Google Re-direct Virus Affecting IE7 and Firefox

Posted 8/20/2007 6:58 PM
#52334
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi,

I have searched all forums for some advice, but a bit hard to root out what I have when I am not entirely sure...

Whenever I enter a search term in websites such as Google, upon clicking the results i.e. Opodo instead of getting what I would hope to be www.opodo.co.uk I always get re-directed to another search website called www.freshweather.com or 1001links.com. This happens everytime I wish to perform a search.


This is occuring both within IE7 and Firefox.

Running antivirus software and spysweeper indicates my laptop is clean...

Has anyone else had experience of this, what it is called and what can be done to prevent this from happening?

Many Thanks
Jason
Posted 8/22/2007 12:02 PM
#52416
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
hey Jason,

Let's see some logs then, you may have a virus.

Regards,
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 8/22/2007 6:05 PM
#52444
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi Andrei,

I tried running ComboFix, but nothing would happen.

I also tried running AVG Anti-Spyware, however, about of a third of the way through I would get this error message:

Something bad happened in the application. Error diagnostic file saved to 'C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.err'

I already have SpySweeper installed. Would this have contributed to the error?

As requested here are the logs I managed to run:

********************************* ROOTCHK-(18-08-07)-LOG, by ejvindh
22/08/2007 16:37:32.15

Driver npf (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-22 16:37:34
Windows 5.1.2600 Service Pack 2
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...

detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden services & system hive ...

detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden registry entries ...

detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden files ...

hidden processes: 0
hidden files: 0

Logfile of HijackThis v1.99.1
Scan saved at 16:01:12, on 22/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1172188211\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1172188211\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\WHALEC~1\CLIENT~1\31265D~1.0\WhlCach3.exe
C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\AK0CN3JY\alternativ[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhlCach3.exe] C:\PROGRA~1\WHALEC~1\CLIENT~1\31265D~1.0\WhlCach3.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172161577478
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176220961000
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://pstaff.smartuser.co.uk/InternalSite/WhlCompMgr.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///E:/tools/en/bin/npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08FEBB96-3893-43EA-B1D8-2B1ED0506816}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{27446D35-1DFF-4B3B-B462-4C206614EA40}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CEE48E3-279D-4540-B541-7666B3F5E438}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{C442D817-8F29-4EB5-B304-55F56B62632E}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4297BF9-2A12-4F25-8EE3-EC5379B26CC7}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{08FEBB96-3893-43EA-B1D8-2B1ED0506816}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Thanks
Jason
Posted 9/25/2007 3:33 PM
#54188
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Can someone help me please?

Andrei who was helping has skiddaddled :)

Thanks
Jason
Posted 9/25/2007 3:44 PM
#54189
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi,

I have just performed another sweep with SpwSweeper and it says a Trojan Horse has been found by the name of dnschanger.

Is this what is causing my searches to go crazy? If so, how do I get rid?

Thanks
Jason
Posted 9/25/2007 5:41 PM
#54193
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
So strange....

Spysweeper has quarantined the trojan, AVG Anti Spyware has now run, and I am no longer getting re-directed to strange websites.

Therefore, I believe this thread can now be closed! :)

Thanks
Jason
Posted 9/26/2007 11:25 AM
#54234
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
hello,

sorry for the delay.
Please post an updated log so I can check

Regards,
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 9/26/2007 5:27 PM
#54253
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi Andrei,

Here are my updated logs (managed to get everything to run now, although AVG did not save a log :-S):

ROOTCHK:

********************************* ROOTCHK-(18-08-07)-LOG, by ejvindh
2007-09-26 17:52:56.21

Driver npf (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 17:52:57
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_8086&DEV_266E&SUBSYS_00661025&REV_04#3&B1BFB68&0&F2#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\ 0\Controls\ 1]
"Channel 0"=dword:00002000
"Channel 1"=dword:00002000

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

COMBOFIX:

ComboFix 07-08-17.2 - "Bob" 2007-09-26 17:59:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1563 [GMT 1:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\NPF


((((((((((((((((((((((((( Files Created from 2007-08-26 to 2007-09-26 )))))))))))))))))))))))))))))))


2007-09-23 15:52 d-------- C:\Program Files\SopCast
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-08-26 12:52 d-------- C:\Program Files\Alitalia TravelDesk


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-26 17:22 --------- d-------- C:\Program Files\Whale Communications
2007-09-25 20:47 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-23 16:05 --------- d-------- C:\DOCUME~1\Bob\APPLIC~1\SopCast
2007-09-22 10:17 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-22 10:17 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-22 10:17 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-22 10:17 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-22 10:17 --------- d-------- C:\Program Files\Symantec
2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-02 13:34 --------- d-------- C:\Program Files\3GP Player
2007-09-01 22:25 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 09:01 --------- d-------- C:\Program Files\Launch Manager
2007-07-19 22:54 1521464 --a------ C:\WINDOWS\WRSetup.dll
2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-02-22 17:03 42068375 --a------ C:\Program Files\NIS06900IN.exe
2001-03-28 12:02 122880 --a------ C:\WINDOWS\inf\Agfa\message.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 21:05]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:20]
"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 15:10]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 12:47]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 12:06]
"HostManager"="C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe" [2006-11-17 13:21]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 01:22]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 10:58]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-22 23:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"AOLAspSunset"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"WhlCach3.exe"="C:\PROGRA~1\WHALEC~1\CLIENT~1\31265D~1.0\WhlCach3.exe" [2006-11-07 12:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-02-22 23:19:18]

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys
R3 lanusb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys
R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS
S3 DMSKSSRh;DMSKSSRh;\??\C:\DOCUME~1\Bob\LOCALS~1\Temp\DMSKSSRh.sys

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-09-07 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Bob.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 18:12:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-26 18:16:22 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-26 18:16

--- E O F ---

HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 18:25:05, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1172188211\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1172188211\ee\aolsoftware.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Bob\Desktop\alternativ.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AOLAspSunset] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172161577478
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176220961000
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://pstaff.smartuser.co.uk/InternalSite/WhlCompMgr.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///E:/tools/en/bin/npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08FEBB96-3893-43EA-B1D8-2B1ED0506816}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{27446D35-1DFF-4B3B-B462-4C206614EA40}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CEE48E3-279D-4540-B541-7666B3F5E438}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{C442D817-8F29-4EB5-B304-55F56B62632E}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4297BF9-2A12-4F25-8EE3-EC5379B26CC7}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{08FEBB96-3893-43EA-B1D8-2B1ED0506816}: NameServer = 85.255.115.91,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.91 85.255.112.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


Hope everything is looking okay......

Thanks for your time
Jason
Posted 9/27/2007 6:59 AM
#54276
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi,

Not sure if this is relevant, but in the Task Manager, I have SIX incidents of an SVCHOST.EXE running (four system, two network, one local service).

Is this normal?

Thanks
J
Posted 10/8/2007 12:32 PM
#54718
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
Please download FixWareout:
http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Close it

You may need to restart your computer again.
Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log and tell how things are running.
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 10/11/2007 2:17 PM
#54833
User avatar

Bobuk Advanced member

Date Joined Nov 2016
Total Posts: 32
Hi Andrei,

Here are the logs:

Username "Bob" - 11/10/2007 15:02:10 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.115.91 85.255.112.6" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{08FEBB96-3893-43EA-B1D8-2B1ED0506816}
"nameserver"="85.255.115.91,85.255.112.6" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{27446D35-1DFF-4B3B-B462-4C206614EA40}
"nameserver"="85.255.115.91,85.255.112.6" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7CEE48E3-279D-4540-B541-7666B3F5E438}
"nameserver"="85.255.115.91,85.255.112.6" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D4297BF9-2A12-4F25-8EE3-EC5379B26CC7}
"nameserver"="85.255.115.91,85.255.112.6" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{163C04C9-BECB-4DA8-9F06-C6B8B6830F75}
"DhcpNameServer"="85.255.115.91,85.255.112.6" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7CEE48E3-279D-4540-B541-7666B3F5E438}
"DhcpNameServer"="85.255.115.91,85.255.112.6" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D4297BF9-2A12-4F25-8EE3-EC5379B26CC7}
"DhcpNameServer"="85.255.115.91,85.255.112.6"
Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="\"C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe\" /SYNC"
"PHIME2002ASync"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC"
"PHIME2002A"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
"ePowerManagement"="\"C:\\Acer\\ePM\\ePM.exe\" boot"
"LManager"="\"C:\\Program Files\\Launch Manager\\QtZgAcer.EXE\""
"eRecoveryService"="C:\\Windows\\System32\\Check.exe"
"DSLSTATEXE"="\"C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe\" icon"
"DSLAGENTEXE"="\"C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe\""
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"AOLDialer"="\"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe\""
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1172188211\\ee\\AOLSoftware.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AOLAspSunset"="\"C:\\Documents and Settings\\All Users\\Application Data\\AOL\\UserProfiles\\All Users\\antiSpyware\\dat\\updates\\aspapp\\sunsetAsp.exe\""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WhlCach3.exe"="C:\\PROGRA~1\\WHALEC~1\\CLIENT~1\\31265D~1.0\\WhlCach3.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Logfile of HijackThis v1.99.1
Scan saved at 15:14:46, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1172188211\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1172188211\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Bob\Desktop\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1172188211\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AOLAspSunset] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172161577478
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176220961000
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://pstaff.smartuser.co.uk/InternalSite/WhlCompMgr.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///E:/tools/en/bin/npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C442D817-8F29-4EB5-B304-55F56B62632E}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


Everything seems to be running fine.

Thanks for your time and help
Jason
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, January 22, 2017, 2:46 AM (GMT +1)
There are a total of 61,163 posts in 13,449 threads.
In the last 3 days there were 0 new threads and 2 reply posts.

Who's online

This forum has 37,989 registered members. Please welcome our newest member, Weiwei.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.