Help once again

Discussion in 'Windows - Virus and spyware problems' started by frnresq, Nov 26, 2006.

  1. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    This makes no sense, i dump my drive and start re-installing stuff and i get to ad-ware, so i run a sweep and i pick stuff up. WTF. Niobis should remember me, "Trojan has my PC by the jewels"...LOL
    Pls help if you can... /shrug
     
    frnresq, Nov 26, 2006
    #1
  2. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    sorry here's my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:38:52 PM, on 11/26/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Webroot\Accelerate\accelerate.exe
    C:\Program Files\webHancer\Programs\whagent.exe
    C:\windows\system32\wuauclt1.4.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\windows\system32\wuauclt1.4.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec\Ghost\ngserver.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    C:\Program Files\Symantec\Ghost\bin\rteng7.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\WinMX MP3\WinMX MP3.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\HJT\HijackThis_v1.99.1.exe

    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
    O4 - HKLM\..\Run: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKLM\..\RunServices: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKLM\..\RunServices: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shane Farr"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKCU\..\Run: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shane Farr"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164297169281
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
    O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

     
    frnresq, Nov 26, 2006
    #2
  3. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Hi frnresq, this isn't the way I expected you to come back as I'm sure you didn't. :)

    You've got WebHancer so it much have come with something you installed.

    Download [bold]LSPFix[/bold] from here.
    You may not need it, but download it just encase.

    Go Add/Remove Programs and uninstall: WebHancer

    Locate and delete the following(if there):

    C:\Program files\WebHancer\
    C:\WINDOWS\webhdll.dll
    C:\WINDOWS\whagent.inf
    C:\WINDOWS\whInstaller.exe
    C:\WINDOWS\whInstaller.ini

    If you loose internet connection after, run LSPFix and restart.

    Also, go get a firewall and update to SP2 for XP. If you need links, I've post some.

    Post a new HijackThis log.
     
    Niobis, Nov 26, 2006
    #3
  4. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    Niobis...my firewall in my router isnt good enough?
     
    frnresq, Nov 26, 2006
    #4
  5. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Yes. Then, it's all in a matter of choice if you want another. Personally, I don't fully trust router firewalls, but that's just my take on it. :)
     
    Last edited: Nov 26, 2006
    Niobis, Nov 26, 2006
    #5
  6. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    Ok, here's my HJT log and as for SP2, i have it on disk and it extracts the files and goes into performing inventory and then my PC reboots, any reason why it would do that?

    Logfile of HijackThis v1.99.1
    Scan saved at 12:55:35 AM, on 11/27/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Webroot\Accelerate\accelerate.exe
    C:\windows\system32\wuauclt1.4.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\windows\system32\wuauclt1.4.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec\Ghost\ngserver.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    C:\Program Files\Symantec\Ghost\bin\rteng7.exe
    D:\HJT\HijackThis_v1.99.1.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
    O4 - HKLM\..\Run: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKLM\..\RunServices: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKLM\..\RunServices: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shane Farr"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKCU\..\Run: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shane Farr"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164297169281
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
    O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

     
    frnresq, Nov 26, 2006
    #6
  7. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Disconnect your internet and restart. Then try installing SP2.
     
    Niobis, Nov 26, 2006
    #7
  8. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    grrrr...nope, still rebooted. It got to "Running Process's.." then rebooted automatically. It goes thru all the extracting files, performing inventory, i dont understand i used this before i wiped the drive and it worked just fine.

    Updated HJT log too

    Logfile of HijackThis v1.99.1
    Scan saved at 2:10:12 AM, on 11/27/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec\Ghost\ngserver.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    C:\Program Files\Symantec\Ghost\bin\rteng7.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Webroot\Accelerate\accelerate.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\HJT\HijackThis_v1.99.1.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Accelerate] C:\Program Files\Webroot\Accelerate\accelerate.exe /S
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
    O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
    O4 - HKLM\..\Run: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKLM\..\RunServices: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shane Farr"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKCU\..\Run: [RunDll] c:\windows\system32\wuauclt1.4.exe
    O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shane Farr"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164297169281
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
    O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

     
    frnresq, Nov 26, 2006
    #8
  9. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Hmm, try updating online from the Windows Update site.
     
    Niobis, Nov 26, 2006
    #9
  10. frnresq

    frnresq Member

    Joined:
    Sep 14, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    16
    Niobis?. I just installed AVGAS and it picked up IRC bot, would that stop me from getting SP2 to install correctly?
     
    frnresq, Nov 27, 2006
    #10
  11. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Why is that still on your computer? That, along with two other backdoors, was the reason you needed to reformat the HD the first time..

    I'm sorry to say, but your going to need to reformat again. I'm not sure how you did it last time, but whatever you reformat with, do it twice.
     
    Niobis, Nov 27, 2006
    #11

Share This Page