1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

a,b,c.exe

Discussion in 'Virus & Other Malware Removal' started by fruppagrup, Oct 4, 2008.

Thread Status:
Not open for further replies.
  1. fruppagrup

    fruppagrup Thread Starter

    Joined:
    Oct 4, 2008
    Messages:
    1
    Hi There,

    I have a problem and would be very grateful for your help. I seem to have picked up some kind of virus. Here are the symptoms:

    1. A warning dialogue box pop-up ´saying that the offending .exe (randomly a, b, or c -though mostly b) had to shutdown. It takes about three cancels before the dialogue box goes away. I've tried the debug option, sending the problem to microsoft.

    2. Sometimes a link in Explorer will be diverted (jump) to another site (mostly e-mule, whatever that may be). When I try the link again it works fine.

    I've run Adware, Uniblue and Macafee but nothing found. The task manager comes up fine but there is no reference to the .exe.
    It seems benign and just irritating, but I have no idea what these things are capable of. Below is the Hijackthis report.

    Thanks in advance,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:07:53 AM, on 4/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Programme\Bonjour\mDNSResponder.exe
    C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Programme\Digidesign\Drivers\MMERefresh.exe
    C:\Programme\Power Translator 11\LogoMedia TranslateDotNet Server.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\GEMEIN~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Programme\McAfee\MPF\MPFSrv.exe
    C:\Programme\McAfee\MSK\MskSrver.exe
    C:\Programme\CyberLink\Shared Files\RichVideo.exe
    C:\Programme\Spyware Doctor\pctsAuxs.exe
    C:\Programme\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
    C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Programme\PowerISO\PWRISOVM.EXE
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
    C:\Programme\Home Cinema\PowerCinema\PCMService.exe
    C:\Programme\QuickTime\qttask.exe
    C:\Programme\iTunes\iTunesHelper.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Programme\SiteAdvisor\6253\SiteAdv.exe
    C:\Programme\Spyware Doctor\pctsTray.exe
    C:\Programme\iPod\bin\iPodService.exe
    C:\Programme\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    C:\Programme\Uniblue\SpyEraser\SpyEraser.exe
    C:\DOKUME~1\Dad\LOKALE~1\Temp\video1110.cfg.exe
    C:\Programme\Uniblue\RegistryBooster\RegistryBooster.exe
    C:\Programme\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
    C:\Programme\SEC\Natural Color Pro\NCProTray.exe
    C:\Programme\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by121w.bay121.mail.live.com/mail/InboxLight.aspx?n=2130649190
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programme\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
    O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programme\Power Translator 11\Applications\LEC IE Translation Extension.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Programme\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Programme\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programme\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Programme\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programme\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - HKCU\..\Run: [MSFox] C:\DOKUME~1\Dad\LOKALE~1\Temp\video1110.cfg.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Programme\Uniblue\RegistryBooster\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Free WebSite Tools.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: MA111 Configuration Utility.lnk = ?
    O4 - Global Startup: NCProTray.lnk = ?
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programme\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by121fd.bay121.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D7F7B8C-70A5-4E1B-AD71-BF1877B9959D}: NameServer = 192.168.2.1,4.2.2.1
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Programme\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
    O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programme\Power Translator 11\LogoMedia TranslateDotNet Server.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: MBackMonitor - McAfee - C:\Programme\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programme\McAfee\MSK\MskSrver.exe
    O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    --
    End of file - 15169 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/755967

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice