1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win32.Dluca.AX: File C:\program files\Common Files\System\ms1src.exe

Discussion in 'Virus & Other Malware Removal' started by chrisrw, Feb 8, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. chrisrw

    chrisrw Thread Starter

    Joined:
    May 6, 2005
    Messages:
    16
    Norton Antivirus has identified this Adware but can't delete it. It seems to be one of the Trojan Horses that, just when you least expect it, suddenly sends you off to a porn site. Can you please tell me how to eliminate it or point me in the direction of existing instructions, if there are any? Thanks. The HijackThis log (v1.99.0) is as follows.

    Logfile of HijackThis v1.99.0
    Scan saved at 23:57:34, on 08/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\Sungard Vaulting Services\AgentSrv.EXE
    C:\Windows\System32\Ati2evxx.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Windows\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Windows\system32\atiptaxx.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Windows\system32\timeserv.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Windows\System32\MsPMSPSv.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
    C:\Windows\Logi_MwX.Exe
    C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
    C:\Windows\SM1BG.EXE
    C:\Program Files\USBRadio\QuickRadio.exe
    C:\Windows\Dit.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Sungard Vaulting Services\CBSysTray.exe
    C:\HPDESK\hppddir.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\lotus\organize\easyclip.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Windows\System32\svchost.exe
    c:\windows\system32\dxvid.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    c:\program files\common files\system\mplay64.exe
    C:\Program Files\Microsoft Office\Office\1033\msohelp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\system32\cidaemon.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\program files\common files\system\ms1src.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btopenworld.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTinternet
    O1 - Hosts: 172.31.105.1 lam_unix1 lam1
    O1 - Hosts: 172.31.105.2 lam_unix2 lam2
    O1 - Hosts: 172.31.105.5 lam_unix5 lam5
    O1 - Hosts: 172.31.105.10 lam-sun1 sun1
    O1 - Hosts: nu.com
    O1 - Hosts: nu.com
    O1 - Hosts: enu.com
    O1 - Hosts: enu.com
    O1 - Hosts: henu.com
    O1 - Hosts: henu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: inc.whenu.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {1D62BD48-16F6-4004-A54A-3C41E4955A87} - (no file)
    O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - HKLM\..\Run: [SM1BG] C:\Windows\SM1BG.EXE
    O4 - HKLM\..\Run: [QuickRADIO] C:\Program Files\USBRadio\\QuickRadio.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install
    O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm
    O4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe /noerrorinfo
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\AWS\WeatherBug\WeatherBug.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BackupMyStuff TaskBar Icon.LNK = C:\Program Files\Sungard Vaulting Services\CBSysTray.exe
    O4 - Global Startup: Document Assistant.lnk = C:\HPDESK\hppddir.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c10.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {4E6F9E15-C8E3-4E19-B987-04EF390E9824} - http://www.betfair.com/install/setup.cab
    O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125068786135
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{609A6CB4-0F8F-4720-ADEC-23DE2D3E35F9}: NameServer = 158.43.240.4,158.43.240.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66FC3882-2BA3-453C-A65F-47E763B948D0}: NameServer = 213.120.62.99,213.120.62.98
    O23 - Service: Connected Agent Service - Connected Corporation - C:\Program Files\Sungard Vaulting Services\AgentSrv.EXE
    O23 - Service: Ati HotKey Poller - Unknown - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\Windows\System32\GEARSec.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido
    · It will prompt you to update click the OK button and it will go to the main screen
    · On the left side of the main screen click update
    · Click on Start and let it update.
    · DO NOT run a scan yet. You will do that later in safe mode.

    Restart your computer into safe mode now. Perform the following steps in safe mode:
    (Start tapping F8 at the first black screen after power up)

    Run Ewido:
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · During the scan it will prompt you to clean files, click OK
    · When the scan is finished, look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    Boot to normal mode
    Post that log and a new HiJack log
     
  3. chrisrw

    chrisrw Thread Starter

    Joined:
    May 6, 2005
    Messages:
    16
    Thanks, Guys; that seems to have done the trick - here is the Hijackthis log, but the Ewido one is huge (3Mb). Are you sure you want that? Now let's make a well-earned donation!
    Logfile of HijackThis v1.99.0
    Scan saved at 14:24:58, on 20/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Windows\system32\spoolsv.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Windows\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\timeserv.exe
    C:\Windows\System32\MsPMSPSv.exe
    C:\Windows\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
    C:\Windows\Logi_MwX.Exe
    C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
    C:\Windows\SM1BG.EXE
    C:\Program Files\USBRadio\QuickRadio.exe
    C:\Windows\Dit.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
    C:\windows\system32\dxvid.exe
    C:\program files\common files\system\mplay64.exe
    C:\Windows\system32\ctfmon.exe
    C:\HPDESK\hppddir.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\lotus\organize\easyclip.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Windows\system32\cidaemon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Highjackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program

    Files\Copernic Agent\Web\SearchBar.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://www.btopenworld.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft

    Internet Explorer provided by BTinternet
    O1 - Hosts: 172.31.105.1 lam_unix1 lam1
    O1 - Hosts: 172.31.105.2 lam_unix2 lam2
    O1 - Hosts: 172.31.105.5 lam_unix5 lam5
    O1 - Hosts: 172.31.105.10 lam-sun1 sun1
    O1 - Hosts: nu.com
    O1 - Hosts: nu.com
    O1 - Hosts: enu.com
    O1 - Hosts: enu.com
    O1 - Hosts: henu.com
    O1 - Hosts: henu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: inc.whenu.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

    784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

    Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {1D62BD48-16F6-4004-A54A-3C41E4955A87} - (no file)
    O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

    C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe

    /Start
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator

    5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program

    Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511

    \Utility\WG511WLU.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

    atboottime
    O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company

    Software\Spam Inspector\siService.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [DDCM] "C:\Program

    Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program

    Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - HKLM\..\Run: [SM1BG] C:\Windows\SM1BG.EXE
    O4 - HKLM\..\Run: [QuickRADIO] C:\Program Files\USBRadio\\QuickRadio.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06

    \bin\jusched.exe
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe

    -boot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton

    SystemWorks\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1

    \SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511

    \Utility\WPN511.exe -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm
    O4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe

    /noerrorinfo
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\AWS\WeatherBug\WeatherBug.exe
    O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Document Assistant.lnk = C:\HPDESK\hppddir.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program

    Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office\OSA9.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: Search Using Copernic Agent - C:\Program

    Files\Copernic Agent\Web\SearchExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

    00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -

    C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-

    AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} -

    C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

    http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} -

    http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_

    US.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -

    http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c10.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

    https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {4E6F9E15-C8E3-4E19-B987-04EF390E9824} -

    http://www.betfair.com/install/setup.cab
    O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) -

    http://www.ppstream.com/bin/powerplayer.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

    _site.cab?1125068786135
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

    http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

    https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

    http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{609A6CB4-0F8F-4720-ADEC-

    23DE2D3E35F9}: NameServer = 158.43.240.4,158.43.240.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66FC3882-2BA3-453C-A65F-

    47E763B948D0}: NameServer = 213.120.62.99,213.120.62.98
    O23 - Service: Ati HotKey Poller - Unknown - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program

    Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\Windows\System32\GEARSec.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation -

    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton

    SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec

    Corporation - C:\Program Files\Norton SystemWorks\Norton

    AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection - Symantec Corporation -

    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

    SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1

    \COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1

    \NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HJT – mark them, close IE, click fix checked

    O3 - Toolbar: (no name) - {1D62BD48-16F6-4004-A54A-3C41E4955A87} - (no file)

    O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)

    O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm

    O4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe
    /noerrorinfo

    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    http://static.windupdates.com/cab/Do...bridge-c10.cab

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    c:\windows\system32\dxvid.exe
    c:\program files\common files\system\mplay64.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system

    On the next log make sure in notepad - FORMAT - word wrap is checked
     
  5. chrisrw

    chrisrw Thread Starter

    Joined:
    May 6, 2005
    Messages:
    16
    Thanks. Operation completed successfully. HJT log follows. What didn't work? Four temp files failed to delete because they were 'being used by another program": "Run" didn't appear under the Start menu in safe mode, so I had to put in %temp% in normal mode.

    Logfile of HijackThis v1.99.0
    Scan saved at 18:18:55, on 23/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\BackupMyStuff\AgentSrv.EXE
    C:\Windows\System32\Ati2evxx.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Windows\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\timeserv.exe
    C:\Windows\System32\MsPMSPSv.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
    C:\Windows\Logi_MwX.Exe
    C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
    C:\Windows\SM1BG.EXE
    C:\Program Files\USBRadio\QuickRadio.exe
    C:\Windows\Dit.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
    C:\Program Files\BackupMyStuff\CBSysTray.exe
    C:\HPDESK\hppddir.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\lotus\organize\easyclip.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
    C:\Windows\system32\wuauclt.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    YOu did not paste the enire log - when you do make sure in notepad under FORMAT that word wrap is checked

    plus that is a slightly old version of HJT

    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  7. chrisrw

    chrisrw Thread Starter

    Joined:
    May 6, 2005
    Messages:
    16
    Oops, sorry; I think I've followed your instructions properly this time! Log follows:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:01:52, on 23/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\BackupMyStuff\AgentSrv.EXE
    C:\Windows\System32\Ati2evxx.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Windows\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\timeserv.exe
    C:\Windows\System32\MsPMSPSv.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
    C:\Windows\Logi_MwX.Exe
    C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
    C:\Windows\SM1BG.EXE
    C:\Program Files\USBRadio\QuickRadio.exe
    C:\Windows\Dit.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
    C:\Program Files\BackupMyStuff\CBSysTray.exe
    C:\HPDESK\hppddir.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\lotus\organize\easyclip.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Windows\system32\cidaemon.exe
    C:\Program Files\BOINC\projects\www.climateprediction.net\sulphur_4.22_windows_intelx86.exe
    C:\Program Files\BOINC\projects\www.climateprediction.net\sulphur_um_4.22_windows_intelx86.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\BOINC\projects\www.climateprediction.net\sulphur_4.22_windows_intelx86.exe
    C:\Program Files\BOINC\projects\www.climateprediction.net\sulphur_um_4.22_windows_intelx86.exe
    C:\Windows\System32\HPZipm12.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btopenworld.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTinternet
    O1 - Hosts: 172.31.105.1 lam_unix1 lam1
    O1 - Hosts: 172.31.105.2 lam_unix2 lam2
    O1 - Hosts: 172.31.105.5 lam_unix5 lam5
    O1 - Hosts: 172.31.105.10 lam-sun1 sun1
    O1 - Hosts: nu.com
    O1 - Hosts: nu.com
    O1 - Hosts: enu.com
    O1 - Hosts: enu.com
    O1 - Hosts: henu.com
    O1 - Hosts: henu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: inc.whenu.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: XBTB09580 - {FFDA4F6F-2EA3-4942-9420-E42880965A3A} - C:\PROGRA~1\WORDRE~1\WORDRE~1.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: WordReferenceEsEn - {5776A2BC-D803-47F6-9DC0-8344DB8D604C} - C:\Program Files\WordReferenceEsEn\wordreferenceEsEn.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
    O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - HKLM\..\Run: [SM1BG] C:\Windows\SM1BG.EXE
    O4 - HKLM\..\Run: [QuickRADIO] C:\Program Files\USBRadio\\QuickRadio.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\AWS\WeatherBug\WeatherBug.exe
    O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BackupMyStuff TaskBar Icon.LNK = C:\Program Files\BackupMyStuff\CBSysTray.exe
    O4 - Global Startup: Document Assistant.lnk = C:\HPDESK\hppddir.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {4E6F9E15-C8E3-4E19-B987-04EF390E9824} - http://www.betfair.com/install/setup.cab
    O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125068786135
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{609A6CB4-0F8F-4720-ADEC-23DE2D3E35F9}: NameServer = 158.43.240.4,158.43.240.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66FC3882-2BA3-453C-A65F-47E763B948D0}: NameServer = 213.120.62.99,213.120.62.98
    O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\BackupMyStuff\AgentSrv.EXE
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\Windows\System32\GEARSec.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Thanks.
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download Hoster from here:
    www.funkytoad.com/download/hoster.zip
    Run the program Hoster and press Restore Original Hosts, OK, and Exit Program.
    =======
    You never posted the Ewido log but that's OK

    How are things now???
     
  9. chrisrw

    chrisrw Thread Starter

    Joined:
    May 6, 2005
    Messages:
    16
    Have run Hoster program, but what was the objective, please?

    All now seems fine; thanks once again for your help.
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Post a new log

    Hoster cleaned the O1 entries which were bogus
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/441079

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice