1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Warning! Potential Spyware Operation popup

Discussion in 'Virus & Other Malware Removal' started by djtackett, Nov 3, 2007.

Thread Status:
Not open for further replies.
  1. djtackett

    djtackett Thread Starter

    Joined:
    Nov 3, 2007
    Messages:
    1
    I hope this can be fixed. This computer,Dell Demension 8400 XP pro was run for a week without an updated antivirus. I can no longer get to control panel or edit my registry because of this virus. The pop up says "Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system...Click YES to download spyware remover..." I am sending my ComboFix and Hijack this logs. The computer was used by others so I dont know what they may have clicked. Thank you


    ---------------------------------------------------------------------------------------------------
    ComboFix 07-10-29.1 - Dennis Tackett 2007-11-03 1:23:24.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.636 [GMT -4:00]
    Running from: C:\Documents and Settings\Dennis Tackett\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
    .

    2007-10-30 23:07 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    2007-10-30 22:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-30 22:31 <DIR> d-------- C:\Documents and Settings\Dennis Tackett\Application Data\AVG7
    2007-10-30 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-30 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-30 22:20 2,888 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2007-10-30 22:19 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
    2007-10-30 22:19 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
    2007-10-30 22:19 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
    2007-10-30 22:19 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
    2007-10-30 22:19 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
    2007-10-30 22:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-29 21:37 12,800 --a------ C:\WINDOWS\SYSTEM32\bronto.dll
    2007-10-29 21:37 7,680 --a------ C:\WINDOWS\SYSTEM32\winter.exe
    2007-10-29 21:37 7,680 --a------ C:\WINDOWS\SYSTEM32\proper.exe
    2007-10-29 21:37 6,144 --a------ C:\WINDOWS\SYSTEM32\skuns.dat
    2007-10-09 17:51 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-31 01:57 --------- d-----w C:\Documents and Settings\Dennis Tackett\Application Data\U3
    2007-09-18 03:13 --------- d-----w C:\Program Files\iTunes
    2007-09-18 03:13 --------- d-----w C:\Program Files\iPod
    2007-09-18 03:10 --------- d-----w C:\Program Files\Apple Software Update
    2006-10-10 01:30 132,272 ----a-w C:\Documents and Settings\Dennis Tackett\Application Data\GDIPFONTCACHEV1.DAT
    2003-08-27 18:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
    2007-07-15 12:37:23 6,369 --sh--w C:\WINDOWS\SYSTEM32\xycdd.bak1
    2007-07-15 19:46:32 6,369 --sh--w C:\WINDOWS\SYSTEM32\xycdd.bak2
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 1,871,872 2004-09-07 16:55:20 C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe

    ----a-w 335,872 2004-05-26 03:35:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

    ----a-w 110,592 2003-08-19 06:01:00 C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe

    ----a-w 45,056 2002-09-30 06:00:00 C:\Program Files\Creative\SBAudigy2\DVDAudio\bak\CTDVDDet.EXE

    ----a-w 49,152 2002-10-29 14:18:24 C:\Program Files\Creative\SBAudigy2\Surround Mixer\bak\CTSysVol.exe

    ----a-w 53,248 2004-04-11 16:43:44 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

    ----a-w 6,946,816 2004-07-30 20:47:36 C:\Program Files\Dantz\Retrospect Express HD\bak\RetroExpress.exe

    ----a-w 290,816 2004-04-12 01:15:14 C:\Program Files\Dell\Media Experience\bak\PCMService.exe

    ----a-w 306,688 2004-07-19 12:51:24 C:\Program Files\Dell Support\bak\DSAgnt.exe

    ----a-w 45,056 2004-03-31 08:00:00 C:\Program Files\Digidesign\Drivers\bak\MMERefresh.exe

    ----a-w 135,168 2004-03-23 17:16:16 C:\Program Files\Intel\Intel Application Accelerator\bak\iaanotif.exe

    ----a-w 278,528 2006-02-23 19:45:20 C:\Program Files\iTunes\bak\iTunesHelper.exe
    ----a-w 267,064 2007-09-14 14:00:06 C:\Program Files\iTunes\iTunesHelper.exe

    ----a-w 32,881 2003-11-19 22:48:14 C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe

    ----a-w 823,296 2004-12-22 13:21:48 C:\Program Files\Maxtor\OneTouch\Utils\bak\Onetouch.exe

    ----a-w 200,704 2003-06-18 17:00:00 C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe

    ----a-w 53,248 2004-04-19 19:45:52 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe

    ----a-w 155,648 2006-01-21 04:03:19 C:\Program Files\QuickTime\bak\qttask.exe
    ----a-w 286,720 2007-06-29 10:24:52 C:\Program Files\QuickTime\QTTask.exe

    ----a-w 26,112 2004-09-19 17:07:08 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

    ----a-w 94,208 2005-12-16 22:58:29 C:\WINDOWS\bak\MXOALDR.EXE
    ----a-w 94,208 2005-12-16 22:58:29 C:\WINDOWS\MXOALDR.EXE

    ----a-r 94,208 2003-08-27 18:20:00 C:\WINDOWS\bak\SM1BG.EXE

    ----a-w 90,112 2000-05-11 06:00:00 C:\WINDOWS\bak\UpdReg.EXE

    ----a-w 155,648 2001-07-09 15:50:42 C:\WINDOWS\SYSTEM32\bak\NeroCheck.exe

    ----a-w 122,933 2004-03-15 06:04:00 C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]
    2007-11-02 23:00 12800 --a------ C:\WINDOWS\system32\bronto.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2005-12-16 18:58]
    "CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "AsioReg"="REGSVR32.exe" [2004-08-04 03:56 C:\WINDOWS\SYSTEM32\regsvr32.exe]
    "MXOBG"="C:\WINDOWS\MXOALDR.EXE" [2005-12-16 18:58]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-02-26 19:42]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58]
    "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
    "Undefined"="C:\WINDOWS\system32\winter.exe" [2007-11-02 23:00]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-30 23:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
    "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 21:07]
    "Undefined"="C:\WINDOWS\system32\winter.exe" [2007-11-02 23:00]

    C:\Documents and Settings\Dennis Tackett\Start Menu\Programs\Startup\
    infos.exe [2007-11-02 23:00:17]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-03-05 20:01:03]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-30 23:24:24]
    AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 08:43:54]
    autos.exe [2007-11-02 23:00:17]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-09-19 13:02:21]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=1 (0x1)
    "DisableTaskMgr"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=1 (0x1)
    "DisableTaskMgr"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel"=1 (0x1)
    "NoWindowsUpdate"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"="Explorer.exe C:\WINDOWS\system32\proper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]
    jkhfc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
    @="Service"

    R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFi~1.sys
    R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
    R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
    R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
    R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
    R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-18 03:10:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-03 05:32:19 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
    "2007-11-03 05:32:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
    "2007-11-03 05:32:19 C:\WINDOWS\Tasks\MP Scheduled Signature Update.job"
    - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-03 01:30:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-03 1:34:41 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-30 22:26
    C:\ComboFix3.txt ... 2007-10-30 22:13
    .
    --- E O F ---


    ----------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 12:06:22 AM, on 10/31/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\proper.exe
    C:\Documents and Settings\Dennis Tackett\Desktop\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll
    O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\pmkjh.dll (file missing)
    O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
    O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - Startup: infos.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
    O4 - Global Startup: autos.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://locator.cdn.imageservr.com
    O15 - Trusted Zone: http://*.systemdoctor.com
    O15 - Trusted Zone: http://www.winantivirus.com
    O15 - Trusted Zone: http://www.winantiviruspro.com
    O15 - Trusted Zone: http://download.cdn.winsoftware.com
    O15 - Trusted IP range: http://202.67.220.225
    O15 - Trusted IP range: http://59.148.220.121
    O15 - Trusted IP range: http://62.4.84.53
    O15 - Trusted IP range: http://82.98.235.58
    O15 - Trusted IP range: http://85.12.25.90
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1FA63B8F-0E39-4ED2-B063-7DE1D8F50B03}: NameServer = 68.87.71.226,68.87.73.242
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1FA63B8F-0E39-4ED2-B063-7DE1D8F50B03}: NameServer = 68.87.71.226,68.87.73.242
    O20 - Winlogon Notify: jkhfc - jkhfc.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~2\rthlpsvc.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~2\retrorun.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Warning Potential Spyware
  1. Baggio
    Replies:
    5
    Views:
    565
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/647169

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice