http://194.74.65.98 - BT Wholesale Redirect - HELP!

Discussion in 'Windows - Virus and spyware problems' started by zippy1982, Jan 3, 2007.

  1. zippy1982

    zippy1982 Member

    Joined:
    Mar 26, 2006
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    While surfing the net, either just clicking on links throughout sites, accessing favourites or going through Google, one in every about 5 pages redirects me to this http://194.74.65.98 which forces me to close that window and start again if I want to carry on browsing that website.

    Can anyone help me?!?! Is this some sort of virus? I've read on the Internet about other people having problems.

    Below is my Log file from HijakThis. If anyone could offer some help it would be much appreicated.

    Many thanks!
    Zippy
    xxx


    Logfile of HijackThis v1.99.1
    Scan saved at 02:14:51, on 04/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    Last edited: Jan 3, 2007
    zippy1982, Jan 3, 2007
    #1
  2. wagsdadog

    wagsdadog Regular member

    Joined:
    Mar 10, 2006
    Messages:
    286
    Likes Received:
    0
    Trophy Points:
    26
    hmmm, sounds like either a trojan or spyware...

    run grisoft... see if it says anything... i used to have a one that ran itself as INTERNET EXPLORER.exe sooo... always look out for running programs in the background that doesnt fit any description of ur own programs... i say if Grisoft doesnt pick up anything try STINGER, from McAfee- search it on google... its a small prog that doesnt need install... and if that doesnt work try getting a program that detects spy/adware... try searching Adaware... i think that was Lavasoft Adaware? any one correct me?
     
    wagsdadog, Jan 5, 2007
    #2
  3. janrocks

    janrocks Guest

    Dunno how this will paste..

    Analyzerdetails
    Logfile of HijackThis v1.99.1

    Kind


    This should be the newest version.

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    Kind



    Analyzerdetails
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Kind


    This should be the newest version.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\System32\smss.exe

    Kind

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\winlogon.exe

    Kind

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\services.exe

    Kind

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\lsass.exe

    Kind

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\svchost.exe

    Kind

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\System32\svchost.exe

    Kind

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Kind

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\Explorer.EXE

    Kind

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\spoolsv.exe

    Kind

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\HP\KBD\KBD.EXE

    Kind

    Safe
    Safe
    This is a unknown process.
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    Kind

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    Kind

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\Program Files\iTunes\iTunesHelper.exe

    Kind

    Safe
    Safe
    Not dangerous, but unnecessary.
    Apple iTunes
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    Kind



    Checks for updates for RealPlayer
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    Kind

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    Kind



    Antivirensoftware
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    Kind



    Antivirensoftware
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    Kind



    Antivirensoftware
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\cisvc.exe

    Kind

    Safe
    Safe

    Microsoft Index Service Helper
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    Kind

    Very safe
    Very safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\nvsvc32.exe

    Kind

    Very safe
    Very safe
    Not dangerous, but unnecessary.
    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\svchost.exe

    Kind

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

    Kind



    Grisoft AVG6
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\Program Files\iPod\bin\iPodService.exe

    Kind

    Very safe
    Very safe

    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\svchost.exe

    Kind

    Safe
    Safe

    This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\WINDOWS\system32\cidaemon.exe

    Kind

    Safe
    Safe

    Indexing Service Filter Daemon
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe

    Kind



    Adobe Photoshop
    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

    Kind

    Very safe
    Very safe

    Possibly nasty! According to our database this process runs normally in c:\programme\internet explorer\! Check if you know this process and arrange a viruscheck where required.Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)
    Visitor's assessment Analyzerdetails Unknown
    C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001

    Kind



    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    Kind



    Visitor's assessment Analyzerdetails Unknown
    C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001

    Kind



    Visitor's assessment Analyzerdetails Check with an antivirus scanner
    C:\HJT\HijackThis.exe

    Kind

    Very safe
    Very safe
    Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
    Visitor's assessment Analyzerdetails
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

    Kind


    This page has been identified as safe.
    Visitor's assessment Analyzerdetails
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    Kind


    AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html
    Visitor's assessment Analyzerdetails
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    Kind


    SDhelper.dll - Spybot - Search & Destroy, http://spybot.eon.net.au/
    Visitor's assessment Analyzerdetails
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    Kind


    Java von SUN jre1.5.0 update 6
    Visitor's assessment Analyzerdetails
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    Kind


    googletoolbar.dll, googletoolbar*.dll (* = number), googletoolbar_en_*.**-big.dll, Googletoolbar_en_*.*.**-deleon.dll. - Google toolbar, http://toolbar.google.com/
    Visitor's assessment Analyzerdetails
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    Kind


    googletoolbar.dll, googletoolbar*.dll (* = digit), googlenav.dll, googlenav*.dll, googletoolbar_en_*.**-big.dll, googletoolbar_en_*.*.**-deleon.dll - Google Toolbar
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    Kind


    Hewlett Packard Software
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    Kind

    Safe
    Safe
    Unknown application.This entry was classified from our visitors as good.
    Visitor's assessment Analyzerdetails Unknown
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    Kind


    Unknown application.
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce

    Kind


    pdfFactory Pro Dispatcher v2
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    Kind


    Firewall program from Zonelabs. Pro version inlcudes other online security options
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    Kind

    Very safe
    Very safe
    AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    Kind


    Not dangerous, but unnecessary.QuickTime
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    Kind


    Not dangerous, but unnecessary.
    Visitor's assessment Analyzerdetails
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    Kind


    Part of RealPlayer
    Visitor's assessment Analyzerdetails
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    Kind


    Microsoft s MSN Messenger 6
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

    Kind


    The entry &Google Search has been identified as safe.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

    Kind


    The entry &Translate English Word has been identified as safe.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

    Kind


    The entry Backward Links has been identified as safe.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

    Kind


    The entry Cached Snapshot of Page has been identified as safe.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    Kind


    The entry E&xport to Microsoft Excel has been identified as safe.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

    Kind


    The entry Similar Pages has been identified as safe.
    Visitor's assessment Analyzerdetails
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

    Kind


    The entry Translate Page into English has been identified as safe.
    Visitor's assessment Analyzerdetails
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    Kind


    The entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    Kind


    The entry Sun Java Console has been identified as safe.
    Visitor's assessment Analyzerdetails
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    Kind


    The entry Research has been identified as safe.
    Visitor's assessment Analyzerdetails
    O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)

    Kind


    To be fixed if the entry 'Fiddler ' is unknown.
    Unnecessary (deactivated) entry that can be fixed.Unknown buttons or entries in the 'Extras'-menu should be fixed.
    Visitor's assessment Analyzerdetails
    O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)

    Kind


    To be fixed if the entry 'Fiddler ' is unknown.
    Unnecessary (deactivated) entry that can be fixed.Unknown buttons or entries in the 'Extras'-menu should be fixed.
    Visitor's assessment Analyzerdetails Unknown
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEB utton\support.htm

    Kind


    To be fixed if the entry 'Connection Help ' is unknown.Unknown buttons or entries in the 'Extras'-menu should be fixed.
    Visitor's assessment Analyzerdetails Unknown
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEB utton\support.htm

    Kind


    To be fixed if the entry 'Connection Help ' is unknown.Unknown buttons or entries in the 'Extras'-menu should be fixed.
    Visitor's assessment Analyzerdetails
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    Kind



    Unnecessary (deactivated) entry that can be fixed.The entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    Kind



    Unnecessary (deactivated) entry that can be fixed.The entry @xpsp3res.dll, has been identified as safe.
    Visitor's assessment Analyzerdetails
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    Kind


    The entry Messenger has been identified as safe.
    Visitor's assessment Analyzerdetails
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    Kind


    The entry Windows Messenger has been identified as safe.
    Visitor's assessment Analyzerdetails
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails Unknown
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab

    Kind


    Check if you know this site and fix it if you do not.Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
    Visitor's assessment Analyzerdetails
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    Kind


    This entry has been identified as safe.
    Visitor's assessment Analyzerdetails Unknown
    O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll

    Kind



    Visitor's assessment Analyzerdetails
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    Kind


    Windows Genuine Advantage Notification
    Visitor's assessment Analyzerdetails
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    Kind



    Visitor's assessment Analyzerdetails
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    Kind


    This service (Adobelmsvc.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    Kind


    This service (avgamsvr.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    Kind


    This service (avgupsvc.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    Kind


    This service (avgemc.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    Kind


    This service (IDriverT.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Kind


    This service (iPodService.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    Kind


    This service (LSSrvc.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

    Kind


    This service (MSCSPTISRV.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    Kind


    This service (nvsvc32.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

    Kind


    This service (PACSPTISVR.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    Kind


    This service (SPTISRV.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    Kind


    This service (SSScsiSV.exe) was identified as a good one.
    Visitor's assessment Analyzerdetails
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Kind


    This service (vsmon.exe) was identified as a good one.


    This is interesting..something is wrong here, probable browser exploit

    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

    Kind

    Very safe
    Very safe

    Possibly nasty! According to our database this process runs normally in c:\programme\internet explorer\! Check if you know this process and arrange a viruscheck where required.Internet Explorer

    It's a german checker..try it yourself.

    http://hijackthis.de/en#anl
     
    Last edited by a moderator: Jan 6, 2007
    janrocks, Jan 6, 2007
    #3

Share This Page