|
Smartfinder.us & Secdrop.BO
Father-in-law's PC keeps returning to Smartfinder.us on connection to internet. Have reset security to default and home page to somewhere more sensible. Have recently installed ezantivirus and the Real Secure Desktop Protector. Previously the machine was unprotected and riddled with viruses.
Still having problems with the Secdrop.BO virus which is identified by the antivirus software but doesn't seem able to eliminate it completely. Have checked with company website on this signature and there's no info on the .BO variant. Anyone any ideas on how to get rid of secdrop once and for all and stop smartfinder.us from re-appearing? |
Hi Ham,
You've been hit by CWS.. ..please download 'Hijack This!' from here, unzip, and place it in it’s own folder, (not in the temp folder, or on the desktop) doubleclick HijackThis.exe, check for updates by clicking on Config | Misc. Tools | Check for Updates and follow the prompts. Once updated click on Scan. When the scan is finished, click "Save Log", and copy and paste it in a reply. This will give us a rundown of what’s going on in your PC. One of us here will be glad to analyse it for you. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required. Cheers Liam |
Logfile of HijackThis v1.99.0
Scan saved at 17:00:27, on 04/01/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ISS\BlackICE\blackd.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\WINDOWS\System32\NMSSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\SysCgfig.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\WINDOWS\System32\PROMon.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\WINDOWS\System32\sndsys.exe C:\WINDOWS\System32\cdaccess.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\ISS\BlackICE\blackice.exe C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\wzqkpick.exe C:\Program Files\ISS\BlackICE\RapApp.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smartfinder.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://smartfinder.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://smartfinder.us/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartfinder.us/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/r...search&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://smartfinder.us/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://smartfinder.us/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartfinder.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://smartfinder.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://smartfinder.us/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://smartfinder.us/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://smartfinder.us/sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://smartfinder.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [FontsLoader] C:\WINDOWS\Fonts\ldfnt32.hta O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Update] C:\WINDOWS\csrss.exe /i O4 - HKLM\..\Run: [httpd] C:\WINDOWS\msgaol.exe /i O4 - HKLM\..\Run: [QTSvc] C:\WINDOWS\shman.exe /i O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [Windows Sound System] sndsys.exe O4 - HKLM\..\Run: [Winproxy Personal] winproxy.exe O4 - HKLM\..\Run: [System Configurati0n] SysCgfig.exe O4 - HKLM\..\Run: [Auto CD-ROM Startup] cdaccess.exe O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\RunServices: [Windows Sound System] sndsys.exe O4 - HKLM\..\RunServices: [Winproxy Personal] winproxy.exe O4 - HKLM\..\RunServices: [System Configurati0n] SysCgfig.exe O4 - HKLM\..\RunServices: [Auto CD-ROM Startup] cdaccess.exe O4 - HKLM\..\RunOnce: [System Configurati0n] SysCgfig.exe O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - HKCU\..\Run: [System Configurati0n] SysCgfig.exe O4 - HKCU\..\Run: [Winproxy Personal] winproxy.exe O4 - HKCU\..\Run: [Auto CD-ROM Startup] cdaccess.exe O4 - HKCU\..\Run: [start uploading] smsss.exe O4 - HKCU\..\RunServices: [start uploading] smsss.exe O4 - HKCU\..\RunOnce: [System Configurati0n] SysCgfig.exe O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104575692748 O17 - HKLM\System\CCS\Services\Tcpip\..\{15F27EB2-A6C1-41CF-9353-42C242F7A265}: NameServer = 194.168.4.100,194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{B35FCC79-88A0-4D9A-8283-148CD92DAC39}: NameServer = 194.72.9.38 194.74.65.68 O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: CAISafe - Unknown - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\RapApp.exe O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Thanks, mate, owe you a beer if this works! Apologies to all for the long post; will delete once snag resolved! Does anyone have any ideas on the Secdef.BO Trojan. |
Hi Ham,
just got in from work, so give me half an hour to get sorted, and I'll go through it. Cheers Liam |
Hi,
Here we go.. please print this off, as it will be easier to follow. You’ve been hijacked by CoolWebSearch. Please go here and download, unzip and then open CoolWebShredder (stand alone version). Then click on the Updates button and follow the prompts. Next, run the program by clicking on the Fix-> button. Please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. (Some may no longer be present after running the above) Next, close all browser windows and click the Fix checked button… R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smartfinder.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://smartfinder.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://smartfinder.us/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartfinder.us/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://smartfinder.us/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://smartfinder.us/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartfinder.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://smartfinder.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://smartfinder.us/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://smartfinder.us/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://smartfinder.us/sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://smartfinder.us/ O4 - HKLM\..\Run: [FontsLoader] C:\WINDOWS\Fonts\ldfnt32.hta O4 - HKLM\..\Run: [Update] C:\WINDOWS\csrss.exe /i O4 - HKLM\..\Run: [httpd] C:\WINDOWS\msgaol.exe /i O4 - HKLM\..\Run: [QTSvc] C:\WINDOWS\shman.exe /i O4 - HKLM\..\Run: [Windows Sound System] sndsys.exe O4 - HKLM\..\Run: [Winproxy Personal] winproxy.exe O4 - HKLM\..\Run: [System Configurati0n] SysCgfig.exe O4 - HKLM\..\Run: [Auto CD-ROM Startup] cdaccess.exe O4 - HKLM\..\RunServices: [Windows Sound System] sndsys.exe O4 - HKLM\..\RunServices: [Winproxy Personal] winproxy.exe O4 - HKLM\..\RunServices: [System Configurati0n] SysCgfig.exe O4 - HKLM\..\RunServices: [Auto CD-ROM Startup] cdaccess.exe O4 - HKLM\..\RunOnce: [System Configurati0n] SysCgfig.exe O4 - HKCU\..\Run: [System Configurati0n] SysCgfig.exe O4 - HKCU\..\Run: [Winproxy Personal] winproxy.exe O4 - HKCU\..\Run: [Auto CD-ROM Startup] cdaccess.exe O4 - HKCU\..\Run: [start uploading] smsss.exe O4 - HKCU\..\RunServices: [start uploading] smsss.exe O4 - HKCU\..\RunOnce: [System Configurati0n] SysCgfig.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ? Next, please double click on the My Computer icon on the desktop. Go to Tools | Folder Options, click on the View tab and make sure that Show hidden files and folders is checked. Also uncheck Hide protected operating system files. Now click Apply to all folders, then click Apply then OK. Next please find and delete the following bolded files... C:\WINDOWS\Fonts\ldfnt32.hta C:\WINDOWS\csrss.exe C:\WINDOWS\msgaol.exe C:\WINDOWS\shman.exe C:\WINDOWS\System32\sndsys.exe C:\WINDOWS\System32\winproxy.exe C:\WINDOWS\System32\SysCgfig.exe C:\WINDOWS\System32\cdaccess.exe C:\WINDOWS\System32\smsss.exe (Please check the file path and spelling for each very carefully before deleting. They are spelt like this in order to make them look legit.) If you have rebooted since posting this, then there is a chance that some/all of the file names have morphed in the meantime.. but that's life. We'll just start again.. at least it won't be as difficult to spot them next time.. :) Then boot into safe mode, (see here for info if needed) and delete the entire contents of the C:\Windows\Temp (or C:\WINNT\Temp) folder, but not the folder itself. Then please boot back into normal mode and download AdAware SE from here. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Next, we need to configure Ad-aware for a full scan. Click on the Gear icon (second from the left) to access the preferences/settings window 1. In the General window make sure the following are selected: · Automatically save log-file · Automatically quarantine objects prior to removal · Safe Mode (always request confirmation) 2. Click on the Scanning button on the left and select : · Scan Within Archives · Scan Active Processes · Scan Registry · Deep Scan Registry · Scan my IE favorites for banned URL’s · Scan my Hosts file · Under Click here to select drives + folders, choose: · All of your hard drives | Proceed 3. Click on the Advanced button on the left and select: · Include additional process information · Include additional file information · Include environment information 4. Click the Tweak button and select: · Under the Scanning Engine: · Unload recognized processes & modules during scan · Include additional Ad-aware settings in logfile · Under the Cleaning Engine: · Let Windows remove files in use at next reboot 5. Click on Proceed to save the settings. 6. Click Start and on the next screen choose: · Use Custom Scanning Options 7. Click Next and Ad-aware will scan your hard drive(s) with the options you have selected. When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next). Next, please reboot again and download Spybot - Search & Destroy 1.3 from here: if you haven't already got the program. Click on Updates | Download Updates, and follow the prompts. Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED. Next reboot and go here, and run the online virus scan; choosing the Autoclean option just before clicking the Scan button. Then please post a new log for a final once over. I'm odff out this evening, but I'll check up on your progress later on. :) Cheers Liam |
BlackIce Defender
I noticed that you're using BlackIce Defender as a firewall.
Visit www.grc.com for a review of BlackIce Defender Steve Gibson also offers 2 firewall checking tools - LeakTest and ShieldsUp. This guy seems to know what he's talking about as he's been in the hack/security business for years!!! And it's all FREEEEEE!!!!! thanks to people buying his HDD recovery/maintenance too SpinRite |
Thanks for all your help; definitely getting there!
Last scan using on-line antivirus detected: worm_wootbot.gen worm_rbot.abk worm_rbot.aer and said they were non-cleanable. Have deleted them now and will re-run Coolwebshredder et al! |
Reran the CWS utility which generated this log:
Logfile of HijackThis v1.99.0 Scan saved at 17:13:47, on 05/01/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\WINDOWS\System32\NMSSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\WINDOWS\System32\PROMon.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ISS\BlackICE\blackd.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/r...search&ap=b204 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104575692748 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{15F27EB2-A6C1-41CF-9353-42C242F7A265}: NameServer = 194.168.4.100,194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{B35FCC79-88A0-4D9A-8283-148CD92DAC39}: NameServer = 194.72.9.38 194.74.65.68 O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: CAISafe - Unknown - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\RapApp.exe O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
Hi Ham,
That's a clean log. Is everything running correctly now? Cheers Liam |
Yes it does. Are you an aviation enthusiast as well as PC guru? If so, I'd like to thank you for your help. PM me with your address.
|
Hi Ham,
You're welcome. Am I an aviation enthusiast? I like planes from a distance.. :) We flew out to Austria last year for a week's skiing, and we got the train home, 'cos i bottled the flight back.. :\ :uhoh: Ironic really, considering the amount of time I spend on this forum.. :D Cheers Liam |
| All times are GMT. The time now is 15:31. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.