Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer acting up

Started by Whistlewind , Sep 01 2006 10:45 PM

  • Please log in to reply

#1
Whistlewind
Posted 01 September 2006 - 10:45 PM

Whistlewind

    Member

  • Member
  • PipPip
  • 63 posts
Thanks for your time


Logfile of HijackThis v1.99.1
Scan saved at 9:42:11 AM, on 9/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Common\Data\C_\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common\Data\C_\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Common\Data\C_\Program Files\Common\Data\C_\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Common\Data\C_\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common\Data\C_\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common\Data\C_\Program Files\SpywareGuard\sgbhp.exe
H:\Programs\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jon\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: check-ip-changed.bat
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1142468189636
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142468179605
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
  • 0

Advertisements

#2
Metallica
Posted 08 September 2006 - 07:48 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hi Whistlewind,

I don't see any malware in your log.
Can you tell us when your computer started acting up?

First I would uninstall BHODemon, since it is no longer supported and at least two other programs you have perform more or less the same task.

Regards,
  • 0

#3
Whistlewind
Posted 09 September 2006 - 12:24 PM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
My computer started running really slowly the day i originally posted my log. Also that day half the programs on my desktop the links to them stopped working and every time i clicked them it said they have been moved and i didn't move them. Most of my programs i still cannot run because i get errors saying it cannot find the right files to start the program. I'm going to re post a log just to make sure there's nothing going on.

btw O4 - Startup: check-ip-changed.bat i put that there.

Logfile of HijackThis v1.99.1
Scan saved at 11:18:30 AM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common\Data\C_\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common\Data\C_\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common\Data\C_\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Common\Data\C_\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Documents and Settings\Jon\Desktop\HijackThis.exe
H:\PROGRAMS\MOZILL~1\FIREFOX.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: check-ip-changed.bat
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1142468189636
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142468179605
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
  • 0

#4
Metallica
Posted 09 September 2006 - 02:55 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hmmmm. I'm taking a wild guess here that you installed something (with or without your knowledge) that changed the file-association for .lnk files.

We can easily test that.
Click Start > Run > cmd > OK

That will open a command prompt.
Type this command:

assoc .lnk <= note there is a space behind assoc

The command prompt should respond with:
.lnk=lnkfile

If it gives you a different answer post it.

Regards,
  • 0

#5
Whistlewind
Posted 09 September 2006 - 03:16 PM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
It came up with .lnk=lnkfile .
  • 0

#6
Metallica
Posted 10 September 2006 - 03:17 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK. We'll have to rule out a file-infecting virus. :whistling:
Check and let me know if your AVG is up to date.

Also go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Regards,
  • 0

#7
Whistlewind
Posted 10 September 2006 - 12:39 PM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Incident Status Location

Adware:adware/emediacodec Not disinfected c:\program files\Media-Codec
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jon\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jon\Cookies\jon@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jon\Cookies\jon@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jon\Cookies\jon@burstnet[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jon\Cookies\[email protected][2].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Jon\Cookies\jon@teensforcash[2].txt
  • 0

#8
Metallica
Posted 10 September 2006 - 12:58 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Ah, very good. :whistling:

Delete this folder:
c:\program files\Media-Codec
and this one as well if it's present:
c:\program files\x password manager

If they are in use reboot into safe mode and delete them from there.

Copy the code below into notepad and save it as lookup.bat
Set Filetype to "All files" 
dir %Systemdrive%\*codec*.exe /a h /s > files.txt
start notepad files.txt

Start the file by doubleclicking lookup.bat
That will open a file called files.txt. Post the content of that file.

Regards,
  • 0

#9
Whistlewind
Posted 10 September 2006 - 01:43 PM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Volume in drive C has no label.
Volume Serial Number is FC27-0056

Directory of C:\Program Files\Common\Data\C_\Program Files\DivX

08/05/2006 10:25 AM 1,473,697 DivXCodecUninstall.exe
1 File(s) 1,473,697 bytes
  • 0

#10
Metallica
Posted 11 September 2006 - 01:43 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hmmmm. Wrong location, but I'd like to doublecheck.

Can you surf to:
http://www.kaspersky.com/virusscanner
Click the File Scanner button
Choose this file to be submitted:
C:\Program Files\Common\Data\C_\Program Files\DivX\DivXCodecUninstall.exe

Click the Submit button and let me know the result of the scan.
If it says Win32.Parite you can delete it without checking with me first.

Regards,
  • 0

Advertisements

#11
Whistlewind
Posted 11 September 2006 - 09:30 AM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Cannot upload the file size exceeds 1gig.
  • 0

#12
Metallica
Posted 11 September 2006 - 11:29 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Yuck. Can you remember ever installing that Codec?

If not delete the file just to be safe.

Reboot, post a new HijackThis log and let me know how your computer is behaving.

Regards,
  • 0

#13
Whistlewind
Posted 11 September 2006 - 05:30 PM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Computer still wierd

Heres the log

Logfile of HijackThis v1.99.1
Scan saved at 4:27:56 PM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common\Data\C_\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common\Data\C_\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common\Data\C_\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common\Data\C_\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Common\Data\C_\Program Files\Common\Data\C_\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common\Data\C_\Program Files\Common\Data\C_\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Common\Data\C_\Program Files\SpywareGuard\sgbhp.exe
H:\PROGRAMS\MOZILL~1\FIREFOX.EXE
C:\Program Files\Macromedia\Flash MX\Flash.exe
C:\Documents and Settings\Jon\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: check-ip-changed.bat
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1142468189636
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142468179605
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

Hope you find it :whistling:
  • 0

#14
Metallica
Posted 12 September 2006 - 01:28 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Can you please uninstall BHODemon and SpywareGuard?

Winmdows Defender should be enough as resident protection against spyware and they might be a conflict between the three of them.

Regards,
  • 0

#15
Whistlewind
Posted 12 September 2006 - 02:17 AM

Whistlewind

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
i have tried before.... I get errors saying it cannot find the uninstall file when i try to uninstall
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP