Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

wtta.exe spoolvse.exe winbd32.exe [RESOLVED]


  • This topic is locked This topic is locked

#1
WillieManillie

WillieManillie

    New Member

  • Member
  • Pip
  • 5 posts
I have performed a hijackthis and will post the log here. Just a brief history. I have contained attempts to go out to the Internet for ads. The programs are listed in the title. If they are removed with hijackthis in safe mode they come back. I have reviewed and performed manual removal procedures viewed throughout the web and none have worked yet.

Any suggestions are very much appreciated. Thank you.

----------------------HiJackThis Follows-------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:01:08 PM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\FIREWALL\PNMSRV.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\PsImSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\apvxdwin.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\WebProxy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\AVENGINE.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\psimreal.exe
C:\Program Files\Registrar Lite\rl.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\3wm36iif.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AutoLoader407l1acXUaPZ] "C:\WINDOWS\System32\wtsntlog.exe"
O4 - HKLM\..\Run: [start extracting] spoolvse.exe
O4 - HKLM\..\Run: [Microsoft Service] winbd32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
O4 - HKLM\..\RunServices: [Microsoft Service] winbd32.exe
O4 - HKCU\..\Run: [SPYKILLER] C:\Program Files\Anonymizer\sk\SpyWareKiller.exe /BOOT
O4 - HKCU\..\Run: [Windows Stand Sound Drivers] Sounddrv.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [start extracting] spoolvse.exe
O4 - HKCU\..\Run: [Microsoft Service] winbd32.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\RunServices: [Windows Stand Sound Drivers] Sounddrv.exe
O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124111214218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124111332796
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: TurkSpy For RootKit (GencTurK RootKit) - Unknown owner - c:\system.exe (file missing)
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\PsImSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\TPSrv.exe
O23 - Service: Ampi32 (wdfmgr) - Unknown owner - C:\WINDOWS\msvcrt.exe (file missing)
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi WillieManillie and Welcome to GeekstoGo!

Please temporily disable TeaTimer in Spybot S&D as it may prevent part of this fix

Open Spybot and click on Mode, check Advanced Mode

Check yes to next window.

Click on Tools in bottom left hand corner

Click on Resident. Uncheck Resident "TeaTimer" box.

Close Spybot. Reboot your computer.

This must be done before proceeding with the steps below!

If Microsoft AntiSpywares Real Time Protection is enabled-> to disable the real-time protection-> right click on the icon and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.

Please download the attached Zip file to your Desktop-> Right Click and Select "Extract All"!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Download Pocket KillBox from here:
http://www.atribune....llBox_beta_.exe

Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Click Start-> Run-> Type in Services.msc and Click OK!

Scroll that list and locate this entries

TurkSpy For RootKit

Ampi32

Right Click each entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!

Click Apply-> OK and Exit the Services Page!

Highlight the list below and press Ctrl+C to Copy!

C:\system.exe
C:\WINDOWS\msvcrt.exe
C:\WINDOWS\msconfg.exe
C:\WINDOWS\winbd32.exe
C:\WINDOWS\Sounddrv.exe
C:\WINDOWS\spoolvse.exe
C:\WINDOWS\System32\msconfg.exe
C:\WINDOWS\System32\winbd32.exe
C:\WINDOWS\System32\Sounddrv.exe
C:\WINDOWS\System32\spoolvse.exe
C:\WINDOWS\System32\random.exe
C:\WINDOWS\System32\msdirectx.sys
C:\WINDOWS\system32\rdriv.sys
C:\WINDOWS\System32\wtsntlog.exe
C:\Program Files\apsi\wtta.exe
C:\Program Files\apsi
C:\Program Files\Anonymizer\sk\SpyWareKiller.exe
C:\Program Files\Anonymizer\sk
C:\Program Files\Anonymizer


Now Open Pocket Killbox-> Click File-> Click Paste from Clipboard!

Place a tick by Delete on Reboot-> Click the Red Circle to Delete!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O4 - HKLM\..\Run: [AutoLoader407l1acXUaPZ] "C:\WINDOWS\System32\wtsntlog.exe"

O4 - HKLM\..\Run: [start extracting] spoolvse.exe

O4 - HKLM\..\Run: [Microsoft Service] winbd32.exe

O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe

O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe

O4 - HKLM\..\RunServices: [Microsoft Service] winbd32.exe

O4 - HKCU\..\Run: [SPYKILLER] C:\Program Files\Anonymizer\sk\SpyWareKiller.exe /BOOT

O4 - HKCU\..\Run: [Windows Stand Sound Drivers] Sounddrv.exe

O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe

O4 - HKCU\..\Run: [start extracting] spoolvse.exe

O4 - HKCU\..\Run: [Microsoft Service] winbd32.exe

O4 - HKCU\..\RunServices: [Windows Stand Sound Drivers] Sounddrv.exe

O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O23 - Service: TurkSpy For RootKit (GencTurK RootKit) - Unknown owner - c:\system.exe (file missing)

O23 - Service: Ampi32 (wdfmgr) - Unknown owner - C:\WINDOWS\msvcrt.exe (file missing)


Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

Now Scan the entire System with Ewido-> Clean all it finds and be sure to click the tab to Save a Report!

Click Start-> Run-> Copy&Paste each entry below(One at a time)into the Open Box and Click OK!

sc stop msdirectx

sc delete msdirectx

sc delete wdfmgr

sc delete GencTurK RootKit


Now locate the zipped registry file I had you download and double click Clr.reg-> Allow it to merge into the Registry!

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from WinPFind-> Ewido and Panda!

Attached Files

  • Attached File  Clr.zip   557bytes   94 downloads

  • 0

#3
WillieManillie

WillieManillie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for your guidance with this issue. I have tried as suggested and double-checked my work, but it appears they haven't gone away. After completion I temporarily loaded teatimer and no activity was present. This was good considering how many warnings I received before.

Instead of just scanning with Panda, I scanned with Spysearch S & D, LavaSoft, TrendMicro's HouseCall (anti-spyware and virus scanner, McCafee's Online Scanner, and CWShredder.

The results are as follows:

-Panda reported (after all of the suggested steps) - software/Dynamic Toolbar, /searchcentrix, webrebate, and pskill.exe

-Spybot S&D reported and cleaned - LSA

-LavaSoft reported - LycoSearch

-TrendMicro reported - com.com, about.com, azjmp.com, www.short-media.com, rightmedia.net, 2020search.com, bhjk - CoolWebSearch, Comet Systems, & ADW_abetterinternet_vx2, bett.inf

-TrendMicro VirusScan reports - Worm sdbot.bbr

-CWShredder reports - cws.msconfig

-McAffee reports - Reg/Seeker for a file C:\hp\region\EN_US-ie.reg, c:\system.ini - HackerDefender.inim, c:\WINDOWS\l.bat - QLowZones-26.bat, C:\WINDOWS\...\8N4HYRW9\protector_update[1].exe AdClicker-BA

I am including the results as requested. Although things appear calm now, there is no doubt in time is will be triggered. This system literally has Panda, AVG, MS AntiSpyware, TrojanHunter Guard, & SyGate Firewall. It is beyond me how to take care of this.

Thanks.
sd

------------------------------------------------------
HiJackThis Log After The Cleaning Previsouly Suggested

Logfile of HijackThis v1.99.1
Scan saved at 8:40:28 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\FIREWALL\PNMSRV.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\PsImSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\apvxdwin.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\WebProxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CleanUp!\Cleanup.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\SearchAssistant\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\3wm36iif.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Microsoft Service] winbd32.exe
O4 - HKLM\..\Run: [AutoLoader407l1acXUaPZ] "C:\WINDOWS\System32\wtsntlog.exe"
O4 - HKLM\..\Run: [start extracting] spoolvse.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [start extracting] spoolvse.exe
O4 - HKLM\..\RunServices: [Microsoft Service] winbd32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\Run: [SPYKILLER] C:\Program Files\Anonymizer\sk\SpyWareKiller.exe /BOOT
O4 - HKCU\..\Run: [Windows Stand Sound Drivers] Sounddrv.exe
O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [start extracting] spoolvse.exe
O4 - HKCU\..\Run: [Microsoft Service] winbd32.exe
O4 - HKCU\..\RunServices: [Windows Stand Sound Drivers] Sounddrv.exe
O4 - HKCU\..\RunServices: [start extracting] spoolvse.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124111214218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124111332796
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...561/mcfscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\PsImSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2006\TPSrv.exe

-----------------------------------------------

EWIDO & Panda report no problems
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I really need to see the WinPfind log!
  • 0

#5
WillieManillie

WillieManillie

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for the assistance. It was resolved!
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP