Tech Support Forum - View Single Post

Darth_Caleb · 01-24-2005, 01:11 PM

I have Windows 2000 SP3

Have had trojans which have cleared but cannot get rid of Home Search as home page on Internet Explorer.

Hijackthis log as follows. Any help appreciated

Logfile of HijackThis v1.99.0
Scan saved at 17:23:44, on 24/01/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\gearsec.exe
C:\WINNT\LogWatNT.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Sophos SWEEP for NT\SWUPDATE.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ntbw.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\msii.exe
C:\WINNT\system32\internat.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gt\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xufvr.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xufvr.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\xufvr.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xufvr.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xufvr.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xufvr.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xufvr.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.3:80
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AF61DD49-FEDC-3145-683E-6D19A02D4877} - C:\WINNT\system32\apior.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [msii.exe] C:\WINNT\msii.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Redthorn printing.lnk = C:\WINNT\system32\net.exe
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Phone Manager.lnk = C:\Program Files\Alchemy\Phone Manager\PhoneManager.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD...bridge-c46.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04ab7751...p/RdxIE601.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - https://simon.us.abb.com/ecomm/apps/...all_a_stat.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamc11...c11/games4.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://simon.us.abb.com/ecomm/apps/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE36EEF-B61F-40D0-95CF-46406D3BDFF4}: Domain = express-group.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE36EEF-B61F-40D0-95CF-46406D3BDFF4}: NameServer = 192.168.6.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF9065B-00C5-47E0-A66D-0D844D7947F1}: Domain = express-group.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF9065B-00C5-47E0-A66D-0D844D7947F1}: NameServer = 192.168.6.253
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Gear Security Service - GEAR Software - C:\WINNT\System32\gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch - Unknown - C:\WINNT\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Sophos Anti-Virus Network - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: Sophos Anti-Virus Update - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWUPDATE.EXE
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\apicy.exe (file missing)

01-24-2005, 01:11 PM	#1 (permalink)
Darth_Caleb Registered User Join Date: Jan 2005 Posts: 14 OS: XP SP2	Home Search Problem I have Windows 2000 SP3 Have had trojans which have cleared but cannot get rid of Home Search as home page on Internet Explorer. Hijackthis log as follows. Any help appreciated Logfile of HijackThis v1.99.0 Scan saved at 17:23:44, on 24/01/2005 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\gearsec.exe C:\WINNT\LogWatNT.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS C:\Program Files\Sophos SWEEP for NT\SWUPDATE.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\ntbw.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINNT\msii.exe C:\WINNT\system32\internat.exe C:\freeserve\freeserveconnectionkit\atdialler1.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Sophos SWEEP for NT\ICMON.EXE C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\gt\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xufvr.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xufvr.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\xufvr.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xufvr.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xufvr.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xufvr.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xufvr.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.3:80 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AF61DD49-FEDC-3145-683E-6D19A02D4877} - C:\WINNT\system32\apior.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [msii.exe] C:\WINNT\msii.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Startup: Redthorn printing.lnk = C:\WINNT\system32\net.exe O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Phone Manager.lnk = C:\Program Files\Alchemy\Phone Manager\PhoneManager.exe O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O15 - Trusted Zone: .05p.com O15 - Trusted Zone: .awmdabest.com O15 - Trusted Zone: .frame.crazywinnings.com O15 - Trusted Zone: .scoobidoo.com O15 - Trusted Zone: .searchmiracle.com O15 - Trusted Zone: .05p.com (HKLM) O15 - Trusted Zone: .awmdabest.com (HKLM) O15 - Trusted Zone: .frame.crazywinnings.com (HKLM) O15 - Trusted Zone: .scoobidoo.com (HKLM) O15 - Trusted Zone: .searchmiracle.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: 206.161.124.130 (HKLM) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD...bridge-c46.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04ab7751...p/RdxIE601.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - https://simon.us.abb.com/ecomm/apps/...all_a_stat.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamc11...c11/games4.cab O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://simon.us.abb.com/ecomm/apps/swflash.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE36EEF-B61F-40D0-95CF-46406D3BDFF4}: Domain = express-group.co.uk O17 - HKLM\System\CCS\Services\Tcpip\..\{4BE36EEF-B61F-40D0-95CF-46406D3BDFF4}: NameServer = 192.168.6.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF9065B-00C5-47E0-A66D-0D844D7947F1}: Domain = express-group.co.uk O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF9065B-00C5-47E0-A66D-0D844D7947F1}: NameServer = 192.168.6.253 O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Gear Security Service - GEAR Software - C:\WINNT\System32\gearsec.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Event Log Watch - Unknown - C:\WINNT\LogWatNT.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: OracleOraHome81ClientCache - Unknown - C:\oracle\ora81\BIN\ONRSD.EXE O23 - Service: Sophos Anti-Virus Network - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS O23 - Service: Sophos Anti-Virus Update - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWUPDATE.EXE O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\apicy.exe (file missing)