1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Awmhost.net Problem

Discussion in 'Virus & Other Malware Removal' started by EJK, Sep 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. EJK

    EJK Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    5
    Hi all

    This is my first time on TSG and was wondering whether anyone could help with a problem I am having with a site called Freecontent.Awmhost.net/out.php which keeps opening up loads of new windows. Another problem I have, which I think may be related is that my homepage keeps coming up as MyHandySearch.com/1/. Whenever I change it to Google, it reverts back when I re-boot.

    I have run HighjackThis and have appended the log file below.

    I have reviewed some of the threads that discussed similar problems to mine, but could not find the same offending files on my log.

    Can anyone help?

    Please note - I am not that technical

    Thanks

    Logfile of HijackThis v1.98.2
    Scan saved at 16:39:56, on 11/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\runddl.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\shellexp.exe
    C:\Palm\hotsync.exe
    C:\Program Files\Hewlett-Packardg55\AiO\hp officejet g series\Bin\hpoavn07.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\PROGRA~1\HEWLET~2\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\Hewlett-Packardg55\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {50970D55-6B50-4EA5-B5BB-4A3AC722DD75} - C:\WINDOWS\System32\gacgk.dll (file missing)
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\runddl.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [Alto Block All NetDetect Agent] "C:\Program Files\AltoSoftware\AltoBlockAll\netdetect.exe"
    O4 - HKLM\..\Run: [sysdll32.dll] C:\WINDOWS\system\sysdll32.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\System32\shellexp.exe en
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
    O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packardg55\AiO\hp officejet g series\Bin\hpoavn07.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094857996642
    O17 - HKLM\System\CCS\Services\Tcpip\..\{70BD4578-4F34-45AD-8EE4-727A5B49FD31}: NameServer = 194.72.9.39 194.74.65.68
    O17 - HKLM\System\CCS\Services\Tcpip\..\{80B7788B-A8C8-4607-8ED5-140332FF21C9}: NameServer = 192.168.0.1
    O19 - User stylesheet: C:\WINDOWS\winstyle.css
    O19 - User stylesheet: C:\WINDOWS\winstyle.css (HKLM)
    O21 - SSODL: System - {D7278E8D-E2B6-4837-8CAE-F96DCD5D7AF5} - C:\WINDOWS\system32\system32.dll
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,910
    Hi and welcome to TSG,

    Please download and run the following programs:

    CWSHREDDER

    http://www.majorgeeks.com/download4086.html

    Close all browser windows, open cwshredder.exe then click "Fix" and let it run.

    Then restart your computer.

    IMPORTANT! To help prevent this from happening again, you should install all the Microsoft security patches and critical updates.

    AD-AWARE

    Go here: http://www.lavasoftusa.com/support/download/
    and download Ad-Aware SE Personal

    Install the program and launch it.

    First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

    Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

    Then, deselect Search for negligible risk entries.

    To start the scan, click the Next button.

    When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

    Restart your computer.


    SPYBOT SEARCH & DESTROY

    http://majorgeeks.com/download2471.html

    Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems''. Anything that needs to be fixed it will show in red and have a green check in the box to the left. Click ''Fix Selected Problems'', Then restart your computer.

    Then, after rebooting, please post another log and we’ll see what’s left to get rid of.
     
  3. EJK

    EJK Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    5
    Thanks for the advice Cookiegal.

    I have completed all three things you asked.

    I am still getting the awmhost windows opening up and my home page has now become MSN.com.

    CWShredder found one problem and asked me to run it again after restarting as the problem was still in the memory. This I did and it then said it was clean.
    Adaware SE Personal found 12 critical objects which I removed. (I had already run Adaware before and cleared all offending items, but they have obviously come back.
    Spybot found three items (2 of which were checked and I removed).

    Please find attached latest HighJacKThis log file.

    Many thanks

    Logfile of HijackThis v1.98.2
    Scan saved at 20:36:43, on 12/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\runddl.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\shellexp.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Palm\hotsync.exe
    C:\Program Files\Hewlett-Packardg55\AiO\hp officejet g series\Bin\hpoavn07.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\PROGRA~1\HEWLET~2\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\Hewlett-Packardg55\AiO\Shared\bin\hpOSTS07.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {50970D55-6B50-4EA5-B5BB-4A3AC722DD75} - C:\WINDOWS\System32\gacgk.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\runddl.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [Alto Block All NetDetect Agent] "C:\Program Files\AltoSoftware\AltoBlockAll\netdetect.exe"
    O4 - HKLM\..\Run: [sysdll32.dll] C:\WINDOWS\system\sysdll32.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\System32\shellexp.exe en
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
    O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packardg55\AiO\hp officejet g series\Bin\hpoavn07.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094857996642
    O17 - HKLM\System\CCS\Services\Tcpip\..\{80B7788B-A8C8-4607-8ED5-140332FF21C9}: NameServer = 192.168.0.1
    O19 - User stylesheet: (file missing)
    O19 - User stylesheet: (file missing) (HKLM)
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,910
    Turn off system restore. On the desktop, right-click on My Computer, click properties, click system restore tab, check turn off system restore, click apply and then OK. Restart your computer. Once your system is clean you will turn it back on and create a new restore point.

    Rescan with Hijack This, close all browser windows except Hijack This, put a check mark beside these entries and click “fix checked”.

    O2 - BHO: (no name) - {50970D55-6B50-4EA5-B5BB-4A3AC722DD75} - C:\WINDOWS\System32\gacgk.dll (file missing)

    O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\runddl.exe internat.dll,LoadKeyboardProfile

    O4 - HKLM\..\Run: [sysdll32.dll] C:\WINDOWS\system\sysdll32.exe

    O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\System32\shellexp.exe en

    O19 - User stylesheet: (file missing)

    O19 - User stylesheet: (file missing) (HKLM)


    Then boot to safe mode (see how below), locate and delete these files and/or folders:

    C:\WINDOWS\system32\runddl.exe - file
    C:\WINDOWS\system\sysdll32.exe - file
    C:\WINDOWS\System32\shellexp.exe - file

    How to restart to safe mode:
    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

    Because XP will not always show you hidden files and folders by default, Go to Start - Search and under "More advanced search options". Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types". Now click "Apply to all folders"
    Click "Apply" then "OK"

    Do a couple of on-line virus scans at these links:

    http://housecall.trendmicro.com/ http://www.pandasoftware.com/activescan/

    Then reboot and post another log please
     
  5. EJK

    EJK Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    5
    Hi Cookiegal

    I have deleted the 1st and 3rd file you asked, but the sysdll32.exe file I have left for the moment because I did not find it in C:\windows\system\. I found 4 copies of it in a folder called C:\OLD RECYCLER\5-1-5-21............. and 3 copies of it in C:\Recycler\........... and 1 copy of it in Recycle bin. (Don't ask me how it got there).

    Should I delete all 8 versions of this file? Also, after having deleted these files, should I empty my Recycle bin?

    I'll await your instructions before I proceed with the last on-line virus scans.

    Many thanks
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,910
    Yes, empty your recycle bin and then delete any instances of that file that remain.

    Also, delete your temporary files:

    In safe mode go to the C:\Windows\Temp folder. Open the Temporary folder. Click on Edit - select all, then Edit - delete to empty the contents.

    Next navigate to the C:\Documents and Settings\Owner\Local Settings\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.

    Delete your Internet Temporary Files:

    Go to Tools - Internet Options - General tab - delete temporary Internet files – put a check beside delete off-line contents then click OK
     
  7. EJK

    EJK Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    5
    I have now completed everything you asked.

    My awmhost.net problem seems to have been fixed as I am no longer getting the windows opening. My home page also now stays as Google.

    The Panda scan found 6 infected files and fixed them.
    The HouseCall scan found 2 viruses infecting 4 files. It said it was unable to clean them.

    The first virus was TROJ DLDR.H and was infecting a file called Load.exe which was located in the following three directories: -

    C:\Windows\Downloaded Program Files\Conflict.1\
    C:\Windows\Downloaded Program Files\Conflict.2\
    C:\Windows\Downloaded Program Files\

    The second virus was TROJ MUSS.A and was infecting C:\Windows\System\sysapp.exe

    When searching for these files I could not find them. When hitting the Clean button on HouseCall it said it could not clean them because they were in use.

    It looks as though my problem has been fixed, but I am not sure what to do about the above two viruses.

    I attach the latest HighjackThis logfile.

    Many Thanks
    EJK

    Logfile of HijackThis v1.98.2
    Scan saved at 00:36:45, on 13/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Palm\hotsync.exe
    C:\Program Files\Hewlett-Packardg55\AiO\hp officejet g series\Bin\hpoavn07.exe
    C:\Program Files\Nikon\NkView5\NkvMon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\HEWLET~2\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\Hewlett-Packardg55\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [Alto Block All NetDetect Agent] "C:\Program Files\AltoSoftware\AltoBlockAll\netdetect.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
    O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packardg55\AiO\hp officejet g series\Bin\hpoavn07.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094857996642
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{70BD4578-4F34-45AD-8EE4-727A5B49FD31}: NameServer = 194.72.9.39 194.74.65.68
    O17 - HKLM\System\CCS\Services\Tcpip\..\{80B7788B-A8C8-4607-8ED5-140332FF21C9}: NameServer = 192.168.0.1
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,910
    The log looks good. Run the Trend Micro scan again and see if it still picks them up. They may have been deleted.
     
  9. EJK

    EJK Thread Starter

    Joined:
    Sep 11, 2004
    Messages:
    5
    Re-running the Trend Micro scan found nothing this time so looks like I am sorted.

    Many thanks for your help - you've been great and what a great Web site TSG is.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,910
    Great! :)

    Now you can turn system restore back on and create a new restore point:

    http://www.pchell.com/virus/systemrestore.shtml

    I also recommend downloading SPYWAREBLASTER & SPYWAREGUARD, for added protection.

    http://www.javacoolsoftware.com/spywareblaster.html

    Read here to see how to tighten your security:

    http://forums.techguy.org/t208517.html

    I’m closing this thread now as it has been solved. If you have more problems related to this thread and need it reopened, please PM a Moderator.

    ANYONE ONE ELSE WITH A SIMILAR PROBLEM PLEASE START A NEW THREAD.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/272776

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice