Scan saved at 09:11:52, on 30/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
CWINDOWS\System32\smss.exe
CWINDOWS\system32\winlogon.exe
CWINDOWS\system32\services.exe
CWINDOWS\system32\lsass.exe
CWINDOWS\system32\svchost.exe
CWINDOWS\System32\svchost.exe
CWINDOWS\Explorer.EXE
CWINDOWS\system32\spoolsv.exe
CProgram Files\Netropa\Multimedia Keyboard\nhksrv.exe
CProgram Files\Common Files\Symantec Shared\ccEvtMgr.exe
CProgram Files\Common Files\EPSON\EBAPI\SAgent2.exe
CProgram Files\Norton AntiVirus\navapsvc.exe
CProgram Files\Norton Internet Security\NISUM.EXE
CWINDOWS\system32\slserv.exe
Capps\ABoard\ABoard.exe
CProgram Files\Common Files\Symantec Shared\ccApp.exe
CProgram Files\Java\jre1.5.0_02\bin\jusched.exe
CWINDOWS\System32\svchost.exe
CProgram Files\Microsoft AntiSpyware\gcasServ.exe
CProgram Files\Netropa\Multimedia Keyboard\MMKeybd.exe
CPROGRA~1\Mouse\Amoumain.exe
CWINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 CE.EXE
CProgram Files\BroadJump\Client Foundation\CFD.exe
CPROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
Capps\ABoard\AOSD.exe
CProgram Files\iTunes\iTunesHelper.exe
CProgram Files\Virtual CD v4 SDK\system\vcssecs.exe
CProgram Files\Messenger\msmsgs.exe
CProgram Files\Norton Internet Security\ccPxySvc.exe
CProgram Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
CProgram Files\iPod\bin\iPodService.exe
CProgram Files\Netropa\Multimedia Keyboard\TrayMon.exe
CProgram Files\Netropa\Onscreen Display\OSD.exe
CProgram Files\Microsoft AntiSpyware\gcasDtServ.exe
CProgram Files\Java\jre1.5.0_02\bin\javaw.exe
CPROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
CPROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
CProgram Files\Grisoft\AVG Free\avgemc.exe
CProgram Files\Grisoft\AVG Free\avgcc.exe
CDocuments and Settings\Chris\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packar...se=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://CAPPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packar...se=6&key=SEARCH
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - capps\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - CProgram Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - CProgram Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - CProgram Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - CProgram Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ACTIVBOARD] capps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ccApp] "CProgram Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] CProgram Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] CPROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "CProgram Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] CWINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] CProgram Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [WheelMouse] CPROGRA~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] CWINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [rfagent] "CProgram Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [BJCFD] CProgram Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] CPROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "CProgram Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] CPROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] CPROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "CProgram Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "CProgram Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: broadband medic.lnk = CProgram Files\ntl\broadband medic\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgram Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgram Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://CAPPS\IE\offline\uk.htm
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - CPROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - CPROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - CProgram Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - CProgram Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - CProgram Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - CProgram Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - CProgram Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server - Unknown - CProgram Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - CProgram Files\Norton Internet Security\NISUM.EXE
O23 - Service: Sandra Data Service - SiSoftware - CProgram Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - CProgram Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - CPROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - CProgram Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - CProgram Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) - H+H Software GmbH - CProgram Files\Virtual CD v4 SDK\system\vcssecs.exe
I have ad-aware, avg, microsoft beta and norton 2003, have run full checks with them all, got rid of all the crap, and have this log file, and was wondering if someone could help with the amount of svchost.exe there are. Should there be this many??? and also there are some exe files there I can't seem to find out what they are.
thanks woody