1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Tenga virus removal

Discussion in 'Virus & Other Malware Removal' started by Mr.Steven1288, Aug 19, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Mr.Steven1288

    Mr.Steven1288 Thread Starter

    Joined:
    Aug 19, 2008
    Messages:
    3
    Hello,

    It's just come to my attention that my computer has been infected with a pretty nasty virus. I recently purchased the game Company of Heroes (which was a nightmare to install and update), and in the process of patching I seemed to have installed the Tenga virus. After several days of Firefox running like a pig along with a dialog box that appeared at random times informing me of some sort of CPU error, I ran Ad-Aware and discovered "Win32.Virus.Tenga." I researched the virus and learned that it infects and modifies every single .exe file, which, without a doubt, it has done to my computer.


    Google pointed me to this thread, which gives me a glimmer hope:
    http://forums.techguy.org/malware-removal-hijackthis-logs/555509-solved-had-tenga-gen-virus.html

    I am hoping that this can be resolved without major data loss and/or the need to reinstall Windows.

    EDIT -- I got a screenshot of the error I was receiving.
    [​IMG]

    Here is my HJT log. Thanks very much for your time!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:03:49 PM, on 8/18/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\System32\GEARSEC.EXE
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PnkBstrA.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKUS\S-1-5-18\..\Run: [kzfw] D:\PROGRA~1\COMMON~1\kzfw\kzfwm.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [kzfw] D:\PROGRA~1\COMMON~1\kzfw\kzfwm.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129690356248
    O20 - Winlogon Notify: WindowsUpdate - D:\WINDOWS\system32\tRpi3.dll (file missing)
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - D:\WINDOWS\system32\viruxz.dll (file missing)
    O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: GEARSecurity - GEAR Software - D:\WINDOWS\System32\GEARSEC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 3773 bytes
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,721
    Hi and welcome to TSG,

    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,721
    And why are you not running any anti-virus program? :confused:
     
  4. Mr.Steven1288

    Mr.Steven1288 Thread Starter

    Joined:
    Aug 19, 2008
    Messages:
    3
    I think ignorance is why I'm not running an anti-virus program. Now I know why I should.

    SmitFraudFix v2.338

    Scan done at 13:51:54.78, Thu 08/21/2008
    Run from D:\Documents and Settings\Andy\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    D:\WINDOWS\System32\GEARSEC.EXE
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PnkBstrA.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» D:\


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Andy


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Andy\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    D:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
    D:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Andy\FAVORI~1

    D:\DOCUME~1\Andy\FAVORI~1\Online Security Test.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.0.2
    DNS Server Search Order: 192.168.171.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BF4C007-E7F3-44F3-A06C-C6CF1064D1BC}: DhcpNameServer=192.168.0.2 192.168.171.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BF4C007-E7F3-44F3-A06C-C6CF1064D1BC}: DhcpNameServer=192.168.0.2 192.168.0.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{5BF4C007-E7F3-44F3-A06C-C6CF1064D1BC}: DhcpNameServer=192.168.0.2 192.168.171.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.2 192.168.171.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.2 192.168.0.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.2 192.168.171.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,721
    You should print out these instructions or copy them to a Notepad file for reading while in Safe Mode because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear
    • Select the first option, to run Windows in Safe Mode then press "Enter"
    • Choose your usual account
    Once in Safe Mode, double-click smitfraudfix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process. If it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process. Please copy/paste the content of that report into your next reply along with a new HijackThis log. The report can also be found at the root of the system drive, usually at C:\rapport.txt


    Then please download one of the available free anti-virus programs, unless you have purchased one. Some of the free ones are AVG, Avast and Avira AntiVir.

    Once you've done that, please post a new HijackThis log.
     
  6. Mr.Steven1288

    Mr.Steven1288 Thread Starter

    Joined:
    Aug 19, 2008
    Messages:
    3
    Here is rapport.txt:

    SmitFraudFix v2.338

    Scan done at 20:24:15.53, Thu 08/21/2008
    Run from D:\Documents and Settings\Andy\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.
    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    D:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
    D:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
    D:\DOCUME~1\Andy\FAVORI~1\Online Security Test.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» RK


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BF4C007-E7F3-44F3-A06C-C6CF1064D1BC}: DhcpNameServer=192.168.0.2 192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.2 192.168.0.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End






    And here is a new HJT log:





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:35:09, on 8/21/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\System32\GEARSEC.EXE
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PnkBstrA.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    D:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    D:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    D:\WINDOWS\system32\wscntfy.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKUS\S-1-5-18\..\Run: [kzfw] D:\PROGRA~1\COMMON~1\kzfw\kzfwm.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [kzfw] D:\PROGRA~1\COMMON~1\kzfw\kzfwm.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129690356248
    O20 - Winlogon Notify: WindowsUpdate - D:\WINDOWS\system32\tRpi3.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: GEARSecurity - GEAR Software - D:\WINDOWS\System32\GEARSEC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 3801 bytes




    I will download AVG later tonight, run it, then post a new HJT log.
    Thanks for the help so far!
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,721
    OK thanks. I'll wait for the new log.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/741493