Google Re-direct Virus Affecting IE7 and Firefox

Posted 8/20/2007 6:58 PM
#52334
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi, <br/> <br/>I have searched all forums for some advice, but a bit hard to root out what I have when I am not entirely sure... <br/> <br/>Whenever I enter a search term in websites such as Google, upon clicking the results i.e. Opodo instead of getting what I would hope to be www.opodo.co.uk I always get re-directed to another search website called www.freshweather.com or 1001links.com. This happens everytime I wish to perform a search. <br/> <br/> <br/>This is occuring both within IE7 and Firefox. <br/> <br/>Running antivirus software and spysweeper indicates my laptop is clean... <br/> <br/>Has anyone else had experience of this, what it is called and what can be done to prevent this from happening? <br/> <br/>Many Thanks <br/>Jason
Posted 8/22/2007 12:02 PM
#52416
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
hey Jason, <br/> <br/>Let's see some logs then, you may have a virus. <br/> <br/>Regards,
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 8/22/2007 6:05 PM
#52444
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi Andrei, <br/> <br/>I tried running ComboFix, but nothing would happen. <br/> <br/>I also tried running AVG Anti-Spyware, however, about of a third of the way through I would get this error message: <br/> <br/>Something bad happened in the application. Error diagnostic file saved to 'C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.err' <br/> <br/>I already have SpySweeper installed. Would this have contributed to the error? <br/> <br/>As requested here are the logs I managed to run: <br/> <br/>********************************* ROOTCHK-(18-08-07)-LOG, by ejvindh <br/>22/08/2007 16:37:32.15 <br/> <br/>Driver npf (visible) is present. Run COMBOFIX by sUBs. <br/> <br/>********************************* ROOTCHK-LOG-end <br/> <br/> <br/>catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2007-08-22 16:37:34 <br/>Windows 5.1.2600 Service Pack 2 <br/>detected NTDLL code modification: <br/>ZwQueryDirectoryFile <br/>scanning hidden processes ... <br/> <br/>detected NTDLL code modification: <br/>ZwQueryDirectoryFile <br/>scanning hidden services & system hive ... <br/> <br/>detected NTDLL code modification: <br/>ZwQueryDirectoryFile <br/>scanning hidden registry entries ... <br/> <br/>detected NTDLL code modification: <br/>ZwQueryDirectoryFile <br/>scanning hidden files ... <br/> <br/>hidden processes: 0 <br/>hidden files: 0 <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 16:01:12, on 22/08/2007 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16512) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\csrss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\Ati2evxx.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe <br/>C:\WINDOWS\system32\Ati2evxx.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Acer\eManager\anbmServ.exe <br/>C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe <br/>C:\WINDOWS\System32\alg.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPLpr.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Program Files\Arcade\PCMService.exe <br/>C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe <br/>C:\acer\epm\epm-dm.exe <br/>C:\Program Files\Launch Manager\QtZgAcer.EXE <br/>C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe <br/>C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe <br/>C:\Program Files\VoyagerTest\fts.exe <br/>C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\acer\eRecovery\Monitor.exe <br/>C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe <br/>C:\Program Files\AOL 9.0\aoltray.exe <br/>c:\program files\common files\aol\1172188211\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe <br/>c:\program files\common files\aol\1172188211\ee\aolsoftware.exe <br/>C:\Program Files\AOL 9.0\waol.exe <br/>C:\Program Files\AOL 9.0\shellmon.exe <br/>C:\Program Files\Common Files\AOL\aoltpspd.exe <br/>C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\MSN Messenger\msnmsgr.exe <br/>C:\Program Files\MSN Messenger\usnsvc.exe <br/>C:\Program Files\Webroot\Spy Sweeper\SSU.EXE <br/>C:\PROGRA~1\WHALEC~1\CLIENT~1\31265D~1.0\WhlCach3.exe <br/>C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\AK0CN3JY\alternativ[1].exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll <br/>O4 - HKLM\..\Run: [LaunchApp] Alaunch <br/>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe <br/>O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" <br/>O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" <br/>O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" <br/>O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 <br/>O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC <br/>O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC <br/>O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName <br/>O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" <br/>O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe <br/>O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot <br/>O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE" <br/>O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe <br/>O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon <br/>O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" <br/>O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" <br/>O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" <br/>O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe" <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" <br/>O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [WhlCach3.exe] C:\PROGRA~1\WHALEC~1\CLIENT~1\31265D~1.0\WhlCach3.exe <br/>O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe <br/>O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O11 - Options group: [INTERNATIONAL] International* <br/>O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172161577478 <br/>O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab <br/>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176220961000 <br/>O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://pstaff.smartuser.co.uk/InternalSite/WhlCompMgr.cab <br/>O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///E:/tools/en/bin/npseatools.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{08FEBB96-3893-43EA-B1D8-2B1ED0506816}: NameServer = 85.255.115.91,85.255.112.6 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{27446D35-1DFF-4B3B-B462-4C206614EA40}: NameServer = 85.255.115.91,85.255.112.6 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{7CEE48E3-279D-4540-B541-7666B3F5E438}: NameServer = 85.255.115.91,85.255.112.6 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{C442D817-8F29-4EB5-B304-55F56B62632E}: NameServer = 205.188.146.145 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{D4297BF9-2A12-4F25-8EE3-EC5379B26CC7}: NameServer = 85.255.115.91,85.255.112.6 <br/>O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6 <br/>O17 - HKLM\System\CS1\Services\Tcpip\..\{08FEBB96-3893-43EA-B1D8-2B1ED0506816}: NameServer = 85.255.115.91,85.255.112.6 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6 <br/>O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL <br/>O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL <br/>O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll <br/>O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll <br/>O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll <br/>O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll <br/>O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe <br/>O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe <br/>O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe <br/>O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE <br/>O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) <br/>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) <br/>O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe <br/>O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe <br/> <br/>Thanks <br/>Jason
Posted 9/25/2007 3:33 PM
#54188
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Can someone help me please? <br/> <br/>Andrei who was helping has skiddaddled :) <br/> <br/>Thanks <br/>Jason
Posted 9/25/2007 3:44 PM
#54189
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi, <br/> <br/>I have just performed another sweep with SpwSweeper and it says a Trojan Horse has been found by the name of dnschanger. <br/> <br/>Is this what is causing my searches to go crazy? If so, how do I get rid? <br/> <br/>Thanks <br/>Jason
Posted 9/25/2007 5:41 PM
#54193
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
So strange.... <br/> <br/>Spysweeper has quarantined the trojan, AVG Anti Spyware has now run, and I am no longer getting re-directed to strange websites. <br/> <br/>Therefore, I believe this thread can now be closed! :) <br/> <br/>Thanks <br/>Jason
Posted 9/26/2007 11:25 AM
#54234
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
hello, <br/> <br/>sorry for the delay. <br/>Please post an updated log so I can check <br/> <br/>Regards,
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 9/26/2007 5:27 PM
#54253
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi Andrei, <br/> <br/>Here are my updated logs (managed to get everything to run now, although AVG did not save a log :-S): <br/> <br/>ROOTCHK: <br/> <br/>********************************* ROOTCHK-(18-08-07)-LOG, by ejvindh <br/>2007-09-26 17:52:56.21 <br/> <br/>Driver npf (visible) is present. Run COMBOFIX by sUBs. <br/> <br/>********************************* ROOTCHK-LOG-end <br/> <br/> <br/>catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2007-09-26 17:52:57 <br/>Windows 5.1.2600 Service Pack 2 <br/>scanning hidden processes ... <br/> <br/>scanning hidden services & system hive ... <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_8086&DEV_266E&SUBSYS_00661025&REV_04#3&B1BFB68&0&F2#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\ 0\Controls\ 1] <br/>"Channel 0"=dword:00002000 <br/>"Channel 1"=dword:00002000 <br/> <br/>scanning hidden registry entries ... <br/> <br/>scanning hidden files ... <br/> <br/>hidden processes: 0 <br/>hidden files: 0 <br/> <br/>COMBOFIX: <br/> <br/>ComboFix 07-08-17.2 - "Bob" 2007-09-26 17:59:39.1 - NTFSx86 <br/>Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1563 [GMT 1:00] <br/> * Created a new restore point <br/> <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/> <br/>C:\WINDOWS\system32\drivers\npf.sys <br/>C:\WINDOWS\system32\packet.dll <br/>C:\WINDOWS\system32\pthreadVC.dll <br/>C:\WINDOWS\system32\wpcap.dll <br/> <br/> <br/>((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/> <br/>-------\NPF <br/> <br/> <br/>((((((((((((((((((((((((( Files Created from 2007-08-26 to 2007-09-26 ))))))))))))))))))))))))))))))) <br/> <br/> <br/>2007-09-23 15:52 <DIR> d-------- C:\Program Files\SopCast <br/>2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys <br/>2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys <br/>2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys <br/>2007-08-26 12:52 <DIR> d-------- C:\Program Files\Alitalia TravelDesk <br/> <br/> <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/>2007-09-26 17:22 --------- d-------- C:\Program Files\Whale Communications <br/>2007-09-25 20:47 --------- d-------- C:\Program Files\Common Files\Symantec Shared <br/>2007-09-23 16:05 --------- d-------- C:\DOCUME~1\Bob\APPLIC~1\SopCast <br/>2007-09-22 10:17 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF <br/>2007-09-22 10:17 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL <br/>2007-09-22 10:17 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS <br/>2007-09-22 10:17 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT <br/>2007-09-22 10:17 --------- d-------- C:\Program Files\Symantec <br/>2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf <br/>2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf <br/>2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf <br/>2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat <br/>2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat <br/>2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat <br/>2007-09-02 13:34 --------- d-------- C:\Program Files\3GP Player <br/>2007-09-01 22:25 --------- d-------- C:\Program Files\Common Files\AOL <br/>2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll <br/>2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll <br/>2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll <br/>2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll <br/>2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe <br/>2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe <br/>2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll <br/>2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll <br/>2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll <br/>2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll <br/>2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll <br/>2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll <br/>2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll <br/>2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll <br/>2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll <br/>2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll <br/>2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll <br/>2007-07-28 09:01 --------- d-------- C:\Program Files\Launch Manager <br/>2007-07-19 22:54 1521464 --a------ C:\WINDOWS\WRSetup.dll <br/>2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll <br/>2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll <br/>2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll <br/>2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll <br/>2007-06-27 15:34 6058496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll <br/>2007-06-27 15:34 52224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll <br/>2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll <br/>2007-06-27 15:34 459264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll <br/>2007-06-27 15:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll <br/>2007-06-27 15:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll <br/>2007-06-27 15:34 383488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll <br/>2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll <br/>2007-06-27 15:34 267776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll <br/>2007-06-27 15:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll <br/>2007-06-27 15:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll <br/>2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll <br/>2007-06-27 15:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll <br/>2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll <br/>2007-06-27 15:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll <br/>2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll <br/>2007-06-27 15:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll <br/>2007-06-27 15:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll <br/>2007-06-27 09:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe <br/>2007-06-27 09:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe <br/>2007-06-27 09:27 13824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe <br/>2007-06-27 08:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll <br/>2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe <br/>2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll <br/>2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll <br/>2007-02-22 17:03 42068375 --a------ C:\Program Files\NIS06900IN.exe <br/>2001-03-28 12:02 122880 --a------ C:\WINDOWS\inf\Agfa\message.exe <br/> <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/> <br/> <br/>*Note* empty entries & legit default entries are not shown <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"LaunchApp"="Alaunch" [] <br/>"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36] <br/>"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32] <br/>"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44] <br/>"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43] <br/>"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59] <br/>"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00] <br/>"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00] <br/>"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] <br/>"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] <br/>"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 21:05] <br/>"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04] <br/>"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13] <br/>"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:20] <br/>"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01] <br/>"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 15:10] <br/>"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 12:47] <br/>"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28] <br/>"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 12:06] <br/>"HostManager"="C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe" [2006-11-17 13:21] <br/>"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59] <br/>"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 01:22] <br/>"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11:06] <br/>"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 10:58] <br/>"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] <br/>"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] <br/>"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] <br/>"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-22 23:20] <br/>"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] <br/>"AOLAspSunset"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe" [] <br/>"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24] <br/>"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] <br/>"WhlCach3.exe"="C:\PROGRA~1\WHALEC~1\CLIENT~1\31265D~1.0\WhlCach3.exe" [2006-11-07 12:39] <br/> <br/>C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ <br/>AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-02-22 23:19:18] <br/> <br/>R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS <br/>R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys <br/>R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys <br/>R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys <br/>R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys <br/>R3 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys <br/>R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys <br/>R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS <br/>S3 DMSKSSRh;DMSKSSRh;\??\C:\DOCUME~1\Bob\LOCALS~1\Temp\DMSKSSRh.sys <br/> <br/>*Newly Created Service* - COMHOST <br/> <br/>Contents of the 'Scheduled Tasks' folder <br/>2007-09-07 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Bob.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2007-09-26 18:12:53 <br/>Windows 5.1.2600 Service Pack 2 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/> <br/>Completion time: 2007-09-26 18:16:22 - machine was rebooted <br/>C:\ComboFix-quarantined-files.txt ... 2007-09-26 18:16 <br/> <br/> --- E O F --- <br/> <br/>HIJACKTHIS: <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 18:25:05, on 26/09/2007 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16512) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\Ati2evxx.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe <br/>C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe <br/>C:\WINDOWS\system32\Ati2evxx.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Acer\eManager\anbmServ.exe <br/>C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPLpr.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Program Files\Arcade\PCMService.exe <br/>C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe <br/>C:\acer\epm\epm-dm.exe <br/>C:\Program Files\Launch Manager\QtZgAcer.EXE <br/>C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe <br/>C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe <br/>C:\Program Files\VoyagerTest\fts.exe <br/>C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\acer\eRecovery\Monitor.exe <br/>C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe <br/>C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\AOL 9.0\aoltray.exe <br/>c:\program files\common files\aol\1172188211\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe <br/>c:\program files\common files\aol\1172188211\ee\aolsoftware.exe <br/>C:\Program Files\Webroot\Spy Sweeper\SSU.EXE <br/>C:\Program Files\AOL 9.0\waol.exe <br/>C:\Program Files\AOL 9.0\shellmon.exe <br/>C:\Program Files\Common Files\AOL\aoltpspd.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE <br/>C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE <br/>C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe <br/>C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe <br/>C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe <br/>C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe <br/>C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe <br/>C:\Documents and Settings\Bob\Desktop\alternativ.exe <br/>C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll <br/>O4 - HKLM\..\Run: [LaunchApp] Alaunch <br/>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe <br/>O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" <br/>O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" <br/>O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" <br/>O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 <br/>O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC <br/>O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC <br/>O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName <br/>O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" <br/>O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe <br/>O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot <br/>O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE" <br/>O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe <br/>O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon <br/>O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" <br/>O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" <br/>O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" <br/>O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe" <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" <br/>O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKLM\..\Run: [AOLAspSunset] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe" <br/>O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe <br/>O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O11 - Options group: [INTERNATIONAL] International* <br/>O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172161577478 <br/>O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab <br/>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176220961000 <br/>O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://pstaff.smartuser.co.uk/InternalSite/WhlCompMgr.cab <br/>O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///E:/tools/en/bin/npseatools.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{08FEBB96-3893-43EA-B1D8-2B1ED0506816}: NameServer = 85.255.115.91,85.255.112.6 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{27446D35-1DFF-4B3B-B462-4C206614EA40}: NameServer = 85.255.115.91,85.255.112.6 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{7CEE48E3-279D-4540-B541-7666B3F5E438}: NameServer = 85.255.115.91,85.255.112.6 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{C442D817-8F29-4EB5-B304-55F56B62632E}: NameServer = 205.188.146.145 <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{D4297BF9-2A12-4F25-8EE3-EC5379B26CC7}: NameServer = 85.255.115.91,85.255.112.6 <br/>O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6 <br/>O17 - HKLM\System\CS1\Services\Tcpip\..\{08FEBB96-3893-43EA-B1D8-2B1ED0506816}: NameServer = 85.255.115.91,85.255.112.6 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6 <br/>O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL <br/>O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL <br/>O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll <br/>O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll <br/>O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll <br/>O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll <br/>O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe <br/>O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe <br/>O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe <br/>O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe <br/>O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE <br/>O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) <br/>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) <br/>O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe <br/>O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe <br/> <br/> <br/>Hope everything is looking okay...... <br/> <br/>Thanks for your time <br/>Jason
Posted 9/27/2007 6:59 AM
#54276
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi, <br/> <br/>Not sure if this is relevant, but in the Task Manager, I have SIX incidents of an SVCHOST.EXE running (four system, two network, one local service). <br/> <br/>Is this normal? <br/> <br/>Thanks <br/>J
Posted 10/8/2007 12:32 PM
#54718
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
Please download FixWareout: <br/>http://downloads.subratam.org/Fixwareout.exe <br/> <br/>Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. <br/>When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Close it <br/> <br/>You may need to restart your computer again. <br/>Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log and tell how things are running.
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 10/11/2007 2:17 PM
#54833
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi Andrei, <br/> <br/>Here are the logs: <br/> <br/>Username "Bob" - 11/10/2007 15:02:10 [Fixwareout edited 9/01/2007] <br/> <br/>~~~~~ Prerun check <br/> <br/>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters <br/>"nameserver"="85.255.115.91 85.255.112.6" <Value cleared. <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{08FEBB96-3893-43EA-B1D8-2B1ED0506816} <br/>"nameserver"="85.255.115.91,85.255.112.6" <Value cleared. <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{27446D35-1DFF-4B3B-B462-4C206614EA40} <br/>"nameserver"="85.255.115.91,85.255.112.6" <Value cleared. <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7CEE48E3-279D-4540-B541-7666B3F5E438} <br/>"nameserver"="85.255.115.91,85.255.112.6" <Value cleared. <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D4297BF9-2A12-4F25-8EE3-EC5379B26CC7} <br/>"nameserver"="85.255.115.91,85.255.112.6" <Value cleared. <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{163C04C9-BECB-4DA8-9F06-C6B8B6830F75} <br/>"DhcpNameServer"="85.255.115.91,85.255.112.6" <Value cleared. <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7CEE48E3-279D-4540-B541-7666B3F5E438} <br/>"DhcpNameServer"="85.255.115.91,85.255.112.6" <Value cleared. <br/>HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D4297BF9-2A12-4F25-8EE3-EC5379B26CC7} <br/>"DhcpNameServer"="85.255.115.91,85.255.112.6" <Value cleared. <br/> <br/>Successfully flushed the DNS Resolver Cache. <br/> <br/> <br/>System was rebooted successfully. <br/> <br/>~~~~~ Postrun check <br/>HKLM\SOFTWARE\~\Winlogon\ "system"="" <br/>.... <br/>.... <br/>~~~~~ Misc files. <br/>.... <br/>~~~~~ Checking for older varients. <br/>.... <br/> <br/>~~~~~ Current runs (hklm hkcu "run" Keys Only) <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"LaunchApp"="Alaunch" <br/>"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" <br/>"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" <br/>"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\"" <br/>"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\"" <br/>"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\"" <br/>"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" <br/>"MSPY2002"="\"C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe\" /SYNC" <br/>"PHIME2002ASync"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC" <br/>"PHIME2002A"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName" <br/>"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" <br/>"EPM-DM"="c:\\acer\\epm\\epm-dm.exe" <br/>"ePowerManagement"="\"C:\\Acer\\ePM\\ePM.exe\" boot" <br/>"LManager"="\"C:\\Program Files\\Launch Manager\\QtZgAcer.EXE\"" <br/>"eRecoveryService"="C:\\Windows\\System32\\Check.exe" <br/>"DSLSTATEXE"="\"C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe\" icon" <br/>"DSLAGENTEXE"="\"C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe\"" <br/>"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\"" <br/>"AOLDialer"="\"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe\"" <br/>"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1172188211\\ee\\AOLSoftware.exe\"" <br/>"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" <br/>"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\"" <br/>"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe" <br/>"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" <br/>"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\"" <br/>"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\"" <br/>"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" <br/>"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" <br/>"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" <br/>"AOLAspSunset"="\"C:\\Documents and Settings\\All Users\\Application Data\\AOL\\UserProfiles\\All Users\\antiSpyware\\dat\\updates\\aspapp\\sunsetAsp.exe\"" <br/>"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray" <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" <br/>"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" <br/>"WhlCach3.exe"="C:\\PROGRA~1\\WHALEC~1\\CLIENT~1\\31265D~1.0\\WhlCach3.exe" <br/>.... <br/>Hosts file was reset, If you use a custom hosts file please replace it... <br/>~~~~~ End report ~~~~~ <br/> <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 15:14:46, on 11/10/2007 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16512) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\Ati2evxx.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe <br/>C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe <br/>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>C:\WINDOWS\system32\Ati2evxx.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Acer\eManager\anbmServ.exe <br/>C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPLpr.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Program Files\Arcade\PCMService.exe <br/>C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe <br/>C:\acer\epm\epm-dm.exe <br/>C:\Program Files\Launch Manager\QtZgAcer.EXE <br/>C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe <br/>C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe <br/>C:\Program Files\VoyagerTest\fts.exe <br/>C:\Program Files\Common Files\AOL\ACS\AOLDial.exe <br/>C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccApp.exe <br/>C:\Program Files\acer\eRecovery\Monitor.exe <br/>C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe <br/>C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe <br/>C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe <br/>C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\AOL 9.0\aoltray.exe <br/>c:\program files\common files\aol\1172188211\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe <br/>c:\program files\common files\aol\1172188211\ee\aolsoftware.exe <br/>C:\Program Files\AOL 9.0\waol.exe <br/>C:\Program Files\AOL 9.0\shellmon.exe <br/>C:\Program Files\Common Files\AOL\aoltpspd.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Documents and Settings\Bob\Desktop\alternativ.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll <br/>O4 - HKLM\..\Run: [LaunchApp] Alaunch <br/>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe <br/>O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" <br/>O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" <br/>O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" <br/>O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 <br/>O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC <br/>O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC <br/>O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName <br/>O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" <br/>O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe <br/>O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot <br/>O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE" <br/>O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe <br/>O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon <br/>O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" <br/>O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" <br/>O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" <br/>O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe" <br/>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <br/>O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" <br/>O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKLM\..\Run: [AOLAspSunset] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe" <br/>O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe <br/>O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O11 - Options group: [INTERNATIONAL] International* <br/>O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab <br/>O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172161577478 <br/>O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab <br/>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176220961000 <br/>O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://pstaff.smartuser.co.uk/InternalSite/WhlCompMgr.cab <br/>O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///E:/tools/en/bin/npseatools.cab <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{C442D817-8F29-4EB5-B304-55F56B62632E}: NameServer = 205.188.146.145 <br/>O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL <br/>O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL <br/>O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll <br/>O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll <br/>O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll <br/>O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll <br/>O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe <br/>O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe <br/>O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe <br/>O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe <br/>O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE <br/>O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) <br/>O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) <br/>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) <br/>O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe <br/>O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe <br/>O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe <br/> <br/> <br/>Everything seems to be running fine. <br/> <br/>Thanks for your time and help <br/>Jason
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 11, 2016, 2:53 PM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 0 new threads and 1 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.