IE pops a blank all the time? Estalive?

eMad · 24th November 2007

Hi
Everytime i open any window on my system and close it, the whole thing slows down and when the window finaly closes i have a new one from IE opened with a blank page?
I also keep getting this false positive Estalive on my AOL spyware protection?

Heres a copy of my highjack, can you help please. What can ido? Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:13, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1194845936\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\AOL 9.0b\waol.exe
C:\WINDOWS\System32\alg.exe
c:\program files\common files\aol\1194845936\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1194845936\ee\aolsoftware.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1194845936\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] E:\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1194849721708
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194858202803
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EC911C3-C054-41E8-AA1C-DCD57CBCC6A0}: NameServer = 205.188.146.145
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12933 bytes

Many thanks

**Geri** · 26th November 2007

Hi eMad

Quote:

I also keep getting this false positive Estalive on my AOL spyware protection

If you know it's a false/positive set your AOL spyware to ignore it.

Did you set this as a start page?
Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/uk.htm

Geri

eMad · 26th November 2007

Hi Geri

I just think its a false positive cos its all over the web saying it is and none of my other anti-spyware is picking it up! Ill try telling AOL antispyware to ignore it good point.

About my IE...no, i havent touched it since ive reintalled my OS and updated it via Microsoft updates, i use Mozila Firefox.

Any idea whats up!

Cheers
PS:Soz about doubble posting, thanks for your reply

**Geri** · 26th November 2007

Hi eMad
"Estalive"
It seems to have something to do with games.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/uk.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Reboot your computer.

See if you still get a blank page when you close your browser.

Let me know.

Geri

eMad · 26th November 2007

Quote:

Originally Posted by
Please re-open HiJackThis and [b

scan only[/b]. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/uk.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

Didnt work Geri, sorry.
Is there anything else we can try?

About Estalive, AOL calls it adware, im taking care of it next time the warning pops.

Cheers

**Geri** · 26th November 2007

Hi eMad
Sorry,

You may have had problems removing them with HJT, You need to do a couple things.

We need to turn these off for now.

Disable MS Defender until the computer is clean

Microsoft Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save
Don't forget to re-enable it, when your computer is clean.

Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:

Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step,

Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.

Don't forget to re-enable it, when your computer is clean.

Now try the HJT fix.

We need to scan this file.

Jotti File Submission:

Please go to Jotti's malware scan
Copy and paste the following file path into *the *"File to upload & scan"box on the top of the page:
- C:\WINDOWS\system32\drivers\Icon.exe
Click on the submit button
Please post the results in your next reply.

I need to get some sleep, Work tomorrow

I'll check this then.

Geri

eMad · 27th November 2007

Hi Geri

Tried your suggestions and no joy.
I disabled Defender and SB real time protections and tried the Hjk fix but there was nothing there to try it on! The boxes you told me to tick before are not there now.
Also tried submitting the path to the scan and the status came back ok, no threats found

Heres my Latest log from hjk:
Thanks for your help Geri, ill be around for about 1 hr then got a 12hr shift ahead

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:06, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1194845936\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1194845936\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1194845936\ee\aolsoftware.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\common files\aol\1194845936\ee\anotify.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1194845936\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] E:\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1194849721708
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194858202803
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EC911C3-C054-41E8-AA1C-DCD57CBCC6A0}: NameServer = 205.188.146.145
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12246 bytes

**Geri** · 28th November 2007

Hi eMad

OK it's showing here in your last HJT log.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\uk.htm

Fix that and see if you keep getting the blank page, If so...At the top of IE can you tell me what the header says, if anything.

Then lets get a log from this.

Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
Note: You must be logged onto an account with administrator privileges to complete the following.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt

Please post the “main.txt” log only for now.

Thanks
Geri

eMad · 28th November 2007

Hi Geri

R1 fix didnt work, and the window always left open says 'Blank Page-Packard Bell', hope it helps.

Done the scan you asked hers the main text:
Many Thanks

Deckard's System Scanner v20071014.68
Run by Miguel Simoes on 2007-11-28 06:33:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
58: 2007-11-28 06:34:09 UTC - RP76 - Deckard's System Scanner Restore Point
57: 2007-11-25 17:11:23 UTC - RP75 - Spyware Doctor: Cleaning Threats
56: 2007-11-24 16:46:37 UTC - RP74 - Ad-Aware Restore Point 2007-11-24 16:46:30
55: 2007-11-23 18:54:36 UTC - RP73 - Software Distribution Service 3.0
54: 2007-11-23 18:09:15 UTC - RP72 - Printer Driver Brother PC-FAX Installed

-- First Restore Point --
1: 2007-10-13 22:30:19 UTC - RP19 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Miguel Simoes.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:35:55, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1194845936\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
c:\program files\common files\aol\1194845936\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1194845936\ee\aolsoftware.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Documents and Settings\Miguel Simoes\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Miguel Simoes.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1194845936\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] E:\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1194849721708
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194858202803
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EC911C3-C054-41E8-AA1C-DCD57CBCC6A0}: NameServer = 205.188.146.145
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12131 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071126-060741-103 O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
backup-20071126-060741-185 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/uk.htm
backup-20071128-063022-248 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\uk.htm

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key
.txt - unable to read key
.txt - unable to read key

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.700>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.700>
R3 Bonifay - c:\windows\system32\drivers\bonifay.sys <Not Verified; Freecom; Bonifay>

S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.700>
S3 Gonzales - c:\windows\system32\drivers\gonzales.sys <Not Verified; Freecom; Gonzales>
S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Ralink RT2500 Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_25601814&REV_01\4&16793A72&0&08F0
Manufacturer: Ralink Technology, Inc.
Name: Ralink RT2500 Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_25601814&REV_01\4&16793A72&0&08F0
Service: RT2500

-- Scheduled Tasks -------------------------------------------------------------

2007-11-28 06:23:51 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-04-20 17:38:22 258 --a------ C:\WINDOWS\Tasks\Registration reminder 3.job
2007-04-20 17:38:22 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job
2007-04-20 17:38:22 258 --a------ C:\WINDOWS\Tasks\Registration reminder 1.job

-- Files created between 2007-10-28 and 2007-11-28 -----------------------------

2007-11-26 05:59:47 0 d-------- C:\Program Files\G-Lock Software
2007-11-26 05:59:47 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\G-Lock Software
2007-11-26 03:27:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-24 23:14:46 0 d-------- C:\Program Files\Trend Micro
2007-11-24 06:03:25 0 d-------- C:\Documents and Settings\Miguel Simoes\DoctorWeb
2007-11-23 21:08:27 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\StarOffice8
2007-11-23 21:03:10 0 d-------- C:\Documents and Settings\Miguel Simoes\.thumbnails
2007-11-20 16:45:23 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\Itsth
2007-11-20 13:53:57 73728 --a------ C:\WINDOWS\system32\Zion.dll <Not Verified; Freecom; Freecom SYNC>
2007-11-20 13:53:57 7040 --a------ C:\WINDOWS\system32\drivers\Gonzales.sys <Not Verified; Freecom; Gonzales>
2007-11-20 13:53:57 12160 --a------ C:\WINDOWS\system32\drivers\Bonifay.sys <Not Verified; Freecom; Bonifay>
2007-11-20 13:53:56 0 d-------- C:\Program Files\Freecom Personal Media Suite
2007-11-20 06:40:33 65536 --a------ C:\WINDOWS\system32\Brmfrmps.exe <Not Verified; Brother Industries, Ltd.; Brother MFL Pro>
2007-11-20 06:40:19 176128 -----n--- C:\WINDOWS\system32\Pdrvinst.dll <Not Verified; brother; installer>
2007-11-20 06:40:19 65536 -----n--- C:\WINDOWS\system32\Brwebup.exe <Not Verified; brother; brother brwebup>
2007-11-20 06:40:19 81920 -----n--- C:\WINDOWS\system32\BrWebIns.dll <Not Verified; brother; brother BrWebIns>
2007-11-20 06:40:17 0 d-------- C:\Brother
2007-11-20 06:40:15 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-11-20 06:40:14 126976 -----n--- C:\WINDOWS\system32\BrfxD04a.dll <Not Verified; Brother Industries,LTD; Brother PC-FAX DIAL Dynamic Link Library>
2007-11-20 06:40:14 0 d-------- C:\Program Files\Brother
2007-11-19 15:53:22 0 d-------- C:\Documents and Settings\Miguel Simoes\WINDOWS
2007-11-19 06:52:34 0 d-------- C:\Documents and Settings\Miguel Simoes\.gimp-2.2
2007-11-19 06:50:44 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\Nvu
2007-11-19 06:47:41 0 d-------- C:\Program Files\GIMPshop
2007-11-19 01:29:52 0 dr-h----- C:\Documents and Settings\Miguel Simoes\Recent
2007-11-18 22:38:29 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\Keepsoft
2007-11-18 18:40:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Keepsoft
2007-11-17 04:30:32 0 d-------- C:\Media
2007-11-17 04:23:00 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2007-11-17 04:13:55 0 d-------- C:\Program Files\Creative
2007-11-16 21:28:59 0 d-------- C:\Program Files\Freecom Backup Software
2007-11-16 19:10:19 0 d-------- C:\Program Files\CCleaner
2007-11-16 18:58:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 18:55:03 0 d-------- C:\Program Files\Windows Defender
2007-11-16 18:45:44 0 d-------- C:\Program Files\Lavasoft
2007-11-16 18:45:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-16 18:44:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 17:39:01 65536 --a------ C:\WINDOWS\wanmpsvc.exe <Not Verified; America Online, Inc.; America Online>
2007-11-16 17:33:35 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\AOL
2007-11-16 17:18:12 0 d-------- C:\Program Files\AOL 9.0b
2007-11-16 17:05:55 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\Help
2007-11-13 14:27:20 20480 --a------ C:\WINDOWS\system32\MpfApi.dll
2007-11-13 14:27:19 55936 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2007-11-12 18:21:10 1777 --a------ C:\WINDOWS\mozver.dat
2007-11-12 10:11:36 0 d-------- C:\Program Files\MSBuild
2007-11-12 10:08:09 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-11-12 10:07:34 0 d-------- C:\Program Files\Reference Assemblies
2007-11-12 10:06:22 0 d-------- C:\470475d58198f6e27a67f3901a90b4a2
2007-11-12 10:04:13 0 d-------- C:\Program Files\MSXML 6.0
2007-11-12 10:03:35 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-12 10:01:58 0 d-------- C:\WINDOWS\system32\LogFiles
2007-11-12 10:01:58 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-12 09:56:16 0 d-------- C:\WINDOWS\RegisteredPackages
2007-11-12 09:32:59 0 d-------- C:\WINDOWS\network diagnostic
2007-11-12 09:28:53 0 d-------- C:\Program Files\MSXML 4.0
2007-11-12 09:09:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-12 09:02:16 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\Google
2007-11-12 08:45:22 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\Talkback
2007-11-12 08:44:44 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\Mozilla
2007-11-12 08:41:19 0 d-------- C:\Program Files\Sun
2007-11-12 08:21:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-11-12 08:18:28 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-12 08:17:45 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\Real
2007-11-12 08:15:50 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-12 08:15:33 0 d-------- C:\Program Files\Spyware Doctor
2007-11-12 08:15:33 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\PC Tools
2007-11-12 08:13:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla
2007-11-12 08:12:40 0 d-------- C:\Program Files\Picasa2
2007-11-12 08:11:56 0 d-------- C:\WINDOWS\system32\runtime
2007-11-12 08:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-11-12 08:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-12 08:10:55 0 d-------- C:\Program Files\Google
2007-11-12 08:03:50 0 dr-h----- C:\$VAULT$.AVG
2007-11-12 07:06:36 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\AdobeUM
2007-11-12 07:06:14 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\Adobe
2007-11-12 07:06:06 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-12 07:01:21 0 d-------- C:\WINDOWS\system32\PreInstall
2007-11-12 06:54:44 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-12 06:33:56 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\McAfee.com Personal Firewall
2007-11-12 06:31:27 0 d-------- C:\Program Files\McAfee.com
2007-11-12 06:18:12 0 d-------- C:\Program Files\Common Files\Scanner
2007-11-12 06:15:40 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\AVG7
2007-11-12 06:15:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-12 06:15:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-12 06:15:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-12 05:58:11 0 d--hs---- C:\Documents and Settings\Miguel Simoes\UserData
2007-11-12 05:56:57 0 d-------- C:\Documents and Settings\Miguel Simoes\Application Data\Macromedia
2007-11-12 05:55:36 0 d-------- C:\Program Files\Common Files\aolback
2007-11-12 05:55:07 0 d-------- C:\Program Files\AOL Toolbar
2007-11-12 05:53:11 0 d-------- C:\Program Files\AOL 9.0a
2007-11-12 05:33:40 65 --ah----- C:\readconnections.bat
2007-11-12 05:31:17 0 d-------- C:\temp
2007-11-12 03:13:14 0 dr------- C:\Documents and Settings\Miguel Simoes\Application Data\Brother
2007-11-12 03:02:23 50 --a------ C:\WINDOWS\system32\BRIDF04A.dat
2007-11-12 03:01:58 51200 -----n--- C:\WINDOWS\system32\brinsstr.dll <Not Verified; Brother Industries,Ltd.; Brother MFL Pro>
2007-11-12 03:01:39 147456 -----n--- C:\WINDOWS\brunin03.dll <Not Verified; Brother Industries,Ltd.; Brother MFL-Pro>
2007-11-12 02:59:21 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-11-12 02:59:16 0 d-------- C:\Program Files\ScanSoft
2007-11-12 02:59:16 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-11-12 02:57:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2007-11-12 01:52:28 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-11 23:14:10 0 d-------- C:\WINDOWS\Sun
2007-11-11 21:46:25 2 --a------ C:\608211742
2007-11-11 21:13:19 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

-- Find3M Report ---------------------------------------------------------------

2007-11-24 02:06:57 0 d-------- C:\Program Files\Common Files\AOL
2007-11-20 06:40:19 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-20 06:40:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-19 06:13:53 0 d-------- C:\Program Files\Common Files
2007-11-16 17:30:16 0 d-------- C:\Program Files\AOL Companion
2007-11-16 17:19:50 0 d-------- C:\Program Files\Common Files\aolshare
2007-11-12 08:41:07 0 d-------- C:\Program Files\Java
2007-11-12 08:18:25 0 d-------- C:\Program Files\Common Files\Real
2007-11-12 07:46:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-12 05:36:11 0 d-------- C:\Program Files\AOL 9.0
2007-11-11 23:06:46 0 d-------- C:\Program Files\QuickTime

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 14:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 14:00]
"Icon"="C:\WINDOWS\system32\drivers\Icon.exe" [08/03/2004 13:23]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [26/09/2003 11:01]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [26/09/2003 11:01]
"SoundMan"="SOUNDMAN.EXE" [26/02/2004 16:53 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/07/2004 12:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [14/06/2007 18:32]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [08/10/2004 03:14]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [01/07/2004 11:58]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 14:00 C:\WINDOWS\system32\bthprops.cpl]
"HostManager"="C:\Program Files\Common Files\AOL\1194845936\ee\AOLSoftware.exe" [17/11/2006 13:21]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/11/2007 06:15]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/11/2007 08:17]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [14/10/2003 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [14/04/2004 14:46]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [14/04/2004 15:04]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [18/08/2003 18:57]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/10/2007 16:27]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [07/09/2006 17:19]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" []
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [25/05/2004 09:16]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [20/07/2004 09:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"Uniblue Registry Booster"="E:\Uniblue\Registry Booster\RegistryBooster.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/11/2007 08:10]

C:\Documents and Settings\Miguel Simoes\Start Menu\Programs\Startup\
Freecom Personal Media Suite.lnk - C:\Program Files\Freecom Personal Media Suite\FCPMS.exe [20/11/2007 13:53:56]
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [17/08/2007 22:58:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0b\aoltray.exe [16/11/2007 17:19:37]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [10/12/2004 10:28:28]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [12/11/2007 08:10:57]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [20/11/2007 06:40:41]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [03/08/2007 11:10:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxs ervice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcore service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - ATWPKT2

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7519 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-11-28 06:36:57 ------------

Thanks

**Geri** · 29th November 2007

Hi eMad
Lets see if this will get rid of your blank page.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Then Open and Close your browser.

Let me know if you still get the blank page.
I am going through your log and will let you know if I see anything bad.

Geri

eMad · 29th November 2007

Hi Geri

Ive tried it and it didnt work but you gave me an exellent idea, unistall the AOL toolbar!!!
And its all gone now, no more blank pages.

The one thing i still cant get rid of is 'Estalive, i dont have an option to just ignore it in my AOL spyware, in fact it just pops up now and then saying it blocked it, so i dont know now. Maybe the solutin is unistall AOL

, which ill be doing soon when i change my ISP.

Would you know anything about this Estalive?

Many thanks
eMad

noahdfear · 29th November 2007

Sorry for intruding, but I'd like a sample of that icon.exe file. Please upload it to my submission channel. Leave a link back to this topic.
Thanks!

C:\WINDOWS\system32\drivers\Icon.exe

**Geri** · 30th November 2007

Hi eMad
Please send that file to noahdfear, If by chance it is bad he will find out and let us know.

Quote:

unistall the AOL toolbar!!!And its all gone now, no more blank pages.

That's great! AOL

IMO

Now, from what I have read about Estalive.

First, The true infection is adware...But I see no files or registry entries in your logs that Estalive puts on a system when it infects one.

Second, It seems to be a AOL spyware problem and Spyware Doctor. Spyware Doctors protection has it listed in the data base so that it would detect it before it infects a system, AOL spyware is picking up that as the infection and sends you a warning.
You said this...
Maybe the solutin is unistall AOL , which ill be doing soon when i change my ISP.
That will stop the AOL spyware warning

So in the mean time you will have to put up with it...or see if AOL spyware is listed in your add/remove list and remove it...or change your ISP ASAP.

Lets get a on-line scan just to check things out.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thanks
Geri

eMad · 30th November 2007

Quote:

Originally Posted by noahdfear

Sorry for intruding, but I'd like a sample of that icon.exe file. Please upload it to my submission channel. Leave a link back to this topic.
Thanks!

C:\WINDOWS\system32\drivers\Icon.exe

Hi

No problem, i've visited the page where you'd like me to upload my file, i can do that. I just don't know how to link back to the forum, what do i put on the link field. I kind of have an idea but experimenting is not going to ensure the file will get to you.

Send me some guidence

eMad · 30th November 2007

Hi Geri

Heres the Panda scan result:

Incident Status Location

Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Miguel Simoes\Application Data\Mozilla\Firefox\Profiles\iyco6svh.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Miguel Simoes\Cookies\miguel_simoes@atdmt[2].txt
Hope these arent mean viruses disguised as simple cookies.

Very tired now, bed time.

Thanks

PS: Id send that file but i got a bit confused on how to link back and from the post, not used to it yet, ill be fine once ive done it once.