Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pchealthcenter


  • This topic is locked This topic is locked
2 replies to this topic

#1 SushiPants

SushiPants

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 16 September 2008 - 10:43 AM

I've run Spyware S&D and Malbyte neither work to get rid of this so her is my HJL

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\YURB78B.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Digsby\digsby.exe
C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Windows\explorer.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\Desktop\RC\RemoteControl2.exe
C:\Users\Brian\Desktop\RC\RemoteControl2.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\MSA\MSA.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: gksraemq - {7C74C1B1-81FB-4105-B304-80A12EC6E73D} - C:\Windows\gksraemq.dll (file missing)
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [\YURB78B.exe] C:\Windows\system32\YURB78B.exe
O4 - HKLM\..\Run: [\YUR6077.exe] C:\Windows\system32\YUR6077.exe
O4 - HKLM\..\Run: [\YUREE47.exe] C:\Windows\system32\YUREE47.exe
O4 - HKLM\..\Run: [\YUR6972.exe] C:\Windows\system32\YUR6972.exe
O4 - HKLM\..\Run: [\YURE4BD.exe] C:\Windows\system32\YURE4BD.exe
O4 - HKLM\..\Run: [\YUR5F4C.exe] C:\Windows\system32\YUR5F4C.exe
O4 - HKLM\..\Run: [\YURD9FA.exe] C:\Windows\system32\YURD9FA.exe
O4 - HKLM\..\Run: [\YUR5499.exe] C:\Windows\system32\YUR5499.exe
O4 - HKLM\..\Run: [\YURD33D.exe] C:\Windows\system32\YURD33D.exe
O4 - HKLM\..\Run: [\YUR4E1A.exe] C:\Windows\system32\YUR4E1A.exe
O4 - HKLM\..\Run: [\YURC8C8.exe] C:\Windows\system32\YURC8C8.exe
O4 - HKLM\..\Run: [\YUR4480.exe] C:\Windows\system32\YUR4480.exe
O4 - HKLM\..\Run: [\YURBF3E.exe] C:\Windows\system32\YURBF3E.exe
O4 - HKLM\..\Run: [\YUR39EC.exe] C:\Windows\system32\YUR39EC.exe
O4 - HKLM\..\Run: [\YURBAA3.exe] C:\Windows\system32\YURBAA3.exe
O4 - HKLM\..\Run: [\YUR3580.exe] C:\Windows\system32\YUR3580.exe
O4 - HKLM\..\Run: [\YURB02E.exe] C:\Windows\system32\YURB02E.exe
O4 - HKLM\..\Run: [\YUR2ADC.exe] C:\Windows\system32\YUR2ADC.exe
O4 - HKLM\..\Run: [\YURA58B.exe] C:\Windows\system32\YURA58B.exe
O4 - HKLM\..\Run: [\YUR2049.exe] C:\Windows\system32\YUR2049.exe
O4 - HKLM\..\Run: [\YUR9F3B.exe] C:\Windows\system32\YUR9F3B.exe
O4 - HKLM\..\Run: [\YUR19F9.exe] C:\Windows\system32\YUR19F9.exe
O4 - HKLM\..\Run: [\YUR94B7.exe] C:\Windows\system32\YUR94B7.exe
O4 - HKLM\..\Run: [\YURF55.exe] C:\Windows\system32\YURF55.exe
O4 - HKLM\..\Run: [\YUR8A42.exe] C:\Windows\system32\YUR8A42.exe
O4 - HKLM\..\Run: [\YUR53E.exe] C:\Windows\system32\YUR53E.exe
O4 - HKLM\..\Run: [\YUR86B0.exe] C:\Windows\system32\YUR86B0.exe
O4 - HKLM\..\Run: [\YUR15E.exe] C:\Windows\system32\YUR15E.exe
O4 - HKLM\..\Run: [\YUR81E6.exe] C:\Windows\system32\YUR81E6.exe
O4 - HKLM\..\Run: [\YUR442.exe] C:\Windows\system32\YUR442.exe
O4 - HKLM\..\Run: [\YUR823B.exe] C:\Windows\system32\YUR823B.exe
O4 - HKLM\..\Run: [\YURFE40.exe] C:\Windows\system32\YURFE40.exe
O4 - HKLM\..\Run: [\YUR65BB.exe] C:\Windows\system32\YUR65BB.exe
O4 - HKLM\..\Run: [\YUR6741.exe] C:\Windows\system32\YUR6741.exe
O4 - HKLM\..\Run: [\YUR6AF8.exe] C:\Windows\system32\YUR6AF8.exe
O4 - HKLM\..\Run: [\YUR7CA4.exe] C:\Windows\system32\YUR7CA4.exe
O4 - HKLM\..\Run: [\YURCD36.exe] C:\Windows\system32\YURCD36.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [amva] C:\Windows\system32\amvo.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [\YUR9829.exe] C:\Windows\system32\YUR9829.exe
O4 - HKCU\..\Run: [\YUR1A53.exe] C:\Windows\system32\YUR1A53.exe
O4 - HKCU\..\Run: [\YUR99ED.exe] C:\Windows\system32\YUR99ED.exe
O4 - HKCU\..\Run: [\YUR6077.exe] C:\Windows\system32\YUR6077.exe
O4 - HKCU\..\Run: [\YUREE47.exe] C:\Windows\system32\YUREE47.exe
O4 - HKCU\..\Run: [\YUR6972.exe] C:\Windows\system32\YUR6972.exe
O4 - HKCU\..\Run: [\YURE4BD.exe] C:\Windows\system32\YURE4BD.exe
O4 - HKCU\..\Run: [\YUR5F4C.exe] C:\Windows\system32\YUR5F4C.exe
O4 - HKCU\..\Run: [\YURD9FA.exe] C:\Windows\system32\YURD9FA.exe
O4 - HKCU\..\Run: [\YUR5499.exe] C:\Windows\system32\YUR5499.exe
O4 - HKCU\..\Run: [\YURD33D.exe] C:\Windows\system32\YURD33D.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [\YUR4E1A.exe] C:\Windows\system32\YUR4E1A.exe
O4 - HKCU\..\Run: [\YURC8C8.exe] C:\Windows\system32\YURC8C8.exe
O4 - HKCU\..\Run: [\YUR4480.exe] C:\Windows\system32\YUR4480.exe
O4 - HKCU\..\Run: [\YURBF3E.exe] C:\Windows\system32\YURBF3E.exe
O4 - HKCU\..\Run: [\YUR39EC.exe] C:\Windows\system32\YUR39EC.exe
O4 - HKCU\..\Run: [\YURBAA3.exe] C:\Windows\system32\YURBAA3.exe
O4 - HKCU\..\Run: [\YUR3580.exe] C:\Windows\system32\YUR3580.exe
O4 - HKCU\..\Run: [\YURB02E.exe] C:\Windows\system32\YURB02E.exe
O4 - HKCU\..\Run: [\YUR2ADC.exe] C:\Windows\system32\YUR2ADC.exe
O4 - HKCU\..\Run: [\YURA58B.exe] C:\Windows\system32\YURA58B.exe
O4 - HKCU\..\Run: [\YUR2049.exe] C:\Windows\system32\YUR2049.exe
O4 - HKCU\..\Run: [\YUR9F3B.exe] C:\Windows\system32\YUR9F3B.exe
O4 - HKCU\..\Run: [\YUR19F9.exe] C:\Windows\system32\YUR19F9.exe
O4 - HKCU\..\Run: [\YUR94B7.exe] C:\Windows\system32\YUR94B7.exe
O4 - HKCU\..\Run: [\YURF55.exe] C:\Windows\system32\YURF55.exe
O4 - HKCU\..\Run: [\YUR8A42.exe] C:\Windows\system32\YUR8A42.exe
O4 - HKCU\..\Run: [\YUR53E.exe] C:\Windows\system32\YUR53E.exe
O4 - HKCU\..\Run: [\YUR86B0.exe] C:\Windows\system32\YUR86B0.exe
O4 - HKCU\..\Run: [\YUR15E.exe] C:\Windows\system32\YUR15E.exe
O4 - HKCU\..\Run: [\YUR81E6.exe] C:\Windows\system32\YUR81E6.exe
O4 - HKCU\..\Run: [\YUR442.exe] C:\Windows\system32\YUR442.exe
O4 - HKCU\..\Run: [\YUR823B.exe] C:\Windows\system32\YUR823B.exe
O4 - HKCU\..\Run: [\YURFE40.exe] C:\Windows\system32\YURFE40.exe
O4 - HKCU\..\Run: [\YUR65BB.exe] C:\Windows\system32\YUR65BB.exe
O4 - HKCU\..\Run: [\YUR6741.exe] C:\Windows\system32\YUR6741.exe
O4 - HKCU\..\Run: [\YUR6AF8.exe] C:\Windows\system32\YUR6AF8.exe
O4 - HKCU\..\Run: [\YUR7CA4.exe] C:\Windows\system32\YUR7CA4.exe
O4 - HKCU\..\Run: [\YURCD36.exe] C:\Windows\system32\YURCD36.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: psfus - C:\Windows\
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 17 September 2008 - 05:35 PM

Hello, my name is fenzodahl512 and welcome to BC...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please visit below webpage for instructions for downloading and running ComboFix. Make sure you download and save ComboFix DIRECTLY to your Desktop

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.




Post me the following logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log (after ComboFix step)


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 22 September 2008 - 01:48 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users