Jump to content

Simon T

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. hi Jean, I have scanned 4 of the files so far, but have to go to work so will do the rest tonight as well as GMER scan, but thought I would mention that the file: c:\windows\system32\byidsn.exe had the following results, all others were clean so far: Antivirus Version Last Update Result AhnLab-V3 2007.7.31.1 2007.08.01 - AntiVir 7.4.0.54 2007.07.31 HEUR/Malware Authentium 4.93.8 2007.07.31 - Avast 4.7.1029.0 2007.07.31 - AVG 7.5.0.476 2007.07.31 - BitDefender 7.2 2007.08.01 - CAT-QuickHeal 9.00 2007.07.31 (Suspicious) - DNAScan ClamAV 0.91 2007.08.01 - DrWeb 4.33 2007.07.31 - eSafe 7.0.15.0 2007.07.31 - eTrust-Vet 31.1.5021 2007.08.01 - Ewido 4.0 2007.07.31 - FileAdvisor 1 2007.08.01 - Fortinet 2.91.0.0 2007.08.01 - F-Prot 4.3.2.48 2007.07.31 - F-Secure 6.70.13030.0 2007.07.31 - Ikarus T3.1.1.8 2007.08.01 - Kaspersky 4.0.2.24 2007.08.01 - McAfee 5087 2007.07.31 - Microsoft 1.2704 2007.08.01 - NOD32v2 2430 2007.07.31 - Norman 5.80.02 2007.07.31 - Panda 9.0.0.4 2007.08.01 - Rising 19.34.21.00 2007.08.01 - Sophos 4.19.0 2007.08.01 - Sunbelt 2.2.907.0 2007.07.31 - Symantec 10 2007.08.01 - TheHacker 6.1.7.160 2007.08.01 - VBA32 3.12.2.2 2007.07.31 - VirusBuster 4.3.26:9 2007.07.31 - Webwasher-Gateway 6.0.1 2007.08.01 Heuristic.Malware
  2. Hi Jean, Thanks for your reply. Yes I found the file and deleted it. However it confused me as the date modified was sometime in 2004 along with a load of other files. I also noted there was a pchealth directory under c:\windows with loads of directories and files in it. We never installed pchealth so I wonder if it was already there from this Dell laptop prebuild ghost image. Anyway, the popups are still occuring now whilst I am typing this. Back to the drawing board? Regard Simon
  3. Hi Jean, Here the results of the scans. Also just an observation, everytime I go to this forum topic I get a popup to install AVSystemCare so it must be monitoring all the websites I go to. Main.txt: Deckard's System Scanner v20070729.57 Run by mummy on 2007-07-31 at 21:37:20 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 32: 2007-07-31 20:37:39 UTC - RP32 - Deckard's System Scanner Restore Point 31: 2007-07-30 20:57:10 UTC - RP31 - System Checkpoint 30: 2007-07-29 09:46:56 UTC - RP30 - System Checkpoint 29: 2007-07-27 22:28:00 UTC - RP29 - Removed SHReK the THiRD 28: 2007-07-27 05:56:03 UTC - RP28 - System Checkpoint -- First Restore Point -- 1: 2007-06-19 09:48:41 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as mummy.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:25:39, on 29/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.pandasoftware.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - https://dbrasweb-ha1.uk.db.com/llclient/dbr...java+AXXPEE.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{263AF750-26A8-487E-BC4F-749885C49852}: NameServer = 212.104.130.9,212.104.130.65 O17 - HKLM\System\CS1\Services\Tcpip\..\{263AF750-26A8-487E-BC4F-749885C49852}: NameServer = 212.104.130.9,212.104.130.65 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9839 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys S2 Nbf (NetBEUI Protocol) - c:\windows\system32\drivers\nbf.sys (file missing) S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> -- Scheduled Tasks ------------------------------------------------------------- 2007-07-27 18:30:00 350 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MIMIFIFI-mummy).job 2007-07-23 11:51:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-05-30 17:57:34 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job -- Files created between 2007-06-30 and 2007-07-31 ----------------------------- 2007-07-29 18:17:31 8576 --a------ C:\WINDOWS\system32\drivers\wintbdtrsnvt.sys <Not Verified; Panda Software International; RKPavProc Driver> 2007-07-29 17:45:40 0 d-------- C:\WINDOWS\ERUNT 2007-07-29 10:14:13 2980 --a------ C:\WINDOWS\system32\tmp.reg 2007-07-27 23:43:57 0 d-------- C:\!KillBox 2007-07-26 21:01:36 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-07-26 02:26:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2007-07-26 02:17:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2007-07-26 02:17:58 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek 2007-07-26 02:17:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel 2007-07-26 02:17:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL 2007-07-26 02:17:57 0 dr------- C:\Documents and Settings\Administrator\Favorites 2007-07-26 02:17:57 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-07-26 02:17:57 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2007-07-26 02:17:57 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-07-26 02:17:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver 2007-07-26 02:17:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-07-26 02:17:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2007-07-26 02:17:57 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-07-26 02:17:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-07-26 