1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Removing WinAntiSpyware 2007 HJT log here.

Discussion in 'Virus & Other Malware Removal' started by JosephT, Mar 30, 2007.

Thread Status:
Not open for further replies.
  1. JosephT

    JosephT Thread Starter

    Joined:
    Mar 30, 2007
    Messages:
    1
    I just want to get rid of this thing. Any advice on how to get it off.

    Here is my HJT log.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\AOL\1145504540\ee\AOLSoftware.exe
    C:\WINDOWS\system32\77d6d26c.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\WinAntiSpyware 2007 Free\was7.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasdc.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasers.exe
    C:\Program Files\WinAntiSpyware 2007 Free\uwas7cw.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\WinAntiSpyware 2007 Free\uwasffNT.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\MARYAN~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis-1.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0AECAA96-6818-509F-72C6-0527A9DF16B8} - C:\WINDOWS\system32\nasagde.dll
    O2 - BHO: (no name) - {0FA2855E-1566-D4F6-B9D9-063B46B38510} - C:\WINDOWS\system32\dtmypkj.dll
    O2 - BHO: (no name) - {18FA0344-C95F-B87B-9435-0A6B2B40DC63} - C:\WINDOWS\system32\obirtej.dll
    O2 - BHO: (no name) - {1A352B25-A45D-29C6-43AA-07734FBFB03D} - C:\WINDOWS\system32\tojsocc.dll
    O2 - BHO: (no name) - {1B226AEB-CD07-ACEC-F697-0702E8314489} - C:\WINDOWS\system32\wdkqrgb.dll
    O2 - BHO: (no name) - {2079F542-BB7C-EEC5-7049-005AFBCB3FA9} - C:\WINDOWS\system32\dwzvifm.dll
    O2 - BHO: (no name) - {32FA960B-3147-E5DC-2C10-077EE669E941} - C:\WINDOWS\system32\stenfv.dll
    O2 - BHO: (no name) - {33F2CDC4-E511-04F8-A243-022A7DD88B82} - C:\WINDOWS\system32\fgbsdsh.dll
    O2 - BHO: (no name) - {3D6E31EB-ACF1-9D81-8352-04B20BCBD10E} - C:\WINDOWS\system32\cmdhvzb.dll
    O2 - BHO: (no name) - {41E63DF0-7D9B-9671-802A-0898AD2557D9} - C:\WINDOWS\system32\cnrpfne.dll
    O2 - BHO: (no name) - {43D35D48-A923-1E2A-6B82-056B951032FD} - C:\WINDOWS\system32\pjnnjwm.dll
    O2 - BHO: (no name) - {48E6C191-9EC4-C4D1-2E77-0B6B4F856226} - C:\WINDOWS\system32\wsdzvo.dll
    O2 - BHO: (no name) - {49CC9207-0CEB-37F4-F5BA-06DD0DF40EEA} - C:\WINDOWS\system32\qwwjfke.dll
    O2 - BHO: (no name) - {4B27E42B-5734-45A1-673F-010FE6AB792E} - C:\WINDOWS\system32\nxawt.dll
    O2 - BHO: (no name) - {5455A913-0F81-1F8D-2171-0AC3326262EE} - C:\WINDOWS\system32\hzzhrbb.dll
    O2 - BHO: (no name) - {562D1B44-9B98-D678-E704-01358FB718F6} - C:\WINDOWS\system32\hcvleb.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {62CBD281-9466-3150-8F95-072D37E1F684} - C:\WINDOWS\system32\uljexrg.dll
    O2 - BHO: (no name) - {62F74BAD-167D-C380-EC5F-08B3906E073E} - C:\WINDOWS\system32\rsaodtl.dll
    O2 - BHO: (no name) - {6D984AC1-F42C-3689-7DDB-05F0EF08538A} - C:\WINDOWS\system32\zncrlje.dll
    O2 - BHO: (no name) - {6E60BA2B-0A8D-326F-9E27-074D6AFF25DF} - C:\WINDOWS\system32\kunmvwj.dll
    O2 - BHO: (no name) - {70EE8DAF-9FB2-8335-DCF3-067DEB75148D} - C:\WINDOWS\system32\cbwiihg.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1145504540\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [77d6d26c.exe] C:\WINDOWS\system32\77d6d26c.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [fztomal.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\fztomal.dll,kbtsemd
    O4 - HKLM\..\Run: [xrsxwui.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\xrsxwui.dll,epovkuf
    O4 - HKLM\..\Run: [oqsngwc.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\oqsngwc.dll,vacpigf
    O4 - HKLM\..\Run: [yfdubjl.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\yfdubjl.dll,lpogedc
    O4 - HKLM\..\Run: [xbygbpm.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\xbygbpm.dll,nbyfrq
    O4 - HKLM\..\Run: [omsmcle.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\omsmcle.dll,sygkhwc
    O4 - HKLM\..\Run: [xlsllkc.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\xlsllkc.dll,ighubrf
    O4 - HKLM\..\Run: [kutkaeb.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\kutkaeb.dll,phjnabf
    O4 - HKLM\..\Run: [fcvwykl.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\fcvwykl.dll,mhgruwb
    O4 - HKLM\..\Run: [rwqwkgj.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\rwqwkgj.dll,vvuxqdc
    O4 - HKLM\..\Run: [knayhnh.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\knayhnh.dll,wctgrce
    O4 - HKLM\..\Run: [josisqd.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\josisqd.dll,gjymcfc
    O4 - HKLM\..\Run: [iwjkayi.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\iwjkayi.dll,wdqqode
    O4 - HKLM\..\Run: [scqxexi.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\scqxexi.dll,mnhexve
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [sjsxfeh.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\sjsxfeh.dll,svqvybe
    O4 - HKLM\..\Run: [gaugvqi.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\gaugvqi.dll,clyuwag
    O4 - HKLM\..\Run: [ommcjyg.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\ommcjyg.dll,gaetqb
    O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007 Free\was7.exe" /min
    O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasdc.exe"
    O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasers.exe"
    O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\WinAntiSpyware 2007 Free\uwas7cw.exe" -c
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [mlpseid.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\mlpseid.dll,cdetske
    O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" -a
    O4 - HKCU\..\Run: [77d6d26c.exe] "C:\Documents and Settings\Mary Anne Thompson\Local Settings\Application Data\77d6d26c.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
    O16 - DPF: {0254AAC4-DCD2-21DB-933C-686F7ADD179E} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {0924ADA4-F7F9-10DA-367F-3F563A7C8ADE} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {0E7117CB-2328-530C-134D-63664DDBF784} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {2D43D399-1738-75F4-F9DE-2E3838F79ECF} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {352137E3-310D-00AA-6696-09D879F1570B} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {35B8A36B-06FD-1E31-4C18-1ED977665451} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {3DAE2FF6-79D3-7466-2B02-5C5512C6A235} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {43A25AD9-6161-6549-BE51-3CAF10312270} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {54331E7A-A43A-0E27-48D6-0F781C6C6E7E} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {5E7B7ED5-39C5-0FC1-F768-534753D9C9A2} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {6A6FF168-B782-269F-8ADE-3E0869B8315A} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {71807B8E-50FD-3EDB-BF67-034963D22598} - http://85.255.115.229/1/gdnUS1388.exe
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2A9A44-C9F7-4321-A8DB-E5564296B6C1}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, JosephT. :)

    Welcome to TSG.

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 .
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    • When VundoFix re-opens, click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    In addition, please download SmitfraudFix (by S!Ri) to your Desktop.

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/556561

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice