| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96817 | 2009-01-24 18:01:00 | Twain.exe, Speedrunner.exe, Definite Virus please help | jake1192 (13816) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 741732 | 2009-01-24 18:01:00 | I was not visiting any unusual sites this morning when I received a pop-up. I did not think much of it, but after leaving the computer for a while and returning, there were tons of pop-ups. Twain.exe and Speedrunner.exe are both running on the computer right now and I know they are part of the problem.... please help. Here's a hjt log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:53:50 PM, on 1/24/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Orb Networks\Orb\bin\Orb.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\ehome\EHTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\GetModule\GetModule35.exe C:\DOCUME~1\Jake\LOCALS~1\Temp\stfCD2.tmp C:\DOCUME~1\Jake\LOCALS~1\Temp\winlognn.exe C:\DOCUME~1\Jake\LOCALS~1\Temp\csrssc.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Jake\Application Data\Twain\Twain.exe C:\Documents and Settings\Jake\Application Data\Microsoft\Windows\ctvtgbv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Documents and Settings\Jake\Application Data\SpeedRunner\SpeedRunner.exe R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\Jake\LOCALS~1\Temp\winlognn.exe O4 - HKLM\..\Run: [7016d62b] rundll32.exe "C:\WINDOWS\system32\kauftjcr.dll",b O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [GetModule35] C:\Program Files\GetModule\GetModule35.exe O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Jake\Application Data\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227 A755E9C2933154389A O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\Jake\LOCALS~1\Temp\winlognn.exe O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Jake\LOCALS~1\Temp\csrssc.exe O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Jake\Application Data\Twain\Twain.exe O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Jake\Application Data\SpeedRunner\SpeedRunner.exe O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Jake\Application Data\Microsoft\Windows\ctvtgbv.exe O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [Windows Media Center] RunDLL32.exe C:\WINDOWS\ehome\ehuihlp.dll,BootMediaCenter (User 'Jesse') O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork (User 'Jesse') O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Jesse') O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jesse') O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Jesse') O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User 'Jesse') O4 - S-1-5-21-2579638799-496496606-2279891838-1005 Startup: BJ Status Monitor Canon MP390 Series Printer.lnk = C:\Documents and Settings\Jesse\cnmss Canon MP390 Series Printer (Local).exe (User 'Jesse') O4 - S-1-5-21-2579638799-496496606-2279891838-1005 User Startup: BJ Status Monitor Canon MP390 Series Printer.lnk = C:\Documents and Settings\Jesse\cnmss Canon MP390 Series Printer (Local).exe (User 'Jesse') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: xnobnm.dll O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: SupportSoft Repair Service (chatsupport.palm.com) (tgsrvc_chatsupport.palm.com) - SupportSoft, Inc. - C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9447 bytes |
jake1192 (13816) | ||
| 741733 | 2009-01-24 18:40:00 | Delete these: C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\GetModule\GetModule35.exe C:\DOCUME~1\Jake\LOCALS~1\Temp\stfCD2.tmp C:\DOCUME~1\Jake\LOCALS~1\Temp\winlognn.exe C:\DOCUME~1\Jake\LOCALS~1\Temp\csrssc.exe C:\Documents and Settings\Jake\Application Data\Microsoft\Windows\ctvtgbv.exe C:\Documents and Settings\Jake\Application Data\SpeedRunner\SpeedRunner.exe R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing) O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\Jake\LOCALS~1\Temp\winlognn.exe O4 - HKLM\..\Run: [7016d62b] rundll32.exe "C:\WINDOWS\system32\kauftjcr.dll",b O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Jake\Application Data\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227 A755E9C2933154389A O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\Jake\LOCALS~1\Temp\winlognn.exe O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Jake\LOCALS~1\Temp\csrssc.exe O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Jake\Application Data\SpeedRunner\SpeedRunner.exe O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Jake\Application Data\Microsoft\Windows\ctvtgbv.exe O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Jesse') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O20 - AppInit_DLLs: xnobnm.dll O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll Get rid of Nortons, its useless. NOD32 for a pay AV or Avast for a free one. And also download Spybot and Malware Bytes, run both. You need to run antispyware on a regular basis, twice a week say. Especially considering the illegal downloading you do. |
pctek (84) | ||
| 741734 | 2009-01-24 21:17:00 | I'm pretty sure I deleted all the right stuff but the computer does not seem completely fixed. For example, when I try to go to trend micro house call to run a virus scan, it redirects me to another site or says that trend micro can not be accessed. Here is the new hjt log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:15:25 PM, on 1/24/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Orb Networks\Orb\bin\Orb.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: (no name) - {26025ad0-6fb9-41d9-b8fa-ca38fd23c431} - C:\WINDOWS\system32\hgGyyWqO.dll O2 - BHO: C:\WINDOWS\system32\gsdrgfdrrgnd.dll - {d5bf4552-94f1-42bd-f434-3604812c807d} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [Windows Media Center] RunDLL32.exe C:\WINDOWS\ehome\ehuihlp.dll,BootMediaCenter (User 'Jesse') O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork (User 'Jesse') O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jesse') O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Jesse') O4 - HKUS\S-1-5-21-2579638799-496496606-2279891838-1005\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User 'Jesse') O4 - S-1-5-21-2579638799-496496606-2279891838-1005 Startup: BJ Status Monitor Canon MP390 Series Printer.lnk = C:\Documents and Settings\Jesse\cnmss Canon MP390 Series Printer (Local).exe (User 'Jesse') O4 - S-1-5-21-2579638799-496496606-2279891838-1005 User Startup: BJ Status Monitor Canon MP390 Series Printer.lnk = C:\Documents and Settings\Jesse\cnmss Canon MP390 Series Printer (Local).exe (User 'Jesse') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: winctrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O20 - Winlogon Notify: yayxwtQj - C:\WINDOWS\SYSTEM32\yayxwtQj.dll O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: SupportSoft Repair Service (chatsupport.palm.com) (tgsrvc_chatsupport.palm.com) - SupportSoft, Inc. - C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7025 bytes Thank you for the help And downloading is not illegal if you are backing up legally owned media :) |
jake1192 (13816) | ||
| 741735 | 2009-01-24 21:29:00 | Disable system restore Tick these then tick fix checked Close browsers O2 - BHO: (no name) - {26025ad0-6fb9-41d9-b8fa-ca38fd23c431} - C:\WINDOWS\system32\hgGyyWqO.dll O2 - BHO: C:\WINDOWS\system32\gsdrgfdrrgnd.dll - {d5bf4552-94f1-42bd-f434-3604812c807d} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O20 - Winlogon Notify: winctrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O20 - Winlogon Notify: yayxwtQj - C:\WINDOWS\SYSTEM32\yayxwtQj.dll O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll Uninstall all versions of Java, its out of date, then update it Uninstall Symantec, install something better Then reboot, then get ccleaner (www.ccleaner.com) Install it click on run cleaner Get trojan remover and malwarebytes in my sig, update both then scan. Then select all options under utilities in trojan remover You dont need ares to back up local media, we're not that stupid |
Speedy Gonzales (78) | ||
| 741736 | 2009-01-24 22:13:00 | I did all that stuff and installed and ran ccleaner but I am still having problems. The virus does not allow me to run Malwarebytes (or seemingly any anti-virus program) and on a Trojan-Remover quick scan, several notifications came up about locked files, adware, or trojans that could not be removed, but my free trial of Trojan-Remover expired and I cannot pay for the full version... Where should I go from here? | jake1192 (13816) | ||
| 741737 | 2009-01-24 22:17:00 | Did you disable system restore? Uninstall Symantec and install Avast Home its free Post another log |
Speedy Gonzales (78) | ||
| 741738 | 2009-01-24 23:02:00 | System restore is disabled . When I tried to install Avast, I once again was redirected from the website . It allowed me to get to . com/Avast/" target="_blank">official--site . com but I did not install anything off that site, thinking it was probably a fraud . I'm fairly sure I don't have Symantec and it is part of the virus . There is no symantec under program files, no program under add/remove, and the only place I can find symantec is under C:\Program Files\Common Files, where I cannot delete the folder because of the SNDSrvc . exe process . Here is the hjt log, a few deleted items from the first one have reappeared . Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 6:02:16 PM, on 1/24/2009 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\WINDOWS\eHome\ehRecvr . exe C:\WINDOWS\eHome\ehSched . exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\iPod\bin\iPodService . exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM . EXE C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\chatsupport . palm . com\bin\tgsrvc . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Real\Update_OB\realsched . exe C:\Program Files\iTunes\iTunesHelper . exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Orb Networks\Orb\bin\OrbTray . exe C:\Program Files\Messenger\msmsgs . exe C:\Program Files\Palm\Hotsync . exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08 . exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare . exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater . exe C:\WINDOWS\system32\dllhost . exe C:\Program Files\Orb Networks\Orb\bin\Orb . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\DOCUME~1\Jake\LOCALS~1\Temp\csrssc . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe" O4 - HKLM\ . . \Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon . exe O4 - HKLM\ . . \Run: [TuneClone] C:\Program Files\TuneClone\TuneClone . exe /silence O4 - HKLM\ . . \Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon . exe" /s O4 - HKCU\ . . \Run: [igndlm . exe] C:\Program Files\IGN\Download Manager\DLM . exe /windowsstart /startifwork O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray . exe O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Jake\LOCALS~1\Temp\csrssc . exe O4 - Startup: MagicDisc . lnk = C:\Program Files\MagicDisc\MagicDisc . exe O4 - Global Startup: HOTSYNCSHORTCUTNAME . lnk = C:\Program Files\Palm\Hotsync . exe O4 - Global Startup: HP Digital Imaging Monitor . lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08 . exe O4 - Global Startup: Kodak EasyShare software . lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare . exe O4 - Global Startup: KODAK Software Updater . lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater . exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_07\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_07\bin\ssv . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR . DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO . dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd . dll O23 - Service: Apple Mobile Device - Apple, Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc . exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc . - C:\Program Files\Common Files\supportsoft\bin\ssrc . exe O23 - Service: SupportSoft Repair Service (chatsupport . palm . com) (tgsrvc_chatsupport . palm . com) - SupportSoft, Inc . - C:\Program Files\chatsupport . palm . com\bin\tgsrvc . exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService . exe -- End of file - 5444 bytes |
jake1192 (13816) | ||
| 741739 | 2009-01-24 23:09:00 | Tick these entries, then tick fix checked Close browsers C:\DOCUME~1\Jake\LOCALS~1\Temp\csrssc.exe O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\Jake\LOCALS~1\Temp\csrssc.exe O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll <- delete this file after you reboot O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 Then reboot Then uninstall all versions of Java, then update it |
Speedy Gonzales (78) | ||
| 741740 | 2009-01-24 23:34:00 | edit: whoops - didn't see you are running Firefox..... | jwil1 (65) | ||
| 741741 | 2009-01-25 00:56:00 | I have no idea what that last guy mean with his post but after fixing those and restarting, i could not delete the file that you said to . I did, however, manage to install avast home and I'm scanning the computer now . It is finding a bunch of things so hopefully once the scan is finished the computer will be fine . |
jake1192 (13816) | ||
| 1 2 3 | |||||