02:17:56 0 dr------- C:\Documents and Settings\Administrator\My Documents 2007-07-26 02:17:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-07-26 02:17:55 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-07-26 02:17:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-07-26 02:17:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-07-26 02:17:55 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2007-07-26 02:17:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-07-26 02:17:53 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-07-26 02:09:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-07-26 02:08:37 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-07-26 02:08:36 0 d-------- C:\Documents and Settings\mummy\Application Data\SUPERAntiSpyware.com 2007-07-26 02:08:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-26 02:05:10 0 d-------- C:\Downloads 2007-07-26 02:05:10 0 d-------- C:\Bases 2007-07-26 02:01:44 0 d-------- C:\Kaspersky 2007-07-26 01:47:05 0 d-------- C:\HJT 2007-07-26 01:43:11 0 d-------- C:\Program Files\RogueRemover 2007-07-23 14:47:30 0 d-------- C:\Program Files\iPod 2007-07-23 14:47:14 0 d-------- C:\Program Files\iTunes 2007-07-19 19:25:58 0 d-------- C:\WINDOWS\system32\LogFiles 2007-07-15 10:58:15 0 d-------- C:\Program Files\Activision 2007-07-15 10:47:37 0 d--hs---- C:\WINDOWS\ftpcache 2007-07-09 14:49:36 0 d-------- C:\Program Files\Common Files\Apple 2007-07-09 14:49:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple -- Find3M Report --------------------------------------------------------------- 2007-07-31 09:38:59 0 d-------- C:\Program Files\Mozilla Thunderbird 2007-07-29 19:06:11 0 d-------- C:\Program Files\Norton 360 2007-07-29 19:01:07 0 d-------- C:\Program Files\Google 2007-07-29 19:01:06 0 d-------- C:\Program Files\Digital Line Detect 2007-07-29 19:00:04 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-07-28 18:46:22 0 d-------- C:\Program Files\MSN Messenger 2007-07-26 02:08:09 0 d-------- C:\Program Files\Common Files 2007-07-23 14:37:04 0 d-------- C:\Program Files\QuickTime 2007-07-15 10:59:48 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-06-20 00:27:01 0 d-------- C:\Documents and Settings\mummy\Application Data\Symantec 2007-06-19 21:15:29 0 d-------- C:\Program Files\The Learning Company 2007-06-18 22:18:29 2102 --a------ C:\WINDOWS\system32\zfkxwg_navps.dat 2007-06-18 22:17:46 6690 --a------ C:\WINDOWS\system32\zfkxwg.dat 2007-06-18 21:52:38 0 d-------- C:\Program Files\Symantec 2007-06-17 16:04:32 0 d-------- C:\Program Files\Harry Potter Creative CD 2007-06-13 05:52:23 0 d-------- C:\Documents and Settings\mummy\Application Data\DeepBurner 2007-06-13 05:24:04 0 d-------- C:\Program Files\Astonsoft 2007-05-31 15:50:54 0 d-------- C:\Program Files\Kelloggs Art Attack 2007-05-31 09:32:09 29696 --a------ C:\WINDOWS\mickey32.dll <Not Verified; MacSourcery; Mickey DLL> 2007-05-31 09:32:09 362880 --a------ C:\WINDOWS\Bobsaver.scr <Not Verified; MacSourcery; ScreenTime for Flash> 2007-05-31 09:32:09 638428 --a------ C:\WINDOWS\Bobsaver.exe <Not Verified; Macromedia, Inc.; Shockwave Flash> 2007-05-25 12:26:00 262293 --a------ C:\WINDOWS\system32\zfkxwg_nav.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [14/10/2005 20:49] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [14/10/2005 20:46] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [14/10/2005 20:50] "SigmatelSysTrayApp"="stsystra.exe" [24/03/2006 23:30 C:\WINDOWS\stsystra.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/03/2006 18:48] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [19/12/2005 15:08] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/09/2005 05:20] "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [03/11/2005 10:12] "snp2std"="C:\WINDOWS\vsnp2std.exe" [16/08/2005 21:54] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [15/03/2007 04:10] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 18:30] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46] "byidsn"="c:\windows\system32\byidsn.exe" [28/07/2007 17:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [29/05/2007 21:55] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [01/08/2006 00:16:04] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2007-07-31 at 21:40:06 --------- Exra.txt: Deckard's System Scanner v20070729.57 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Celeron® M processor 1.60GHz Percentage of Memory in Use: 81% Physical Memory (total/avail): 503.37 MiB / 94.41 MiB Pagefile Memory (total/avail): 1228.72 MiB / 911.17 MiB Virtual Memory (total/avail): 2047.88 MiB / 1965.63 MiB C: is Fixed (NTFS) - 52.68 GiB total, 32.81 GiB free. D: is Fixed (NTFS) - 18.61 GiB total, 16.28 GiB free. E: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: Norton 360 v2007 (SYMANTEC Corporation) AV: Norton 360 v2007 (SYMANTEC Corperation) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\mummy\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MIMIFIFI ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\mummy LOGONSERVER=\\MIMIFIFI NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d08 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\mummy\LOCALS~1\Temp TMP=C:\DOCUME~1\mummy\LOCALS~1\Temp USERDOMAIN=MIMIFIFI USERNAME=mummy USERPROFILE=C:\Documents and Settings\mummy windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- mummy (admin) Ruthie Henry Mary Simon (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> Dummy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe
  4. Hi SDFix didn't find anything I don't think (i followed instructions explicitly), but Panda did and I am still getting the popups. Here's the SDFix report: SDFix: Version 1.94 Run by mummy on 29/07/2007 at 17:46 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Files with Hidden Attributes: C:\Documents and Settings\mummy\Local Settings\Temp\Juniper Networks\setup\NeoterisSetupApp.exe C:\Documents and Settings\Simon\Local Settings\Temp\Juniper Networks\setup\NeoterisSetupApp.exe C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe C:\Documents and Settings\mummy\NTUSER.DAT.COPY.TMP.LOG C:\Documents and Settings\Ruthie\NTUSER.DAT.COPY.TMP.LOG C:\Documents and Settings\Ruthie\Application Data\Microsoft\Word\~WRL0004.tmp C:\Documents and Settings\Ruthie\Application Data\Microsoft\Word\~WRL0005.tmp C:\Documents and Settings\Ruthie\My Documents\~WRL2798.tmp C:\Documents and Settings\Simon\NTUSER.DAT.COPY.TMP.LOG C:\Documents and Settings\Simon\Application Data\Microsoft\Word\~WRL2923.tmp Finished Here's the Panda report: Incident Status Location Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Mary\Cookies\mary@errorsafe[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@ad.yieldmanager[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@atdmt[1].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@clickbank[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@fastclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@mediaplex[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@statcounter[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@tribalfusion[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@zedo[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\HJT\SDFix.exe[sDFix\apps\Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\HJT\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\HJT\SmitfraudFix\restart.exe Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
  5. hi, This is the result of the SmitfraudFix scan as well as the HJT log. I don't think it found anything as I'm still getting popups as I write this: SmitFraudFix v2.207 Scan done at 10:18:22.56, 29/07/2007 Run from C:\HJT\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode
  6. Hi, Sorry for the delay I was away yesterday. I followed your advice, and uninstalled both programs and deleted virtumundobegone.exe ( i never installed/used this). After various pando and SUPERAntiSpyware scans I they are reporting no problems, except for a few cookies. But this is not true as I am still getting the popups. I think these cookies are present from the continuous avsystemcare popups were are still getting. I have uploaded some screen shots of the various popups we are getting: http://www.mimitee.com/popup1.JPG, http://www.mimitee.com/popup2.JPG, http://www.mimitee.com/popup3.JPG My last HJT log is below: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:32:23, on 28/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.pandasoftware.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - https://dbrasweb-ha1.uk.db.com/llclient/dbr...java+AXXPEE.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{263AF750-26A8-487E-BC4F-749885C49852}: NameServer = 212.104.130.9,212.104.130.65 O17 - HKLM\System\CS1\Services\Tcpip\..\{263AF750-26A8-487E-BC4F-749885C49852}: NameServer = 212.104.130.9,212.104.130.65 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10382 bytes
  7. Hi, many thanks for your help! The panda report said it found 0 viruses and 91 spyware risks, but couldn't fix them: Incident Status Location Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Henry\Cookies\henry@247realmedia[2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Henry\Cookies\henry@2o7[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Henry\Cookies\henry@adrevolver[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Henry\Cookies\henry@ads.pointroll[1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Henry\Cookies\henry@adtech[2].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Henry\Cookies\henry@adultfriendfinder[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Henry\Cookies\henry@advertising[2].txt Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Henry\Cookies\henry@adviva[2].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Henry\Cookies\henry@anm.co[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Henry\Cookies\henry@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Henry\Cookies\henry@atdmt[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Henry\Cookies\henry@azjmp[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Henry\Cookies\henry@bluestreak[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Henry\Cookies\henry@bs.serving-sys[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Henry\Cookies\henry@burstnet[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Henry\Cookies\henry@c5.zedo[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Henry\Cookies\henry@casalemedia[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Henry\Cookies\henry@cgi-bin[5].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Henry\Cookies\henry@clickbank[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Henry\Cookies\henry@com[1].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Henry\Cookies\henry@counter.hitslink[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Henry\Cookies\henry@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Henry\Cookies\henry@drivecleaner[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Henry\Cookies\henry@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Henry\Cookies\henry@fastclick[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Henry\Cookies\henry@go.winantispyware[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Henry\Cookies\henry@go[1].txt Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Henry\Cookies\henry@hotlog[2].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Henry\Cookies\henry@i.screensavers[2].txt Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Henry\Cookies\henry@ilead.itrack[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Henry\Cookies\henry@media.adrevolver[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Henry\Cookies\henry@media.fastclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Henry\Cookies\henry@mediaplex[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Henry\Cookies\henry@overture[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Henry\Cookies\henry@perf.overture[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Henry\Cookies\henry@qksrv[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Henry\Cookies\henry@questionmarket[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Henry\Cookies\henry@server.iad.liveperson[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Henry\Cookies\henry@serving-sys[1].txt Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Henry\Cookies\henry@spylog[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Henry\Cookies\henry@statcounter[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Henry\Cookies\henry@stats.drivecleaner[2].txt Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Henry\Cookies\henry@stats1.clicktracks[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Henry\Cookies\henry@stats1.reliablestats[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Henry\Cookies\henry@statse.webtrendslive[2].txt Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Henry\Cookies\henry@targetnet[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Henry\Cookies\henry@toplist[2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Henry\Cookies\henry@tradedoubler[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Henry\Cookies\henry@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Henry\Cookies\henry@tribalfusion[1].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Henry\Cookies\henry@weborama[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Henry\Cookies\henry@winantispyware[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Henry\Cookies\henry@winantivirus[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Henry\Cookies\henry@www.drivecleaner[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Henry\Cookies\henry@www.errorsafe[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Henry\Cookies\henry@www.winantivirus[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Henry\Cookies\henry@www3.addfreestats[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Henry\Cookies\henry@www5.addfreestats[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Henry\Cookies\henry@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Henry\Cookies\henry@zedo[2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mary\Cookies\mary@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mary\Cookies\mary@ad.yieldmanager[2].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Mary\Cookies\mary@adultfriendfinder[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mary\Cookies\mary@atdmt[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mary\Cookies\mary@bs.serving-sys[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mary\Cookies\mary@c5.zedo[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mary\Cookies\mary@casalemedia[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mary\Cookies\mary@doubleclick[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Mary\Cookies\mary@errorsafe[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mary\Cookies\mary@fastclick[1].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Mary\Cookies\mary@i.screensavers[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mary\Cookies\mary@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mary\Cookies\mary@questionmarket[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mary\Cookies\mary@serving-sys[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Mary\Cookies\mary@stats1.reliablestats[2].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Mary\Cookies\mary@toplist[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mary\Cookies\mary@tribalfusion[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Mary\Cookies\mary@winantivirus[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Mary\Cookies\mary@www.winantivirus[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Mary\Cookies\mary@www5.addfreestats[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mary\Cookies\mary@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mary\Cookies\mary@zedo[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@ad.yieldmanager[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@drivecleaner[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@fastclick[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@go.drivecleaner[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@mediaplex[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@stats.drivecleaner[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@stats1.reliablestats[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@tradedoubler[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\mummy\Cookies\mummy@winantivirus[1].txt Adware:Adware/NaviPromo Not disinfected C:\Program Files\InternetGameBox\InternetGameBox.exe Potentially unwanted tool:Application/InternetGameBox Not disinfected C:\Program Files\InternetGameBox\uninst.exe Adware:Adware/Comet Not disinfected C:\Program Files\Screensavers.com\SSSInst\bin\sinstaller2.exe Potentially unwanted tool:Application/Processor Not disinfected C:\sys\VirtumundoBeGone.exe Here is the HJT report run just after, with all windows closed: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:34:54, on 27/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.pandasoftware.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - https://dbrasweb-ha1.uk.db.com/llclient/dbr...java+AXXPEE.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{263AF750-26A8-487E-BC4F-749885C49852}: NameServer = 212.104.130.9,212.104.130.65 O17 - HKLM\System\CS1\Services\Tcpip\..\{263AF750-26A8-487E-BC4F-749885C49852}: NameServer = 212.104.130.9,212.104.130.65 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10420 bytes
  8. Hi, What I mean is that when I ran HJT I had a log file opened from a previous HJT scan. I have run HJT again, but do not see NOTEPAD.EXE in either the log that opens, nor in the HJK program itself. The results of my HJT scan are below. What i was also trying to explain was that at the very top of the log file it lists running proceses. But in the HJT program itself, it does not list any running processes. All it lists (with checkboxes) are Reg Keys, BHOs, and services. Do i need to change any settings to be able to see running processes in HJT gui in order to put a checkbox against something? Results of last HJT scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:24:14, on 26/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - https://dbrasweb-ha1.uk.db.com/llclient/dbr...java+AXXPEE.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{263AF750-26A8-487E-BC4F-749885C49852}: NameServer = 212.104.130.9,212.104.130.65 O17 - HKLM\System\CS1\Services\Tcpip\..\{263AF750-26A8-487E-BC4F-749885C49852}: NameServer = 212.104.130.9,212.104.130.65 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10312 bytes
  9. Hi Jean, I ran HJT again but I don't see notepad.exe in the list. Infact it doesn't list any of the running processes in the HJT GUI, it just lists them in the .log file. Anyway, i believe Notepad was running last time, but I had a hijackthis.log file opened at the time I ran HJT. Thanks Simon
  10. Hi, My wife's machine has suddenly been receiving lots of random popups for avsystemcare, drivecleaner.com and a popup javascript alert for spyware-secure that if you press the red close button cause other popups to be displayed in random succession. The only way to stop further popups is to kill iexplore.exe. I ran all the pre-post checks and scans and followed the instructions choosing to install SUPERAntiSpyware. There were no problems identified with any of the checks. I have to say that we have Norton 360 on her PC that is fully up-to-date. I also downloaded and ran RogueRemover (FREE) and that found no problems either. I don't think my wife (or my daughter) have clicked yes to install avsystemcare or other tools so I don't think they have been installed. Certainly, using symantecs definition of being infected with avsystemcare, none of the programs or registry keys it suggests will be installed are there on my machine. This has to be something else that is running that is throwing up these popups. I could really do with some advice here as Norton I need to pay then
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.