any ideas please?

I don't know what you mean by "hooked". Do you mean that the program hangs or stops running or crashes?

There is nothing related to malware in the log you attached. You need to work thru the READ & RUN ME and complete all steps possible. Even if you cannot run online scans, you should be able to do many other steps. Start at the beginning and do all steps in the order requested and attach all logs that you can get. The log you did attach shows that you already have several tools installed like CounterSpy for one. Can't you run it and attach a log?

When you come back also tell us exactly which steps you could not do! Again many of the steps should still be possible. Make sure you uninstall all requested items mentioned in step 0, make sure you have only ONE antivirus application installed (step 3).

 

Looks to me like you never got PCGuard uninstalled completely. The same is true for Panda Antivirus.

Let's beging by removing items from Panda!

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Panda Process Protection Service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Now repeat the above to Stop and Disable the below two Services (if you do not find them or get any errors, just continue):
  • Remote Packet Capture Protocol v.0 (experimental)
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste PavPrSrv into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now repeat the above to delete the below two Services (if you do not find them or get any errors, just continue):
  • rpcapd
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Now uninstall the below software:
J2SE Runtime Environment 5.0 Update 10
PCguard <-- if you don't find this, make sure you tell me since it is in your registry.

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


Okay now uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software


Now run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"

There is no reason to run HJT at startup so, I recommend you fix the below too:
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HijackThis\HijackThis.exe /startupscan


After clicking Fix checked, exit HJT..

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now reboot in normal mode
Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now locate the below files and delete them if found:
C:\xx2
C:\xx3
C:\xx4
C:\xx5
C:\xx6

Now run Ccleaner

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

Your logs free from malware!

This is not a malware problem. Sounds to me like you deleted your c:\windows\system32\autochk.exe file. Possibly when you were deleting things on your own. You will need to replace this file from a copy on your Windows XP SP2 CD or perhaps you have an I386 folder on your PC that has a backup of the file.

You should not be getting this anymore since we finished removing the file from startup. Let me know if you are;however, this is also not a malware problem. It is just poor software design from PCGuard. You may need to use a registry cleaning tool to remove all traces of PCGuard. Please run this: Getting Uninstall Programs List From The Registry and attach the requested log. I want to use it to find the real registry key name for PCGuard in the uninstall programs list.

Not sure what it is but it is probably just one of your applications loading.

You did not show any malware in your logs to start with and you still do not. Any problems that you are having are not malware. They are just due to the software that has been installed in the past and that had never been properly uninstalled. In addition if you have been experimenting with varities of malware detection/removal tools and deleting things on your own, you may have complicated things. At any rate, based on your logs, you do not have any malware.

 

Run Windows Explorer (right click Start and select Explorer). Look in the i386 folder for a copy of the autochk.exe file and right click on it and select copy. Then navigate to your c:\windows\system32 folder and select it. The hit CTRL-V to paste in a copy of the autochk.exe file. Make sure you check to see if the file is actually copied into the c:\windows\system32 folder.

Let's continue with this a little. However the I'm not sure we will be able to remove the right click feature that is still happening. You might have to resort to reinstalling the junk and then uninstalling it (but not while AVG or Outpost are installed). We shall see!!!

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

• Download Registry Search (see the link titled RegSearch Download Link )
• Extract the files from Regsearch.zip into a folder.
• Doubleclick regsearch.exe to start the program.
• Copy & paste the following string 83CDADBF-C060-444D-B17D-5742C425CC19 in the top area of the form and then click "Ok".
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well). Attach this file to your next reply.

NNNNNOOOO! Do not waste your money on one of those massive resource hogs! The free tools we recommend here are quite sufficient and will not bring your PCs to its knees tryin to run nothing but process related to the security suite. They are all pigs and they don't work that well anyway. Stick with AVG Free and Outpost or ZoneAlarm or other we recommend in the How to Protect yourself from malware! link!

Now attach the log from the Registry Search and a new log from ShowNew.

 

I only have one more thing to try related to this, if it does not work you will have to pursue the problem with your ISP or try the Software Forum since it is really totally unrelated to malware.

Download the attach BUreg.zip file and extract the BUreg.bat from it to your Desktop. Then double click on the BUreg.bat file. When it finishes (in a few seconds) you will have a file name C:\BUreg.txt Attach this file to your next message.

Again not malware. Just tell it to be your default. Here is an example with more info:

http://www.wellesley.edu/Computing/Netscape/Browsers/pc_ie-n7x.html#ie

 

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now reboot and attach a new log from the below procedure

Doubleclick regsearch.exe to start the program.
Copy & paste the following string 83CDADBF-C060-444D-B17D-5742C425CC19 in the top area of the form and then click "Ok".
Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well). Attach this file to your next reply.


Are you still having the same problem with PCGard?

Your IE7 issues will have to be reported in the Software Forum.

 

Run this Windows Installer CleanUp Utility to see if it finds anything else to cleanup; however, anything else on this topic belongs in the Software Forum.

You have not shown me any evidence of any malware based on your problems being reported or based on the information in the logs. Perhaps if you had ran BitDefender and PandaActive scan they may or may not have found anything.

Try using FireFox instead of IE7. Is there any improvement?

Again try FireFox and see what happens. IE7 has sometimes been problematic for many people. Perhaps you should consider working with someone in the Software Forum on uninstall IE7 and using IE6.

 

You're welcome. You need IE for more than online scans. There are many sites that will require IE and Microsoft Update is one of them. Without IE you cannot get many updates from Microsoft.