Yahoo & Google redirect virus

By syrope
Jul 15, 2010
Topic Status:
Not open for further replies.
  1. Hi there :) Help please! I have had a google redirect before and one of these forums helped me so so much. This one seems to affect yahoo too, and there's a pop up every now and then. I tried to follow the 8 steps but after 4 failed GMERs I gave up on that one (one blue screen, 3 spontaneous restarts).

    The logs I've got are attached. Hope I did this right! Any help is appreciated!

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    This should help, so you can do it first:

    You have malware named Relevant Knowledge. You can see it in Add/remove Programs in the Control Panel as Marketscore.RelevantKnowledge. RelevantKnowledge is a MarketScore variant that monitors browsing habits and sends unsolicited advertisements. RelevantKnowledge is bundled in many freeware utilities. The related rlvknlg.exe file is a backdoor proxy component.

    Click on Start> Run> type in cmd> Enter.
    When the black screen comes up, at the blinking prompt, tyep the following or copy and paste it in:

    %WinDir%\rlvknlg.exe -bootremove -uninst:RelevantKnowledge

    Press Enter and let the system follow this command. Reboot when through.
    ==================================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    Re-enable your Antivirus software.
    ================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    When you have finished, leave the logs for review in your next reply .

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    It is advisable to change all of your passwords and monitor any online financial transactions.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You should only be running one antivirus program. The DDS log shows this:
    AV: avast!
    AV: StopSign Antivirus FREE TRIAL diagnostic version

    Multiple antivirus programs actually make the system more vulnerable and can slow it down. Please remove the free trial. reboot the computer when through.
    ==============================
    The Host files have been hijacked. Your searches are being directed through a site in Poland.
    Download the HijackThis Installer HERE and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

    Reopen HijackThis to 'do system scan only.' Check each of the following if present
    Each line will have 01 at the beginning of it as in 01-Host.
    Hosts: 84.16.244.55 www.google.com
    Hosts: 84.16.244.55 us.search.yahoo.com
    Hosts: 84.16.244.55 uk.search.yahoo.com
    Hosts: 84.16.244.55 search.yahoo.com
    Hosts: 84.16.244.55 www.google.com.br
    Hosts: 84.16.244.55 www.google.it
    Hosts: 84.16.244.55 www.google.es
    Hosts: 84.16.244.55 www.google.co.jp
    Hosts: 84.16.244.55 www.google.com.mx
    Hosts: 84.16.244.55 www.google.ca
    Hosts: 84.16.244.55 www.google.com.au
    Hosts: 84.16.244.55 www.google.nl
    Hosts: 84.16.244.55 www.google.co.za
    Hosts: 84.16.244.55 www.google.be
    Hosts: 84.16.244.55 www.google.gr
    Hosts: 84.16.244.55 www.google.at
    Hosts: 84.16.244.55 www.google.se
    Hosts: 84.16.244.55 www.google.ch
    Hosts: 84.16.244.55 www.google.pt
    Hosts: 84.16.244.55 www.google.dk
    Hosts: 84.16.244.55 www.google.fi
    Hosts: 84.16.244.55 www.google.ie
    Hosts: 84.16.244.55 www.google.no
    Hosts: 84.16.244.55 www.google.de
    Hosts: 84.16.244.55 www.google.fr
    Hosts: 84.16.244.55 www.google.co.uk
    Hosts: 84.16.244.55 www.bing.com


    Come back here to this thread and paste (Ctrl+V) the new log in your next reply.

    NOTE: There may be additional entries I will have you remove later, so keep HJT. Don't remove any other entries at this time.
  4. syrope

    syrope Newcomer, in training Topic Starter

    Thank you so much for your help!

    Let me start at the top - I didn't see Marketscore.RelevantKnowledge in my Control Panel, but I tried the run command anyway and I got

    'C:\WINDOWS\rlvknlg.exe' is not recognized as an internal or external command, operable program, or batch file.

    So I searched for the .exe just to see if it was in a different place, but it didn't find it anywhere.

    So I moved on...ComboFix log is attached, it restarted my computer due to "rootkit activity"? - the log was too big so I zipped it.

    Also ran the ESET antivirus - log is attached.

    I see where some places it lists both of the antivirus softwares, but I don't see anything about an avast trial/stop sign program in the add/remove program listings. Is there somewhere else I should look?

    I then installed hijackthis but when I open it I don't have the option anywhere to "Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log" step. It's v.2.0.4 - maybe that's a different version than the instructions are for?

    Attached Files:

  5. syrope

    syrope Newcomer, in training Topic Starter

    it would seem my searches are working again though!
  6. syrope

    syrope Newcomer, in training Topic Starter

    Ohh, for mine I had to click "Main Menu" to get back to the screen, but I see it now. None of those entries were present - no 01 or host entries at all

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:24:50 PM, on 7/17/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17055)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    D:\Corel\Paint Shop Pro\CorelIOMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
    C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
    C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CSHelper.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    D:\oracle\ora92\bin\omtsreco.exe
    D:\oracle\ora92\bin\agntsrvc.exe
    D:\oracle\ora92\Apache\Apache\apache.exe
    C:\WINDOWS\system32\cmd.exe
    D:\oracle\ora92\bin\dbsnmp.exe
    D:\oracle\ora92\BIN\TNSLSNR.exe
    d:\oracle\ora92\bin\ORACLE.EXE
    d:\oracle\ora92\bin\ORACLE.EXE
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    D:\oracle\ora92\Apache\Apache\apache.exe
    D:\oracle\ora92\jdk\bin\java.exe
    D:\oracle\ora92\jdk\bin\java.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    d:\oracle\ora92\bin\isqlplus
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Digsby\lib\digsby-app.exe
    C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.99\npchrome_frame.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKLM\..\Run: [Corel File Shell Monitor] D:\Corel\Paint Shop Pro\CorelIOMonitor.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Photozig Albums Media Detector] C:\Program Files\Photozig Albums\pzAlbumsDetect.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: digsby.lnk = C:\Program Files\Digsby\digsby.exe
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265827816000
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader2.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
    O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} (MeetUploader Control) - http://static1.meetupstatic.com/applet/MeetUploader_200909.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://domino5.wcpss.net/dwa7W.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (AutoFix Launcher Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
    O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.99\npchrome_frame.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
    O23 - Service: eAcceleration Notification Service (eac_notifysvc) - Unknown owner - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe (file missing)
    O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - Unknown owner - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
    O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
    O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
    O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe
    O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
    O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
    O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
    O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
    O23 - Service: OracleServiceDHARRIS - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
    O23 - Service: OracleServicePROJEMP - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - Unknown owner - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe (file missing)
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 15415 bytes
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    2 questions before we finish up:

    1. There is an entry in the HijackThis log for a restriction. It can either be set by the Administrator or by malware. Are you aware of or did you set this Restriction?
    Control Panel present: You or an administrator has set a policy which restricts access to the 'Internet options' from within the IE or in the control panel.

    Please let me know if you are the system Administrator has set this Restriction. Don't do anything about it yet- just address my question.

    2. Regarding Oracle on the D drive:And another question I see a conflict in information from HijackThis log and Combofix regarding the Oracle Services/drivers on your D drive. There are multiple Services running in the HJT log, but there are questions about all of the same Oracle entries in Combofix. Are you actively using these Oracle Services now-= just let me know.
  8. syrope

    syrope Newcomer, in training Topic Starter

    1) I'm not aware of this restriction. I'm the system administrator/only user of the computer.

    2) I'm not actively using anything Oracle related
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    What is your D Drive?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.