HiJackThis - Pop Up Files, Spybot S&D, Smitfraud-C.

  • RICHMOND
  • Born
  • Born
  • RICHMOND
  • Posts: 1

Post 3+ Months Ago

Hi all - I am suffering from the above affliction, which I can't seem to shrug. I have rebooted in Safe Mode (XP PRo), run Spybot S&D, Adaware SE and SAV2008 (separately and then afterwards during one session).

Any assistance would be muchly appreciated - log file of my HiJackThis session appears below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:08 PM, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\system32\svchost.exe
c:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
F:\WINDOWS\System32\svchost.exe
c:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\MioNet\MioNetManager.exe
F:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
F:\Program Files\MioNet\jvm\bin\MioNet.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\UStorSrv.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
F:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
F:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\Program Files\Microsoft Hardware\Mouse\point32.exe
F:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
F:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe
C:\Musicmatch\mm_tray.exe
C:\Musicmatch\MMDiag.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Musicmatch\mim.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\WINDOWS\system32\carpserv.exe
F:\WINDOWS\VM_STI.EXE
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\ASUS\Asus Probe\AsusProb.exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\PROGRA~1\INCRED~1\bin\IMApp.exe
F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
F:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
C:\Program Files\Weather\weather.exe
F:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-au\bin\WindowsSearch.exe
F:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
F:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-au\bin\WindowsSearchIndexer.exe
F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
F:\WINDOWS\regedit.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\PROGRA~1\INCRED~1\bin\IncMail.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.ninemsn.com.au/0SEDEAT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} -

F:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} -

C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Microsoft

Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files\Common

Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

F:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ninemsn Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program

Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ninemsn Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program

Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-au\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program

Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VOBRegCheck] F:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "F:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "F:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [POINTER] F:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [OpwareSE4] "F:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NSWosCheck] F:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe
O4 - HKLM\..\Run: [Nokia Connection Monitor] "F:\Program Files\Common

Files\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Musicmatch\mm_tray.exe
O4 - HKLM\..\Run: [MimBoot] C:\Musicmatch\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [FlashIcon] F:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

/logon
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [BigDogPath] F:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] F:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKCU\..\Run: [BigPond Media Manager] "F:\Program Files\Media Manager\MediaManager.exe"

"F:\Documents and Settings\Tedh\Application Data\Media Manager\BigPond\Main.plc"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] c:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] F:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "F:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = F:\Program

Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

6.0\Distillr\acrotray.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact

6\Abmtsr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare

software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony

Remote\harmonyClient.exe
O4 - Global Startup: RaConfig2500.lnk = F:\Program Files\RALINK\RT2500 Wireless LAN

Card\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: ReelTime Media Manager.lnk = C:\Program Files\iWave\iWaveX.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL VPN

Client\SafeCfg.exe
O4 - Global Startup: Weather Stats (2).lnk = C:\Program Files\Weather\weather.exe
O4 - Global Startup: Windows Desktop Search.lnk = F:\Program Files\MSN Toolbar

Suite\DS\02.05.0001.1119\en-au\bin\WindowsSearch.exe
O4 - Global Startup: ymetray.lnk = F:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\Program

Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ninemsn Search - res://F:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1082\en-au\msntb.dll/search.htm
O8 - Extra context menu item: Download &All by FD - file://C:\Program

Files\FreshDevices\FreshDownload\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - file://C:\Program

Files\FreshDevices\FreshDownload\fdiectx.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - F:\Program

Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} -

F:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Microsoft

Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -

http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -

http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) -

http://www.symantec.com/techsupp/active ... rdtinf.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) -

http://sib1.od2.com/common/Member/Clien ... /setup.exe
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) -

http://www.bigpondphotos.com.au/client_ ... oader3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -

https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... 1127722108

250
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -

http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) -

https://a248.e.akamai.net/f/248/5462/2h ... zpr/xcontr

ol/SymDlBrg.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -

http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -

http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DB1B4C3B-8690-43B2-9045-91EDA7A12580} (eWebEditProLibCtl4.eWEPLoader) -

https://teamsite.lgaq.asn.au/iw/ewebedi ... itpro4.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) -

http://bigpondmusic.com/activex/multidownx.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: btrklfr - {EC563C48-7872-458B-8E26-2CF849F6C35D} - F:\WINDOWS\btrklfr.dll (file

missing)
O21 - SSODL: apdqnxp - {1504B8FA-EC1A-43E6-ADE0-5CE7EC44FA3E} - F:\WINDOWS\apdqnxp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program

Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation -

F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Common Files\Symantec

Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - c:\Program

Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - c:\Program Files\SonicWALL\SonicWALL VPN

Client\IreIKE.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\Program

Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - F:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - F:\Program

Files\MioNet\MioNetManager.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation -

F:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. -

F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation -

F:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - F:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - F:\Program Files\Common Files\Symantec

Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - F:\Program Files\Common

Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: UStorage Server Service - OTi - F:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program

Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - F:\Documents and Settings\Tedh\My Documents\My

Pictures\Family\Kern\Twelve Apostles Sunlight.jpg
O24 - Desktop Component 1: (no name) - F:\Documents and Settings\Tedh\My Documents\My

Pictures\Family\Kern\Pop at Sunset, 28-02-2003, Busselton Wharf.jpg
O24 - Desktop Component 2: (no name) - F:\Documents and Settings\Tedh\My Documents\My

Pictures\Family\Clarke\Jack\Christening - Jack 2004\PopKern.JPG
O24 - Desktop Component 3: (no name) -

http://alpha.trueaussiespirit.com/15_fl ... 768/03.jpg
O24 - Desktop Component 4: (no name) - http://www.orsm.net/fem/coolpics16/imag ... pics13.jpg

--
End of file - 20265 bytes
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

http://www.computing.net/security/wwwbo ... 21181.html

Read posts 8 and 9.

If that doesn't work look for entries that don't belong in the following registry keys.


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrenVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 62 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.