1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojanhorse Generic20.CBAN and svchost problems!

Discussion in 'Virus & Other Malware Removal' started by chigong, Jan 25, 2011.

Thread Status:
Not open for further replies.
  1. chigong

    chigong Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    3
    Hello,

    AVG provided an alert on a problem with:
    "Process Windows\System32\svchost.exe" and
    "Trojanhorse Generic20.CBAN at C:\Windows\Temp\Fuun\Setup.exe" and
    "Trojanhorse Downloader.Generic10.byhk at C:\Windows\Temp\rgde\Setup.exe."

    Before I found this site, I tried AVG, Combofix and Hitman to remove the problem. They seemed to start removing the virus but then crashed.

    I did get a report from AVG even though it crashed part of the way through the operation. I don't know if it is useful but this is the AVG report:

    AVG 9.0 Anti-Virus command line scanner
    Copyright (c) 1992 - 2010 AVG Technologies
    Program version 9.0.870, engine 9.0.871
    Virus Database: Version 271.1.1/3398 2011-01-23

    C:\Windows\Explorer.EXE (1168):\memory_00010000 Trojan horse Agent_r.XJ
    C:\Windows\Explorer.EXE (1168) Trojan horse Agent_r.XJ
    C:\Boot\BCD Locked file. Not tested.
    C:\Boot\BCD.LOG Locked file. Not tested.
    C:\Documents and Settings\ Locked file. Not tested.
    C:\pagefile.sys Locked file. Not tested.


    Now I seem to be getting quirky and slow performance and a windows crash with bluescreen data dump frequently. The Bluescreen crash definately happens almost anytime a malware scanning application runs.

    I really don't know what to do next!

    I posted TSG SysInfo on my system when first registering on this site earlier today. Now when I try to run SysInfo again, the info page is all blank for each category except that is shows "none" for antivirus.

    I was able to run Hijackthis but I cannot seem to run DDS or GMER. I tried running them in Safe Mode and still got a crash.

    I have no idea how to proceed and am so glad I found this site. I wish I had known about it sooner. I appreciate anything you can recommend.

    Thanks!


    Here is the report from Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:09:20 PM, on 1/25/2011
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\SetPoint\LBTWiz.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    C:\Windows\System32\Ctxfihlp.exe
    C:\Windows\StartupMonitor.exe
    C:\Windows\System32\WTClient.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SetPoint\SetPoint.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Russell\AppData\Local\Temp\RarSFX1\OesisDiagnose_V3.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Russell\Desktop\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/small...n&client=dell-usuk&channel=us-smb&ibd=0080605
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"
    O4 - HKLM\..\Run: [WTClient] WTClient.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Uniblue ProcessQuickLink 2] "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
    O4 - HKUS\S-1-5-21-4128322593-3445004893-1579035884-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
    O4 - HKUS\S-1-5-21-4128322593-3445004893-1579035884-1000\..\Run: [Uniblue ProcessQuickLink 2] "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart (User '?')
    O4 - HKUS\S-1-5-21-4128322593-3445004893-1579035884-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
    O4 - HKUS\S-1-5-21-4128322593-3445004893-1579035884-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
    O4 - HKUS\S-1-5-21-4128322593-3445004893-1579035884-1000\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User '?')
    O4 - HKUS\S-1-5-21-4128322593-3445004893-1579035884-1000\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [lpc] rundll32.exe"C:\Users\Russell\AppData\Roaming\Sun\uvrqm75.dll", RegisterDll (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [lpc] rundll32.exe"C:\Users\Russell\AppData\Roaming\Sun\uvrqm75.dll", RegisterDll (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: SetPoint.lnk = ?
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HPWJA Service (HPWJAService) - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe
    O23 - Service: HP WJA Update Service (HPWJAUpdateService) - Unknown owner - C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
    O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
    O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 17229 bytes
     
  2. chigong

    chigong Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    3
    This infection continues to be a problem.

    I did not notice this before but Explorer and Firefox seem to randomly re-direct to different sites using the google search page. It doesn't seem to make any sense at all though.

    If they don't crash, almost all processes run slowly with a "not responding" lag happening frequently. If I wait long enough, some of the software continues after the lag.

    I forgot to mention this in the original post but I also used Malwarebytes MBAM before I found this site and it had found something called "whitesmoke" which was apparently deleted. I don't know if that is related to the current problems or another issue.

    Please help if you can!

    Thanks!
     
  3. chigong

    chigong Thread Starter

    Joined:
    Jan 25, 2011
    Messages:
    3
    It is getting worse! Now I can't run Windows unless it is in safe mode.

    If I open Windows normaly, as soon as everyting restarts, it immediately goes to a blue screen crash.

    I tried to go back to a previous restore point but that does not help. It still crashes on opening.

    Can anyone help me? What can I do to regain the use of this PC?

    Thanks.....
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977022

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice