Your System is infected!
Results 1 to 10 of 10

Thread: Your System is infected!

  1. January 18th, 2010, 11:34 PM #1
    pontiacgta2002
    pontiacgta2002 is offline Virtual Med Student
    Join Date
    Jan 2010
    Posts
    6

    Your System is infected!

    My back ground has been changed, Im unable to change it back. This it what is reads "black box in the center reading "YOUR SYSTEM IS INFECTED!" with red letters, and right below, in white smaller font it reads "System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use this computer before all spyware removed." All the settings are grayed out. Unable to use cntrl alt delete. I have ran the standard programs and have posted the logs below. Thanks for the help.

    ------------------------------------------------------------------


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/18/2010 at 02:59 PM

    Application Version : 4.27.1000

    Core Rules Database Version : 4486
    Trace Rules Database Version: 1963

    Scan type : Complete Scan
    Total Scan Time : 01:59:59

    Memory items scanned : 230
    Memory threats detected : 0
    Registry items scanned : 5507
    Registry threats detected : 8
    File items scanned : 70290
    File threats detected : 35

    Rogue.Agent/Gen
    [Wallpaper] C:\WINDOWS\SYSTEM32\WARNING.HTML
    C:\WINDOWS\SYSTEM32\WARNING.HTML

    Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
    HKU\S-1-5-21-796845957-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
    HKCR\CLSID\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}
    HKCR\CLSID\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}\InprocServer32
    HKCR\CLSID\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}\InprocServer32#ThreadingModel



    Application.Agent/Gen-TempZ
    C:\PROGRAM FILES\VERIZON\TECHWIZARD\RUNIHAINSTALLER.EXE

    Trojan.Agent/Gen-ImageDocFake
    D:\MICAH\OLD D DRIVE\OLD D DRIVE PROGRAMS\MICAH FILE\MICAH FILE\RECOVERED NTFS PARTITION 1\[00009703]\2006_0421\DSCF0018.JPG

    Adware.Vundo/Variant-MSFake
    D:\MICAH\OLD D DRIVE\OLD D DRIVE PROGRAMS\WINAVI VIDEO CONVERTER\FILTER\Q3CAST.DLL

    Unclassified.Unknown Origin
    D:\MICAH\TORRENT DOWNLOADS\PC-PITSTOP.OPTIMIZE.V1.5.12.1.INCL.GENERICPATCHER-APPZPLANET+KEYGEN\!PATCH\OPTIMZE.15X.PATCHER.EXE
    Reply With Quote Reply With Quote
  2. January 19th, 2010, 12:27 AM #2
    crunchie's Avatar
    crunchie
    crunchie is offline Single dad
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Hi and welcome to the VDr forums .

    =========

    Please post all the logs if you have indeed, run the 'standard programs.'

    http://discussions.virtualdr.com/sho...d.php?t=167915
    Reply With Quote Reply With Quote
  3. January 19th, 2010, 03:23 AM #3
    pontiacgta2002
    pontiacgta2002 is offline Virtual Med Student
    Join Date
    Jan 2010
    Posts
    6

    Your System Is Infected!

    I was unable to post the rest of the logs until this was seen by a moderator. Thanks for the reply.

    Malwarebytes' Anti-Malware 1.44
    Database version: 3595
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/18/2010 4:33:48 PM
    mbam-log-2010-01-18 (16-33-48).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 207724
    Time elapsed: 44 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Micah\Local Settings\Temp\vdbelc.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Micah\Local Settings\Temp\vDPo.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Micah\Local Settings\Temporary Internet Files\Content.IE5\FDOJ3PTB\eH99f68aa2V0100f080006R67734b15102Td2a65d9d201l0409317P000000070[1] (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6975F96A-F170-4998-BD2F-8D4BFB49C5D3}\RP491\A0060425.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6975F96A-F170-4998-BD2F-8D4BFB49C5D3}\RP492\A0060486.exe (BackDoor.Bifrost) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    --------------------------------------------------------------------------
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-01-18 20:11:59
    Windows 5.1.2600 Service Pack 3
    Running: wzgxymtb.exe; Driver: C:\DOCUME~1\Micah\LOCALS~1\Temp\fgldiaow.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwCreateKey [0xF74FFAC8]
    SSDT sptd.sys ZwEnumerateKey [0xF74FFC22]
    SSDT sptd.sys ZwEnumerateValueKey [0xF74FFF9A]
    SSDT sptd.sys ZwOpenKey [0xF74FF98E]
    SSDT sptd.sys ZwQueryKey [0xF7500064]
    SSDT sptd.sys ZwQueryValueKey [0xF74FFEFC]
    SSDT sptd.sys ZwSetValueKey [0xF75000EC]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    ? C:\WINDOWS\System32\Drivers\SPTD5565.SYS The process cannot access the file because it is being used by another process.
    .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6592360, 0x37388D, 0xE8000020]
    .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F63DB4F0 16 Bytes [9A, EB, FC, 6F, 12, 69, 12, ...] {CALL FAR 0x1269:0x126ffceb; SHL BYTE [ESI+0x5d0cb54f], 0x99; RETF ; AAA }
    .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F63DB501 31 Bytes [A0, 3D, F6, 37, 91, D0, E1, ...]
    ? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750889E] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F751ED86] sptd.sys
    IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F7508E24] sptd.sys
    IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F7508D28] sptd.sys
    IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F7508EF4] sptd.sys
    IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F7508EF4] sptd.sys
    IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F7508E24] sptd.sys
    IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F7508D28] sptd.sys
    IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F751E1AE] sptd.sys
    IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F7508A5A] sptd.sys
    IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F751E04A] sptd.sys
    IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F75088F2] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74FBAD2] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74FBC0E] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74FBB96] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74FC76C] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74FC642] sptd.sys
    IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F751EE4A] sptd.sys
    IAT \WINDOWS\System32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F750D8C6] sptd.sys
    IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F751E04A] sptd.sys
    IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F751E056] sptd.sys
    IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F751EE4A] sptd.sys
    IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F7508CC6] sptd.sys
    IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F7508CC6] sptd.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 86FD9708
    Device \FileSystem\Fastfat \FatCdrom 86DD2EB0
    Device \FileSystem\Udfs \UdfsCdRom 86DCDEB0
    Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Udfs \UdfsDisk 86DCDEB0
    Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\00000072 \Device\00000050 sptd.sys
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD9EB0
    Device \Driver\dmio \Device\DmControl\DmConfig 86FD9EB0
    Device \Driver\dmio \Device\DmControl\DmPnP 86FD9EB0
    Device \Driver\dmio \Device\DmControl\DmInfo 86FD9EB0

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD90E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD90E8
    Device \Driver\Cdrom \Device\CdRom0 86D9AEB0
    Device \FileSystem\Rdbss \Device\FsWrap 86C1E0E8
    Device \Driver\Cdrom \Device\CdRom1 86D9AEB0
    Device \Driver\atapi \Device\Ide\IdePort0 [F744FB40] atapi.sys[unknown section] {MOV EAX, 0x86fd9b18; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf750fe12; RET }
    Device \Driver\atapi \Device\Ide\IdePort1 [F744FB40] atapi.sys[unknown section] {MOV EAX, 0x86fd9b18; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf750fe12; RET }
    Device \Driver\atapi \Device\Ide\IdePort2 [F744FB40] atapi.sys[unknown section] {MOV EAX, 0x86fd9b18; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf750fe12; RET }
    Device \Driver\atapi \Device\Ide\IdePort3 [F744FB40] atapi.sys[unknown section] {MOV EAX, 0x86fd9b18; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf750fe12; RET }
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 [F744FB40] atapi.sys[unknown section] {MOV EAX, 0x86fd9b18; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf750fe12; RET }
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [F744FB40] atapi.sys[unknown section] {MOV EAX, 0x86fd9b18; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf750fe12; RET }
    Device \Driver\NetBT \Device\NetBt_Wins_Export 86C0F1E8
    Device \Driver\NetBT \Device\NetbiosSmb 86C0F1E8

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Disk \Device\Harddisk0\DR0 86FD9940

    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86C2B0E8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 86C2B0E8
    Device \FileSystem\Npfs \Device\NamedPipe 86C230E8
    Device \Driver\Ftdisk \Device\FtControl 86FD90E8
    Device \FileSystem\Msfs \Device\Mailslot 86E1EEB0
    Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 86E210E8
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 86E210E8
    Device \FileSystem\Fastfat \Fat 86DD2EB0

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 86E96EB0
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1733152954
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 511738663
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -91275344
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8B 0x8C 0xBE 0xF8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEA 0x8A 0x44 0x48 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x29 0x24 0x57 0x12 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8B 0x8C 0xBE 0xF8 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEA 0x8A 0x44 0x48 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x29 0x24 0x57 0x12 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8B 0x8C 0xBE 0xF8 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEA 0x8A 0x44 0x48 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x29 0x24 0x57 0x12 ...

    ---- EOF - GMER 1.0.15 ----
    Reply With Quote Reply With Quote
  4. January 19th, 2010, 03:25 AM #4
    pontiacgta2002
    pontiacgta2002 is offline Virtual Med Student
    Join Date
    Jan 2010
    Posts
    6

    Your System Is Infected!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:09:43 PM, on 1/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\taskmgr.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
    O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
    O4 - HKLM\..\Run: [Slayotehok] rundll32.exe "C:\WINDOWS\usutevokomasokup.dll",Startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = F:\Old D drive\old D drive programs\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1206669608640
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: byxuuvu - byxuuvu.dll (file missing)
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe

    --
    End of file - 9770 bytes
    Reply With Quote Reply With Quote
  6. January 19th, 2010, 08:43 AM #5
    crunchie's Avatar
    crunchie
    crunchie is offline Single dad
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Can you please do the following.


    ===============

    Scan with HijackThis and then place a check next to all the following, if present:


    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)

    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL (file missing)

    O4 - HKLM\..\Run: [Slayotehok] rundll32.exe "C:\WINDOWS\usutevokomasokup.dll",Startup

    O20 - Winlogon Notify: byxuuvu - byxuuvu.dll (file missing)


    Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

    ===============

    Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

    files...

    C:\WINDOWS\usutevokomasokup.dll

    -

    Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear.
    Select the first option to run Windows in Safe Mode hit enter.

    -

    Reboot.

    ===============

    • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
    • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    • Select it and click Remove.
    • Then Download and install the newest version from here:
    • http://www.java.com/en/download/manual.jsp


    ==

    ==============

    After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
    Reply With Quote Reply With Quote
  7. January 20th, 2010, 05:22 PM #6
    pontiacgta2002
    pontiacgta2002 is offline Virtual Med Student
    Join Date
    Jan 2010
    Posts
    6

    your system is infected

    i have copleted the task's that were asked of me. PC seems to be more stable at this time. I receive a error now when the pc has booted stating "error loading c:\windows\usutevokomasokup.dll the specified module could not be found" this i imagine is a good thing since we deleted it. Is there away to prevent it from coming up after the system loads upon rebooting? below is the new hijackthis log. Thanks again for the help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:05:32 PM, on 1/20/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
    O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
    O4 - HKLM\..\Run: [Slayotehok] rundll32.exe "C:\WINDOWS\usutevokomasokup.dll",Startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = F:\Old D drive\old D drive programs\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1206669608640
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe

    --
    End of file - 9667 bytes
    Reply With Quote Reply With Quote
  8. January 20th, 2010, 05:28 PM #7
    pontiacgta2002
    pontiacgta2002 is offline Virtual Med Student
    Join Date
    Jan 2010
    Posts
    6

    your system is infected

    A side note. I had recently removed all my files from F: and formated it. During post the system finds the 300GB drive, however windows does not see it in my computer or disk manager. Any ideas? it was showing prior to the issue were correcting at this time. Could this be a side effect? probably not.
    Reply With Quote Reply With Quote
  9. January 20th, 2010, 09:37 PM #8
    crunchie's Avatar
    crunchie
    crunchie is offline Single dad
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Scan with HijackThis and then place a check next to all the following;
    O4 - HKLM\..\Run: [Slayotehok] rundll32.exe "C:\WINDOWS\usutevokomasokup.dll",Startup

    Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

    ==

    That will fix the error problem. Not certain on the other. Try going into the Device Manager and scan for hardware changes.
    Reply With Quote Reply With Quote
  11. January 20th, 2010, 10:17 PM #9
    pontiacgta2002
    pontiacgta2002 is offline Virtual Med Student
    Join Date
    Jan 2010
    Posts
    6

    your system is infected

    Okay I guess we are done here. The error is gone and my drive was disabled in device manager. One it was enabled I reactivated it in disk manager and all is good. So to stay health just run malware bytes along with Superanti spyware and the virus scanner every day? Thanks for resolving my issue.
    Reply With Quote Reply With Quote
  12. January 21st, 2010, 12:39 AM #10
    crunchie's Avatar
    crunchie
    crunchie is offline Single dad
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Quote Originally Posted by pontiacgta2002 View Post
    Okay I guess we are done here. The error is gone and my drive was disabled in device manager. One it was enabled I reactivated it in disk manager and all is good. So to stay health just run malware bytes along with Superanti spyware and the virus scanner every day? Thanks for resolving my issue.
    No worries .

    Just make sure the programs are updated before you scan.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules