Hi!
I need help. There is many things that are screwing with my computer atm and have been screwing it for a long time now. I'm just going to list some of the things I think and hope you can help me with.
First up, When I start my computer two rundll.exe errors occurs
1. Could not read C:\Windows\system32\gjebqacc.dll
Can't find the specific module.
2. Could not read C:\Windows\System32\rvbojdjf.dll
Can't find the specific module.
(It's in swedish so I'm trying to translate it as good as I can)
This is how usually it looks after startup:
(Startup)
Also the service IEXPLORE.EXE start running multiple processes and slows down the CPU and sometimes even slows or blocks my internet connection (the connection reappear after I terminate the proces, though it sometimes returns.) The total CPU usage can reach up to 350 MB over 8-10 different IEXPLORE.EXE processes
Another issue I have is that my anti-virus AVG always detect two specific trojan/malware.
1. C:\Windows\System32\Drivers\tcpsr.sys
2. C:\Windows\System32\bmuwuywb.dll (sometimes also bmuwuywb32.dll
They always reapear after I reboot the computer, even if I don't acces Internet or a local network. (I always choose move to vault or remove threat when the alert comes up.) Here is my current vault:
(Virus Vault)
At last but not least, services.exe tend to crash once in a while the average is once every 2 hours, then a countdown starts to reset the computer. To this problem can't I suspect what's wrong if it's not all the other malfunctionings that causes it.
Anyway here is a log from HJT after startup.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:35, on 2008-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program\Delade filer\New Boundary\PrismXL\ChannelDeploy.sys
C:\Program\Altiris\Carbon Copy\shellker.exe
C:\Program\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program\Delade filer\New Boundary\PrismXL\PRISMXL.SYS
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Altiris\CARBON~1\client.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\Network Associates\Common Framework\UpdaterUI.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\Prism Deploy\Client\PTClient.exe
C:\Program\hpq\Shared\HPQTOA~1.EXE
C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program\Unlocker\UnlockerAssistant.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Delade filer\PCSuite\Services\NclBTHandler.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe
C:\Program\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mail.edu.linkoping.se
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mail.edu.linkoping.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.linkoping.se:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {19CDFF57-B65C-468E-A448-11E0E39DC3B7} - C:\WINDOWS\system32\yayyYoPf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {2c903229-1e81-e529-7604-df634882dd89} - {98dd2884-36fd-4067-925e-18e1922309c2} - C:\WINDOWS\system32\tyorbtrm.dll (file missing)
O2 - BHO: AVG Security Toolbar - {a057a204-bacc-4d26-9990-79a187e2698e} - C:\Program\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E0075631-6B3E-45FF-B08C-F2F7C8C2F4E1} - C:\WINDOWS\system32\khfGvwuv.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program\Prism Deploy\Client\PTClient.exe" /Subscriber
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [40665fc6] rundll32.exe "C:\WINDOWS\system32\gjebqacc.dll",b
O4 - HKLM\..\Run: [BM43556c5a] Rundll32.exe "C:\WINDOWS\system32\rvbojdjf.dll",s
O4 - HKLM\..\Run: [Cpl32ver] C:\WINDOWS\System32\Cpl32ver.exe
O4 - HKLM\..\Run: [SMrhclnfj0ec71] C:\Program\rhclnfj0ec71\rhclnfj0ec71.exe
O4 - HKLM\..\Run: [lphcgnfj0ec71] C:\WINDOWS\system32\lphcgnfj0ec71.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Konvertera länkmål till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera länkmål till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera markering till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera valda länkar till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konvertera valda länkar till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?e983503bd2db458496d8eee905adf7e6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?e983503bd2db458496d8eee905adf7e6
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://mail.edu.linkoping.se
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158829858531
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6CF1A6F-10CB-4C8A-B451-C964ED921307}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: AMINIT.dll,avgrsstx.dll
O20 - Winlogon Notify: bmuwuywb - C:\WINDOWS\SYSTEM32\bmuwuywb32.dll
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O20 - Winlogon Notify: winnt64 - WinNt64.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: APVBUVJMEQFVUT (apvbuvjmeqfvut) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\APVBUVJMEQFVUT.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
O23 - Service: Channel Deployer - New Boundary Technologies, Inc. - C:\Program\Delade filer\New Boundary\PrismXL\ChannelDeploy.sys
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program\OneStepSearch\onestep.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program\Delade filer\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 15555 bytes
I need help. There is many things that are screwing with my computer atm and have been screwing it for a long time now. I'm just going to list some of the things I think and hope you can help me with.
First up, When I start my computer two rundll.exe errors occurs
1. Could not read C:\Windows\system32\gjebqacc.dll
Can't find the specific module.
2. Could not read C:\Windows\System32\rvbojdjf.dll
Can't find the specific module.
(It's in swedish so I'm trying to translate it as good as I can)
This is how usually it looks after startup:
Also the service IEXPLORE.EXE start running multiple processes and slows down the CPU and sometimes even slows or blocks my internet connection (the connection reappear after I terminate the proces, though it sometimes returns.) The total CPU usage can reach up to 350 MB over 8-10 different IEXPLORE.EXE processes
Another issue I have is that my anti-virus AVG always detect two specific trojan/malware.
1. C:\Windows\System32\Drivers\tcpsr.sys
2. C:\Windows\System32\bmuwuywb.dll (sometimes also bmuwuywb32.dll
They always reapear after I reboot the computer, even if I don't acces Internet or a local network. (I always choose move to vault or remove threat when the alert comes up.) Here is my current vault:
(Virus Vault)
At last but not least, services.exe tend to crash once in a while the average is once every 2 hours, then a countdown starts to reset the computer. To this problem can't I suspect what's wrong if it's not all the other malfunctionings that causes it.
Anyway here is a log from HJT after startup.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:35, on 2008-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Intel\Wireless\Bin\WLKeeper.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program\Delade filer\New Boundary\PrismXL\ChannelDeploy.sys
C:\Program\Altiris\Carbon Copy\shellker.exe
C:\Program\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program\Delade filer\New Boundary\PrismXL\PRISMXL.SYS
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Altiris\CARBON~1\client.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program\Network Associates\Common Framework\UpdaterUI.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\Prism Deploy\Client\PTClient.exe
C:\Program\hpq\Shared\HPQTOA~1.EXE
C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program\Unlocker\UnlockerAssistant.exe
C:\Program\AVG\AVG8\avgtray.exe
C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Delade filer\PCSuite\Services\NclBTHandler.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\DELADE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe
C:\Program\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mail.edu.linkoping.se
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mail.edu.linkoping.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.linkoping.se:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {19CDFF57-B65C-468E-A448-11E0E39DC3B7} - C:\WINDOWS\system32\yayyYoPf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {2c903229-1e81-e529-7604-df634882dd89} - {98dd2884-36fd-4067-925e-18e1922309c2} - C:\WINDOWS\system32\tyorbtrm.dll (file missing)
O2 - BHO: AVG Security Toolbar - {a057a204-bacc-4d26-9990-79a187e2698e} - C:\Program\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E0075631-6B3E-45FF-B08C-F2F7C8C2F4E1} - C:\WINDOWS\system32\khfGvwuv.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program\Prism Deploy\Client\PTClient.exe" /Subscriber
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [40665fc6] rundll32.exe "C:\WINDOWS\system32\gjebqacc.dll",b
O4 - HKLM\..\Run: [BM43556c5a] Rundll32.exe "C:\WINDOWS\system32\rvbojdjf.dll",s
O4 - HKLM\..\Run: [Cpl32ver] C:\WINDOWS\System32\Cpl32ver.exe
O4 - HKLM\..\Run: [SMrhclnfj0ec71] C:\Program\rhclnfj0ec71\rhclnfj0ec71.exe
O4 - HKLM\..\Run: [lphcgnfj0ec71] C:\WINDOWS\system32\lphcgnfj0ec71.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Konvertera länkmål till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera länkmål till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera markering till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konvertera till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konvertera valda länkar till Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konvertera valda länkar till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?e983503bd2db458496d8eee905adf7e6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?e983503bd2db458496d8eee905adf7e6
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://mail.edu.linkoping.se
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158829858531
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6CF1A6F-10CB-4C8A-B451-C964ED921307}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: AMINIT.dll,avgrsstx.dll
O20 - Winlogon Notify: bmuwuywb - C:\WINDOWS\SYSTEM32\bmuwuywb32.dll
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O20 - Winlogon Notify: winnt64 - WinNt64.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: APVBUVJMEQFVUT (apvbuvjmeqfvut) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\APVBUVJMEQFVUT.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
O23 - Service: Channel Deployer - New Boundary Technologies, Inc. - C:\Program\Delade filer\New Boundary\PrismXL\ChannelDeploy.sys
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program\OneStepSearch\onestep.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program\Delade filer\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\Delade filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 15555 bytes
