Help with Smitfraud-C again please
New computer, new Smitfraud-C. I have followed the instructions contained in Buckeye_Sam's report. Spy-Bot is still showing 20 items under Smitfraud-C.
I have posted my Hijack this log below for your perusal. Thank you in advance for your help and a Happy Spyware Free New Year !!! :-)
regards, Strahc
Logfile of HijackThis v1.99.1
Scan saved at 11:38:02, on 30/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\davec\LOCALS~1\Temp\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Lifestyles
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchange.uk.com/clientbinaries/texInfo.CAB
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPHI.CAB
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl3.CAB
O16 - DPF: {0FA8E95B-C23A-11D5-8F5F-0008C7E9C2C6} (Pensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/PensionsPhase2.CAB
O16 - DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} (EWGPensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPensions.CAB
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://lssrv1/ConnectComputer/nshelp.dll
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://D:\CAB\GES.CAB
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGTermAssurance.CAB
O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://D:\CAB\rimant.cab
O16 - DPF: {786F41FA-AC32-11D5-9B73-00508B6BAAB3} (exWebStopper.texexweb) - http://exweb.exchange.uk.com/download/update/exWebStopper.CAB
O16 - DPF: {7B5A1CB7-2E01-11D7-90C1-0008C7E9C2C6} (PHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/PHI.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://exweb.exchange.uk.com/clientbinaries/msxml4.CAB
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://D:\CAB\VersionInfo.cab
O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://D:\CAB\eXwebCListCtl.cab
O16 - DPF: {A45CF69C-19E0-4090-99DA-286A7C1C257B} (exWebUpdater.clsINIFile) - http://exweb.exchange.uk.com/download/update/exWebUpdater.CAB
O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://D:\CAB\pensions.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchange.uk.com/clientbinaries/eXwebUtils.CAB
O16 - DPF: {A98277A1-A141-11D5-98B9-00508B64538B} (Complist2 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl2.CAB
O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://D:\CAB\eXwebUtils.cab
O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://D:\CAB\eXwebOcc.cab
O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://D:\CAB\PHIHelpText.cab
O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://D:\CAB\PHIToolTips.cab
O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://D:\CAB\wholelife.cab
O16 - DPF: {AB5ED422-DE26-11D3-AD7A-0050044495F0} (WholeLife.desWOLBlank) - http://exweb.exchange.uk.com/clientbinaries/WholeLife.CAB
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - http://exweb.exchange.uk.com/clientbinaries/ann_GD.CAB
O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://D:\CAB\Bonds.cab
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://D:\CAB\pvcalctl.cab
O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://D:\CAB\rima9x.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://D:\CAB\GoalUpdate.CAB
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://D:\CAB\pvdate2.cab
O16 - DPF: {DB1F089D-F410-11D3-A316-006008134E84} (CombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/TermAssurance.CAB
O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://D:\CAB\TermAssurance.cab
O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://D:\CAB\TexPHIDS.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://secure.sunterra.com/europe/downloads/svideo3.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchange.uk.com/clientbinaries/printdll.CAB
O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://D:\CAB\eXwebCList.cab
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchange.uk.com/clientbinaries/eXwebOcc.CAB
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://D:\CAB\pvdt70.cab
O16 - DPF: {F952EDBD-84EF-11D5-8F0C-0008C7E9C2C6} (exchange Scripting Update) - http://exweb.exchange.uk.com/download/update/scripting_update.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lifestyles.local
O17 - HKLM\Software\..\Telephony: DomainName = Lifestyles.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Lifestyles.local
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
I have posted my Hijack this log below for your perusal. Thank you in advance for your help and a Happy Spyware Free New Year !!! :-)
regards, Strahc
Logfile of HijackThis v1.99.1
Scan saved at 11:38:02, on 30/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\davec\LOCALS~1\Temp\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Lifestyles
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchange.uk.com/clientbinaries/texInfo.CAB
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPHI.CAB
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl3.CAB
O16 - DPF: {0FA8E95B-C23A-11D5-8F5F-0008C7E9C2C6} (Pensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/PensionsPhase2.CAB
O16 - DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} (EWGPensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPensions.CAB
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://lssrv1/ConnectComputer/nshelp.dll
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://D:\CAB\GES.CAB
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGTermAssurance.CAB
O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://D:\CAB\rimant.cab
O16 - DPF: {786F41FA-AC32-11D5-9B73-00508B6BAAB3} (exWebStopper.texexweb) - http://exweb.exchange.uk.com/download/update/exWebStopper.CAB
O16 - DPF: {7B5A1CB7-2E01-11D7-90C1-0008C7E9C2C6} (PHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/PHI.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://exweb.exchange.uk.com/clientbinaries/msxml4.CAB
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://D:\CAB\VersionInfo.cab
O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://D:\CAB\eXwebCListCtl.cab
O16 - DPF: {A45CF69C-19E0-4090-99DA-286A7C1C257B} (exWebUpdater.clsINIFile) - http://exweb.exchange.uk.com/download/update/exWebUpdater.CAB
O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://D:\CAB\pensions.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchange.uk.com/clientbinaries/eXwebUtils.CAB
O16 - DPF: {A98277A1-A141-11D5-98B9-00508B64538B} (Complist2 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl2.CAB
O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://D:\CAB\eXwebUtils.cab
O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://D:\CAB\eXwebOcc.cab
O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://D:\CAB\PHIHelpText.cab
O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://D:\CAB\PHIToolTips.cab
O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://D:\CAB\wholelife.cab
O16 - DPF: {AB5ED422-DE26-11D3-AD7A-0050044495F0} (WholeLife.desWOLBlank) - http://exweb.exchange.uk.com/clientbinaries/WholeLife.CAB
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - http://exweb.exchange.uk.com/clientbinaries/ann_GD.CAB
O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://D:\CAB\Bonds.cab
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://D:\CAB\pvcalctl.cab
O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://D:\CAB\rima9x.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://D:\CAB\GoalUpdate.CAB
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://D:\CAB\pvdate2.cab
O16 - DPF: {DB1F089D-F410-11D3-A316-006008134E84} (CombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/TermAssurance.CAB
O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://D:\CAB\TermAssurance.cab
O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://D:\CAB\TexPHIDS.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://secure.sunterra.com/europe/downloads/svideo3.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchange.uk.com/clientbinaries/printdll.CAB
O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://D:\CAB\eXwebCList.cab
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchange.uk.com/clientbinaries/eXwebOcc.CAB
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://D:\CAB\pvdt70.cab
O16 - DPF: {F952EDBD-84EF-11D5-8F0C-0008C7E9C2C6} (exchange Scripting Update) - http://exweb.exchange.uk.com/download/update/scripting_update.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lifestyles.local
O17 - HKLM\Software\..\Telephony: DomainName = Lifestyles.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Lifestyles.local
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
0
Comments
Run Spybot again and see if it still picks it up.
Thank you for your reply, your link takes me to a site called DAL Computer Help, excuse me for being dim but I presume I have to register on this site before I can download the "delete domains"?? I can see no other link to any downloads from what I have seen of the site so far.
Cheers, Strahc
Strahc
First, Disconnect from the Internet!!
(Please copy these instructions to NotePad for copy/paste use, since you will be off the Internet.)
____
Next, launch Notepad, and copy/paste all the blue REGEDIT below to it
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also have to re-install IE-SpyAd if installed.
Regards, Strahc.
--- Report generated: 2006-01-02 13:19 ---
Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2934650629-2581107729-1954458331-1152\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\*!=W=4
--- Spybot - Search && Destroy version: 1.3 ---
2005-12-30 Includes\Cookies.sbi
2005-12-30 Includes\Dialer.sbi
2005-12-30 Includes\Hijackers.sbi
2005-12-30 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-12-30 Includes\Malware.sbi
2005-12-30 Includes\PUPS.sbi
2005-12-30 Includes\Revision.sbi
2005-12-30 Includes\Security.sbi
2005-12-30 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-12-30 Includes\Trojans.sbi
Logfile of HijackThis v1.99.1
Scan saved at 13:28:11, on 02/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\davec\LOCALS~1\Temp\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Lifestyles
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchange.uk.com/clientbinaries/texInfo.CAB
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPHI.CAB
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl3.CAB
O16 - DPF: {0FA8E95B-C23A-11D5-8F5F-0008C7E9C2C6} (Pensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/PensionsPhase2.CAB
O16 - DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} (EWGPensions.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGPensions.CAB
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://lssrv1/ConnectComputer/nshelp.dll
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://D:\CAB\GES.CAB
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/EWGTermAssurance.CAB
O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://D:\CAB\rimant.cab
O16 - DPF: {786F41FA-AC32-11D5-9B73-00508B6BAAB3} (exWebStopper.texexweb) - http://exweb.exchange.uk.com/download/update/exWebStopper.CAB
O16 - DPF: {7B5A1CB7-2E01-11D7-90C1-0008C7E9C2C6} (PHI.desInput) - http://exweb.exchange.uk.com/clientbinaries/PHI.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://exweb.exchange.uk.com/clientbinaries/msxml4.CAB
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://D:\CAB\VersionInfo.cab
O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://D:\CAB\eXwebCListCtl.cab
O16 - DPF: {A45CF69C-19E0-4090-99DA-286A7C1C257B} (exWebUpdater.clsINIFile) - http://exweb.exchange.uk.com/download/update/exWebUpdater.CAB
O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://D:\CAB\pensions.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchange.uk.com/clientbinaries/eXwebUtils.CAB
O16 - DPF: {A98277A1-A141-11D5-98B9-00508B64538B} (Complist2 Class) - http://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl2.CAB
O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://D:\CAB\eXwebUtils.cab
O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://D:\CAB\eXwebOcc.cab
O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://D:\CAB\PHIHelpText.cab
O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://D:\CAB\PHIToolTips.cab
O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://D:\CAB\wholelife.cab
O16 - DPF: {AB5ED422-DE26-11D3-AD7A-0050044495F0} (WholeLife.desWOLBlank) - http://exweb.exchange.uk.com/clientbinaries/WholeLife.CAB
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - http://exweb.exchange.uk.com/clientbinaries/ann_GD.CAB
O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://D:\CAB\Bonds.cab
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://D:\CAB\pvcalctl.cab
O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://D:\CAB\rima9x.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://D:\CAB\GoalUpdate.CAB
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://D:\CAB\pvdate2.cab
O16 - DPF: {DB1F089D-F410-11D3-A316-006008134E84} (CombinedTerm.desInput) - http://exweb.exchange.uk.com/clientbinaries/TermAssurance.CAB
O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://D:\CAB\TermAssurance.cab
O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://D:\CAB\TexPHIDS.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://secure.sunterra.com/europe/downloads/svideo3.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchange.uk.com/clientbinaries/printdll.CAB
O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://D:\CAB\eXwebCList.cab
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchange.uk.com/clientbinaries/eXwebOcc.CAB
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://D:\CAB\pvdt70.cab
O16 - DPF: {F952EDBD-84EF-11D5-8F0C-0008C7E9C2C6} (exchange Scripting Update) - http://exweb.exchange.uk.com/download/update/scripting_update.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lifestyles.local
O17 - HKLM\Software\..\Telephony: DomainName = Lifestyles.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Lifestyles.local
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Reboot and run spybot and see if it still finds those entries.