Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My HiJackThis Logfile

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My HiJackThis Logfile

Unread postby ryans » September 12th, 2007, 10:47 pm

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:11:47 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\TEMP\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8e6cd0fa-ee9e-41b6-9ee0-06c055ceaeb7} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {98B822AD-6BE7-49BC-B773-97240B774080} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A58ECE8A-274B-4B81-9526-4878D500A590} - (no file)
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {B71991AA-F780-417E-48AE-195ED756E9E7} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {BE0BB3BE-F8BD-448C-869E-DC0700974789} - (no file)
O2 - BHO: (no name) - {C21E2F7A-32FD-4AA7-B9C8-20C476673BEA} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {E24B5D3F-0150-4823-8EAB-43BC40E94C80} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FC7D26E7-6697-4CBE-8B77-61AE360AC04B} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\Run: [GoogleBot.exe] C:\WINDOWS\system32\GoogleBot.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1844237615-1677128483-1957994488-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft DirectX] PDSched.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft DirectX] PDSched.exe (User 'Default user')
O4 - S-1-5-18 Startup: Rabio - Auto Update.lnk = C:\Program Files\Rabio\se.exe (User '?')
O4 - .DEFAULT Startup: Rabio - Auto Update.lnk = C:\Program Files\Rabio\se.exe (User 'Default user')
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: secuload.dll,c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll
O20 - Winlogon Notify: efcyxyw - efcyxyw.dll (file missing)
O20 - Winlogon Notify: mljhi - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXMuIEhpbWVz\command.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\mycngpkg.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 8188 bytes
ryans
Active Member
 
Posts: 14
Joined: September 12th, 2007, 10:45 pm
Advertisement
Register to Remove

Unread postby Kairis » September 13th, 2007, 1:52 am

Hello and welcome to forums.
My name is Kairis and I will be helping you to remove any infection(s) that you may have.
It may take me a while to reply to you as all of my fixes are being checked by experts to ensure that you are getting a good fix.

And remember, like you I have a real life, so I may not be at my computer when you are!

You aren't running the latest version of HijackThis. Please update it and post a fresh log.
== Download and Run HijackThis ==
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby ryans » September 13th, 2007, 10:09 pm

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:58:30 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\TEMP\Desktop\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8e6cd0fa-ee9e-41b6-9ee0-06c055ceaeb7} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {98B822AD-6BE7-49BC-B773-97240B774080} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A58ECE8A-274B-4B81-9526-4878D500A590} - (no file)
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {B71991AA-F780-417E-48AE-195ED756E9E7} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {BE0BB3BE-F8BD-448C-869E-DC0700974789} - (no file)
O2 - BHO: (no name) - {C21E2F7A-32FD-4AA7-B9C8-20C476673BEA} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {E24B5D3F-0150-4823-8EAB-43BC40E94C80} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FC7D26E7-6697-4CBE-8B77-61AE360AC04B} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\Run: [GoogleBot.exe] C:\WINDOWS\system32\GoogleBot.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft DirectX] PDSched.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft DirectX] PDSched.exe (User 'Default user')
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: secuload.dll,c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll
O20 - Winlogon Notify: efcyxyw - efcyxyw.dll (file missing)
O20 - Winlogon Notify: mljhi - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXMuIEhpbWVz\command.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\mycngpkg.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 7944 bytes
ryans
Active Member
 
Posts: 14
Joined: September 12th, 2007, 10:45 pm

Unread postby Kairis » September 14th, 2007, 2:03 am

Hi there.
You have still a beta version. (Logfile of Trend Micro HijackThis v2.0.0 (BETA) ) and you scan it in safe mode (Boot mode: Safe mode )

Please Download HJTInstall.exe to your Desktop.

And don't boot in to safe mode.
Please try it again, thanks.

~Kairis ~
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby ryans » September 14th, 2007, 10:14 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:54 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\system32\GoogleBot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\netsh.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\dllh8jkd1q7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8e6cd0fa-ee9e-41b6-9ee0-06c055ceaeb7} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {98B822AD-6BE7-49BC-B773-97240B774080} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A58ECE8A-274B-4B81-9526-4878D500A590} - (no file)
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {B71991AA-F780-417E-48AE-195ED756E9E7} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {BE0BB3BE-F8BD-448C-869E-DC0700974789} - (no file)
O2 - BHO: (no name) - {C21E2F7A-32FD-4AA7-B9C8-20C476673BEA} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {E24B5D3F-0150-4823-8EAB-43BC40E94C80} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FC7D26E7-6697-4CBE-8B77-61AE360AC04B} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\Run: [GoogleBot.exe] C:\WINDOWS\system32\GoogleBot.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft DirectX] PDSched.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft DirectX] PDSched.exe (User 'Default user')
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: secuload.dll,c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll
O20 - Winlogon Notify: efcyxyw - efcyxyw.dll (file missing)
O20 - Winlogon Notify: mljhi - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXMuIEhpbWVz\command.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\mycngpkg.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 8454 bytes
ryans
Active Member
 
Posts: 14
Joined: September 12th, 2007, 10:45 pm

Unread postby Kairis » September 15th, 2007, 2:38 am

Hi there, thanks for the logs.
Download and run SDFix
Download SDFix and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log, thanks.
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby ryans » September 16th, 2007, 12:19 am

Here you go (right after I finished the HijackThis scan another pop-up appeared):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:22 AM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\imapi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8e6cd0fa-ee9e-41b6-9ee0-06c055ceaeb7} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A58ECE8A-274B-4B81-9526-4878D500A590} - (no file)
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {B71991AA-F780-417E-48AE-195ED756E9E7} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {BE0BB3BE-F8BD-448C-869E-DC0700974789} - (no file)
O2 - BHO: (no name) - {C21E2F7A-32FD-4AA7-B9C8-20C476673BEA} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {E24B5D3F-0150-4823-8EAB-43BC40E94C80} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FC7D26E7-6697-4CBE-8B77-61AE360AC04B} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: efcyxyw - efcyxyw.dll (file missing)
O20 - Winlogon Notify: mljhi - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 7191 bytes




SDFix: Version 1.104

Run by Ginger on Sat 09/15/2007 at 11:55 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
cmdService
DomainService
Driver
Network Monitor
runtime

ImagePath:
C:\WINDOWS\TXMuIEhpbWVz\command.exe
C:\WINDOWS\system32\mycngpkg.exe /service
\??\C:\WINDOWS\system32\kernelw.sys
C:\Program Files\Network Monitor\netmon.exe service
\??\C:\WINDOWS\System32\drivers\runtime.sys

cmdService - Deleted
DomainService - Deleted
Driver - Deleted
Network Monitor - Deleted
runtime - Deleted



Infected tcpip.sys Found!

tcpip.sys File Locations:

"C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys" 359808 04/20/2006 07:51 AM
"C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys" 360576 04/20/2006 08:18 AM
"C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys" 340480 04/20/2006 07:38 AM
"C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys" 359040 08/04/2004 02:14 AM
"C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys" 332928 07/16/2003 12:41 PM
"C:\WINDOWS\ServicePackFiles\i386\tcpip.sys" 359040 08/04/2004 02:14 AM
"C:\WINDOWS\system32\dllcache\tcpip.sys" 401152 09/08/2007 12:25 AM

Detected Patched Files Are Listed Below:

C:\WINDOWS\system32\dllcache\tcpip.sys

Note: SDFix Does Not Repair This File!

If No Clean Copies Are Found Download The Below Update To Restore Original Files:

http://www.microsoft.com/technet/securi ... 6-032.mspx


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Resetting AppInit_DLLs value


Rebooting...

Service asc355 - Deleted after Reboot
Service runtime2 - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\TXMuIEhpbWVz\nrgRKH1DvqpW.vbs - Deleted
C:\WINDOWS\system32\openfiles.dll - Deleted
C:\WINDOWS\SYSTEM32\DLLH8J~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\427119~1.DLL - Deleted
C:\Documents and Settings\Ginger\Local Settings\Temp\1.dllb - Deleted
C:\Documents and Settings\Ginger\Local Settings\Temp\2.dllb - Deleted
C:\Documents and Settings\Ginger\Local Settings\Temp\5.dllb - Deleted
C:\Documents and Settings\Ginger\Local Settings\Temp\6.dllb - Deleted
C:\Documents and Settings\Ginger\Local Settings\Temp\7.dllb - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\1.dllb - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\2.dllb - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\5.dllb - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\6.dllb - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\7.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\1.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\2.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\5.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\6.dllb - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\7.dllb - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun10.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun11.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun12.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun13.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun15.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun16.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun17.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun2.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun20.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun21.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun22.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun23.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun24.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun25.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun27.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun28.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun29.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun3.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun30.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun31.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun35.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun36.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun37.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun38.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun39.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun4.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun41.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun5.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun6.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun7.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun9.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun1.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun10.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun11.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun13.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun17.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun18.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun19.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun20.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun23.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun24.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun3.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun4.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun5.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun6.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun7.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun8.exe - Deleted
C:\WINDOWS\Temp\stdrun1.exe - Deleted
C:\WINDOWS\Temp\stdrun5.exe - Deleted
C:\Documents and Settings\Ginger\Local Settings\Temp\v4xd3.ga2me - Deleted
C:\Documents and Settings\Ginger\Local Settings\Temp\v5xd4.ga2me - Deleted
C:\Documents and Settings\Ginger\Local Settings\Temp\v6xdt4.game - Deleted
C:\Documents and Settings\Ginger\Local Settings\Temp\vx1dt3.game - Deleted
C:\Documents and Settings\Ginger\Local Settings\Temp\vx3dt2.game - Deleted
C:\WINDOWS\system32\home.exe.exe - Deleted
C:\Documents and Settings\All Users\Documents\Settings\bot.dll - Deleted
C:\Documents and Settings\All Users\Documents\Settings\partnership.dll - Deleted
C:\WINDOWS\csrss.exe - Deleted
C:\WINDOWS\system32\4_exception.nls - Deleted
C:\WINDOWS\system32\AClient.dll - Deleted
C:\WINDOWS\system32\dllh8jkd1q1.exe - Deleted
C:\WINDOWS\system32\dllh8jkd1q5.exe - Deleted
C:\WINDOWS\system32\dllh8jkd1q6.exe - Deleted
C:\WINDOWS\system32\dllh8jkd1q7.exe - Deleted
C:\WINDOWS\system32\dllh8jkd1q8.exe - Deleted
C:\WINDOWS\system32\f06WtR\f06WtR1083.exe - Deleted
C:\WINDOWS\system32\GoogleBot.exe - Deleted
C:\WINDOWS\system32\kernelw.sys - Deleted
C:\WINDOWS\system32\kernelwind32.exe - Deleted
C:\WINDOWS\system32\kr_done1 - Deleted
C:\WINDOWS\system32\ldcore.dll - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\system32\n.ini - Deleted
C:\WINDOWS\system32\RabioSetup.exe - Deleted
C:\WINDOWS\system32\spoolsvv.exe - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\TFTP1844 - Deleted
C:\WINDOWS\system32\TFTP2816 - Deleted
C:\WINDOWS\system32\TFTP3036 - Deleted
C:\WINDOWS\system32\TFTP3636 - Deleted
C:\WINDOWS\system32\TFTP3916 - Deleted
C:\WINDOWS\system32\TFTP404 - Deleted
C:\WINDOWS\system32\vx.tll - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\tcb.pmw - Deleted
C:\WINDOWS\Temp\startdrv.exe - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted
C:\WINDOWS\xpupdate.exe - Deleted
C:\WINDOWS\system32\drivers\asc355.sys - Deleted
C:\WINDOWS\system32\drivers\runtime2.sys - Deleted


Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Folder C:\Temp\brr - Removed
Folder C:\Temp\fse - Removed
Folder C:\WINDOWS\system32\b02FdUe - Removed
Folder C:\WINDOWS\system32\f06WtR - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe
C:\Documents and Settings\Ginger\Application Data\U3\temp\Launchpad Removal.exe
C:\Documents and Settings\TEMP\Application Data\U3\temp\Launchpad Removal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe

Finished!
ryans
Active Member
 
Posts: 14
Joined: September 12th, 2007, 10:45 pm

Unread postby Kairis » September 17th, 2007, 2:04 am

One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby ryans » September 17th, 2007, 10:05 am

After reading the information on the links you provided and some thoughtful consideration I'd like to continue and clean the computer. The computer in question isn't used for any business or personal business/financial purposes and from now on I'll do all such transactions on my other computer.
ryans
Active Member
 
Posts: 14
Joined: September 12th, 2007, 10:45 pm

Unread postby ryans » September 19th, 2007, 8:22 am

Whats the next step in the cleaning process?
ryans
Active Member
 
Posts: 14
Joined: September 12th, 2007, 10:45 pm

Unread postby Kairis » September 19th, 2007, 8:47 am

I apologize for the delay getting to your log, the helpers here are very busy.

Send feedback ASAP.
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby Kairis » September 19th, 2007, 11:44 am

Please download ATF Cleaner
-¤- Double-click ATF-Cleaner.exe to run the program.
-¤- Under Main choose: Select All
-¤- Click the Empty Selected button.
If you use Firefox browser
-¤- Click Firefox at the top and choose: Select All
-¤- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
-¤- Click Opera at the top and choose: Select All
-¤- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
-¤- Click Exit on the Main menu to close the program.

Please follow the instructions provided, you may want to print out these instructions and use them as a reference:
AVG Anti-Spyware only works on Windows 2000 and Windows XP (32-Bit)
Download AVG Anti-Spyware 7.5 and save that file to your desktop.
This is a 30 day trial of the program

  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.

    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"

    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan and a new HijackThis log, thanks.
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby ryans » September 22nd, 2007, 6:35 pm

There was a problem installing and running the AVG program. This problem isn't specific with just AVG: because of all the memory the trojan is using there isn't enough left for large programs and they constantly stop responding. I constantly get messages from Windows saying the the Virtual Memory is low. AVG would not install in Normal Mode, only Safe mode. It also would not run in Normal Mode, only in Safe Mode. When I tried to run it in Normal Mode I got this message: "Something bad happened in the application. Error diagnostics file saved to ...'guard.err'" Here are the contents of the error file:
//==<AVG AntiSpyware 7.5.1.22>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 004030A0 01:000020A0 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Module Date: 05/30/2007 07:55:10
File Version of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe: 7.5.1.36
Exception Date: 09/21/2007 19:43:46

MiniDump Information Saved to C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.dmp

Registers:
EAX:00000000
EBX:007BFEF4
ECX:00000000
EDX:01590008
ESI:00000000
EDI:007BFEC6
CS:EIP:001B:004030A0
SS:ESP:0023:007BFA70 EBP:007BFED0
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246

Intel specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
004030A0 007BFED0 007BFEF4 0044A888 0000007C 0158FFA0 0001:000020A0 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

ImageHelp specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
004030A0 007BFED0 007BFEF4 0044A888 0000007C 0158FFA0 0001:000020A0 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

Loaded Modules:
Base Size Module
00400000 04E000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
7C900000 0B0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 0F5000 5.01.2600.3119 C:\WINDOWS\system32\kernel32.dll
10000000 0DE000 4.02.0000.0019 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
76780000 009000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
77C10000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
77DD0000 09B000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E70000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77F60000 076000 6.00.2900.3157 C:\WINDOWS\system32\SHLWAPI.dll
77F10000 047000 5.01.2600.3159 C:\WINDOWS\system32\GDI32.dll
7E410000 090000 5.01.2600.3099 C:\WINDOWS\system32\USER32.dll
76B40000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
76BF0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
77C00000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
76D60000 019000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll
71AB0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
71AA0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
774E0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
77120000 08B000 5.01.2600.3139 C:\WINDOWS\system32\OLEAUT32.dll
76390000 01D000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
773D0000 102000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
5D090000 09A000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
77690000 021000 5.01.2600.2180 C:\WINDOWS\system32\NTMARTA.DLL
76F60000 02C000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
71BF0000 013000 5.01.2600.2180 C:\WINDOWS\system32\SAMLIB.dll
59A60000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL

//==<AVG AntiSpyware 7.5.1.22>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 004030A0 01:000020A0 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Module Date: 05/30/2007 07:55:10
File Version of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe: 7.5.1.36
Exception Date: 09/22/2007 15:02:13

MiniDump Information Saved to C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.dmp

Registers:
EAX:00000000
EBX:007BFEF4
ECX:00000000
EDX:01790000
ESI:00000000
EDI:007BFEC6
CS:EIP:001B:004030A0
SS:ESP:0023:007BFA70 EBP:007BFED0
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246

Intel specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
004030A0 007BFED0 007BFEF4 0044A888 0000007C 0158FFA0 0001:000020A0 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

ImageHelp specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
004030A0 007BFED0 007BFEF4 0044A888 0000007C 0158FFA0 0001:000020A0 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

Loaded Modules:
Base Size Module
00400000 04E000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
7C900000 0B0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 0F5000 5.01.2600.3119 C:\WINDOWS\system32\kernel32.dll
10000000 0DE000 4.02.0000.0019 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
76780000 009000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
77C10000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
77DD0000 09B000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E70000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77F60000 076000 6.00.2900.3157 C:\WINDOWS\system32\SHLWAPI.dll
77F10000 047000 5.01.2600.3159 C:\WINDOWS\system32\GDI32.dll
7E410000 090000 5.01.2600.3099 C:\WINDOWS\system32\USER32.dll
76B40000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
76BF0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
77C00000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
76D60000 019000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll
71AB0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
71AA0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
774E0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
77120000 08B000 5.01.2600.3139 C:\WINDOWS\system32\OLEAUT32.dll
76390000 01D000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
773D0000 102000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
5D090000 09A000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
77690000 021000 5.01.2600.2180 C:\WINDOWS\system32\NTMARTA.DLL
76F60000 02C000 5.01.2600.2180 C:\WINDOWS\system32\WLDAP32.dll
71BF0000 013000 5.01.2600.2180 C:\WINDOWS\system32\SAMLIB.dll
59A60000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL

____________________________________________________

I was able to install and run AVG in Safe Mode but with no network support I could not download the latest virus signatures file. I looked for a manual update file on the AVG site but there was none. So I ran AVG with it's default signatures and it quarantined a number of items but it would not save a log (I had "automatically generate a report" checked).

ATF cleaner ran in Normal Mode with no problems, albeit a little slow.

Here is the latest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:53 PM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8e6cd0fa-ee9e-41b6-9ee0-06c055ceaeb7} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A58ECE8A-274B-4B81-9526-4878D500A590} - (no file)
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {B71991AA-F780-417E-48AE-195ED756E9E7} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {BE0BB3BE-F8BD-448C-869E-DC0700974789} - (no file)
O2 - BHO: (no name) - {C21E2F7A-32FD-4AA7-B9C8-20C476673BEA} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {E24B5D3F-0150-4823-8EAB-43BC40E94C80} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FC7D26E7-6697-4CBE-8B77-61AE360AC04B} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: efcyxyw - efcyxyw.dll (file missing)
O20 - Winlogon Notify: mljhi - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 7206 bytes
ryans
Active Member
 
Posts: 14
Joined: September 12th, 2007, 10:45 pm

Unread postby Kairis » September 24th, 2007, 2:30 am

Install updates manually: http://www.ewido.net/en/download/updates/

If AVG don't give a report, open Avg anti-spyware, choose infections, choose Quarantine tab, and copy everything from there in your next reply.
User avatar
Kairis
Regular Member
 
Posts: 524
Joined: September 15th, 2006, 1:45 pm
Location: Southern Finland

Unread postby ryans » October 7th, 2007, 6:47 pm

Sorry for the wait, the native resolution of AVG is higher than the display resolution, which means the edges are cut off of the program as it appears in the window, because its in safe mode the ati drivers cant load and changing the resolution the control panel doesnt help. I used "print screen" to copy the screen, while viewing the quarentine list, and the screenshots appear below. Sorry but there wasn't any way to copy and paste the contents of the AVG quantenine, CTRL-V didnt work or anything else I tried.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:11 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8e6cd0fa-ee9e-41b6-9ee0-06c055ceaeb7} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A58ECE8A-274B-4B81-9526-4878D500A590} - (no file)
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll (file missing)
O2 - BHO: (no name) - {B71991AA-F780-417E-48AE-195ED756E9E7} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {BE0BB3BE-F8BD-448C-869E-DC0700974789} - (no file)
O2 - BHO: (no name) - {C21E2F7A-32FD-4AA7-B9C8-20C476673BEA} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {E24B5D3F-0150-4823-8EAB-43BC40E94C80} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FC7D26E7-6697-4CBE-8B77-61AE360AC04B} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: efcyxyw - efcyxyw.dll (file missing)
O20 - Winlogon Notify: mljhi - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 6591 bytes

Image
Image
ryans
Active Member
 
Posts: 14
Joined: September 12th, 2007, 10:45 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 490 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware