Post Reply.
Let us know if any problems persist.

** It could be possible, after reboot that the system is using the windows classic theme again.
To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK

0

Thanks for reply. It's looking better already.
I couldn't find a few of the thing listed in the HJT list you gave.
Here's a fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:05 AM, on 31/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex


e
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows & Internet


Cleaner\WICleaner.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Telstra\Cable Login\bpcService.exe
C:\Program Files\TechTracker\VersionTracker


Pro\VersionTrackerPro.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\HiJackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet


Explorer\Main,Start Page =


http://www.broadproductions.com.au
R0 - HKLM\Software\Microsoft\Internet


Explorer\Main,Start Page =


http://www.broadproductions.com.au
O2 - BHO: AcroIEHlprObj Class -


{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program


Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper -


{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program


Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -


{601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program


Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class -


{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program


Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -


{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program


files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigPond] "I:\5100.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE


C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC]


C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FinePrint Dispatcher v4]


C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2]


C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex


e
O4 - HKLM\..\Run: [NeroFilterCheck]


C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program


Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program


Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32


cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE


C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program


Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Samsung LBP SM]


"C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program


Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner]


C:\Program Files\Windows & Internet


Cleaner\WICleaner.exe /ErIEIndex
O4 - HKCU\..\Run: [Windows & Internet Cleaner]


C:\Program Files\Windows & Internet


Cleaner\WICleaner.exe /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN


Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program


Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner]


C:\Program Files\Windows & Internet


Cleaner\WICleaner.exe /ErIEIndex
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program


Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =


C:\Program Files\Common Files\Adobe\Calibration\Adobe


Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =


C:\Program Files\Adobe\Acrobat


7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program


Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O8 - Extra context menu item: &eBay Search -


res://C:\Program Files\eBay\eBay


Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search -


res://C:\Program


Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word


- res://C:\Program


Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -


res://C:\Program


Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page


- res://C:\Program


Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla -


file://C:\Program


Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft


Excel -


res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -


res://C:\Program


Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into


English - res://C:\Program


Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -


{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program


Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -


{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program


Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -


{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -


C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) -


{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -


C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite...


- {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -


C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger -


{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program


Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -


{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program


Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}


(WUWebControl Class) -


http://update.microsoft.com/windowsupdate/v6/V5Control


s/en/x86/client/wuweb_site.cab?1134122074280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}


(ActiveScan Installer Class) -


http://acs.pandasoftware.com/activescan/as5free/asinst


.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}


(MsnMessengerSetupDownloadControl Class) -


http://messenger.msn.com/download/MsnMessengerSetupDow


nloader.cab
O18 - Protocol: msnim -


{828030A1-22C1-4009-854F-8E305202313F} -


"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner -


C:\Program Files\Common Files\Adobe Systems


Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -


GRISOFT, s.r.o. -


C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -


GRISOFT, s.r.o. -


C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login


(bpcService) - Unknown owner - C:\Program


Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido


networks - C:\Program Files\ewido


anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service -


Macromedia - C:\Program Files\Common Files\Macromedia


Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -


NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Here's the Pandascan report:



Incident                                                                        Status                        Location


Adware:Adware/CWS.Searchmeup                                                    Not disinfected               C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-639646eb.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup                                                    Not disinfected               C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-639646eb.zip[Installer.class]
Adware:Adware/CWS.Searchmeup                                                    Not disinfected               C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-4fef695d.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup                                                    Not disinfected               C:\Documents and Settings\Jeremy Broad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-4fef695d.zip[Installer.class]
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Jeremy Broad\Desktop\smitRem\smitRem\Process.exe
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Jeremy Broad\Desktop\smitRem.exe[Process.exe]
Adware:adware/razespyware                                                       Not disinfected               C:\WINDOWS\adw.htm
Virus:Trj/Downloader.HKM                                                        Disinfected                   C:\WINDOWS\loadadv728.exe
Adware:adware/azesearch                                                         Not disinfected               C:\WINDOWS\system32\azebar.xml
Adware:adware/cashdeluxe                                                        Not disinfected               C:\WINDOWS\system32\mswinf32.dll
Adware:adware/cws.searchmeup                                                    Not disinfected               C:\WINDOWS\uniq
Possible Virus.                                                                 Not disinfected               D:\Downloads\Blaze Media Pro 2002c or any other build Time Limit Crack up.zip[BPM-.exe]
Possible Virus.                                                                 Not disinfected               D:\Downloads\Blaze_Media_Pro_2002g_Updated.zip[Loader.exe]
Possible Virus.                                                                 Not disinfected               D:\Downloads\Blaze_Media_Pro_2002_H-G-X.zip[Loader.exe]Here's the ewidos report:


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           11:59:32 PM, 30/01/2006
+ Report-Checksum:      5F255959


+ Scan result:


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\intxt.exe -> Adware.CashDeluxe : Cleaned with backup
C:\WINDOWS\system32\mswinb32.dll -> Adware.CashDeluxe : Cleaned with backup
C:\WINDOWS\system32\mswinb32.exe -> Adware.CashDeluxe : Cleaned with backup



::Report End


Here's the the smitfiles report:



smitRem © log file
version 2.8


by noahdfear



Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 30/01/2006
The current time is: 22:50:59.90


Running from
C:\Documents and Settings\Jeremy Broad\Desktop\smitRem\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key


ShudderLTD key not present!


checking for PSGuard.com key


PSGuard.com key not present!



checking for WinHound.com key


WinHound.com key not present!


spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present


Existing Pre-run Files



~~~ Program Files ~~~


~~~ Shortcuts ~~~


~~~ Favorites ~~~


~~~ system32 folder ~~~


~~~ Icons in System32 ~~~


~~~ Windows directory ~~~


~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 792 'explorer.exe'
Killing PID 792 'explorer.exe'


Starting registry repairs


Registry repairs complete


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


SharedTask Export after registry fix


REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Deleting files



Remaining Post-run Files



~~~ Program Files ~~~


~~~ Shortcuts ~~~


~~~ Favorites ~~~


~~~ system32 folder ~~~


~~~ Icons in System32 ~~~


~~~ Windows directory ~~~


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :)

Just one thing I wanted to ask. Can I reinstall Spyware Doctor? I actually just paid for that one on the recommendation of a few cluey computer guys. Quite a few people have told me to get rid of adaware saying that it is half the problem most times. It seems like each different spyware program seems to find different stuff and half the time it seems to related to another spyware program.

Thanks again, anyway. You rock!!
Let me know if there's anything I can do for you.

Edited by happygeek: fixed formatting

0

Hi,
Spyware Doctor is a good AntiSpyware software. But, i said to uninstall it because, the Spyware Doctor installation folder was looking suspecious as it had Adware Punisher link in it!

You can install it again, but remember to download from official site:-
http://www.pctools.com/spyware-doctor/


By the way, there are some files to be removed.


Download CWShredder. Do not run it now!


Boot in Safe Mode.


Delete these files:-
C:\WINDOWS\adw.htm
C:\WINDOWS\loadadv728.exe
C:\WINDOWS\system32\azebar.xml
C:\WINDOWS\system32\mswinf32.dll
C:\WINDOWS\uniq
D:\Downloads\Blaze Media Pro 2002c or any other build Time Limit Crack up.zip
D:\Downloads\Blaze_Media_Pro_2002g_Updated.zip
D:\Downloads\Blaze_Media_Pro_2002_H-G-X.zip


Next, go to Control Panel. Double click on Java or Java Plug In icon. This opens up the Java VM applet.
Click "Cache" tab, and click "Clear" button.
If you can not find the "Cache" tab, then click "General" tab, and click "Delete Files" button inside the "Temporary Internet Files" option box. Then click "OK" to delete the applets, applications and other cache files. Exit from Control Panel.


Run CWShredder and click "Fix" and allow it to complete the process.


After this, reboot the PC to normal mode and please post a new HijackThis log.

0

Thanks again.
I've done all that - but I couldn't find C:\WINDOWS\loadadv728.exe

Here's the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:12:58 AM, on 31/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Telstra\Cable Login\bpcService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex

e
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Windows & Internet

Cleaner\WICleaner.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\TechTracker\VersionTracker

Pro\VersionTrackerPro.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.broadproductions.com.au
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.broadproductions.com.au
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper -

{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program

Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -

{601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program

Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigPond] "I:\5100.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FinePrint Dispatcher v4]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.ex

e
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program

Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32

cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program

Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Samsung LBP SM]

"C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program

Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner]

C:\Program Files\Windows & Internet

Cleaner\WICleaner.exe /ErIEIndex
O4 - HKCU\..\Run: [Windows & Internet Cleaner]

C:\Program Files\Windows & Internet

Cleaner\WICleaner.exe /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program

Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner]

C:\Program Files\Windows & Internet

Cleaner\WICleaner.exe /ErIEIndex
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program

Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =

C:\Program Files\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =

C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O8 - Extra context menu item: &eBay Search -

res://C:\Program Files\eBay\eBay

Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search -

res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word

- res://C:\Program

Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -

res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page

- res://C:\Program

Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla -

file://C:\Program

Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft

Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -

res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into

English - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite...

- {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Control

s/en/x86/client/wuweb_site.cab?1134122074280
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst

.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDow

nloader.cab
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner -

C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login

(bpcService) - Unknown owner - C:\Program

Files\Telstra\Cable Login\bpcService.exe
O23 - Service: ewido security suite control - ewido

networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service -

Macromedia - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -

NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks so much for this!!
I'm telling everyone about this site.
Cheers,
Jeremy

0

Hi,
Log looks clean :) Is your PC running fine? Do you still get the icon which gives spyware alerts, in SystemTray?

0

Hi,
Log looks clean :) Is your PC running fine? Do you still get the icon which gives spyware alerts, in SystemTray?

Thanks very much, swatkat. All good.
I can't thankyou enough!!
Cheers,
Jeremy

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.