#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2010
    Posts
    7
    Rep Power
    0

    Trojan causes errors in WinXP display, and other programs


    Hi

    I've been having a number of issues with my laptop as of late. While not entirely incapacitating, there appears to be a trojan or malware in my system that conventional antivirus programs can't eliminate, and it is causing a number of annoyances, such as causing svchost.exe to sporadically hog huge amounts of CPU and my WinXP taskbar to randomly switch to the "Windows Classic" style and back.

    I'll post the few logs I've made that the instructions for this subforum said to do.

    Malwarebytes' Anti-Malware 1.50.1.1100
    (URL address blocked: See forum rules)

    Database version: 5591

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/24/2011 12:35:11 PM
    mbam-log-2011-01-24 (12-35-11).txt

    Scan type: Quick scan
    Objects scanned: 155306
    Time elapsed: 8 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\networkservice\application data\wrt7.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\documents and settings\owner.your-c37db1d973\application data\wrt7.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    SUPERAntiSpyware Scan Log
    (URL address blocked: See forum rules)

    Generated 01/24/2011 at 01:57 PM

    Application Version : 4.48.1000

    Core Rules Database Version : 6264
    Trace Rules Database Version: 4076

    Scan type : Complete Scan
    Total Scan Time : 00:51:02

    Memory items scanned : 751
    Memory threats detected : 0
    Registry items scanned : 6341
    Registry threats detected : 0
    File items scanned : 26194
    File threats detected : 33

    Rogue.Palladium
    C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\uid_pal

    Adware.Tracking Cookie
    crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XG6H44GK ]
    media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XG6H44GK ]
    media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XG6H44GK ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XG6H44GK ]
    crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
    media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
    media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
    media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
    media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
    objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2NFR22DA ]
    .2o7.net [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
    .xiti.com [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
    tracking.gameforge.de [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
    .server.cpmstar.com [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
    .server.cpmstar.com [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]
    (URL address blocked: See forum rules) [ C:\Documents and Settings\Owner.YOUR-C37DB1D973\Application Data\Mozilla\Firefox\Profiles\kpqfx70b.default\cookies.sqlite ]

    Trojan.Agent/Gen-Nullo[Short]
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP0\A0000415.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP2\A0001011.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP2\A0001012.EXE

    Trojan.Agent/Gen-Banker
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3\A0003982.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3\A0003996.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3\A0003997.EXE

    Rootkit.Agent/Gen-Trexer
    C:\WINDOWS\TEMP\10.TMP
    C:\WINDOWS\TEMP\28.TMP
    C:\WINDOWS\TEMP\29.TMP
    C:\WINDOWS\TEMP\E.TMP
    BitDefender Online Scanner







    Scan report generated at: Mon, Jan 24, 2011 - 17:04:07









    Scan path: C:\;D:\;E:\;F:\;G:\;















    Statistics

    Time


    01:52:25

    Files


    575204

    Folders


    8761

    Boot Sectors


    0

    Archives


    16397

    Packed Files


    43173







    Results

    Identified Viruses


    3

    Infected Files


    6

    Suspect Files


    0

    Warnings


    0

    Disinfected


    0

    Deleted Files


    4







    Engines Info

    Virus Definitions


    6676115

    Engine build


    AVCORE v2.1 Windows/i386 11.0.0.42 (Oct 18 2010)

    Scan plugins


    18

    Archive plugins


    44

    Unpack plugins


    10

    E-mail plugins


    6

    System plugins


    4







    Scan Settings

    First Action


    Disinfect

    Second Action


    Delete

    Heuristics


    Yes

    Enable Warnings


    Yes

    Scanned Extensions


    *;

    Exclude Extensions




    Scan Emails


    Yes

    Scan Archives


    Yes

    Scan Packed


    Yes

    Scan Files


    Yes

    Scan Boot


    Yes








    Scanned File


    Status

    C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\arpot\95027-578-13.dat


    Infected with: Gen:Variant.TDss.48

    C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\arpot\95027-578-13.dat


    Deleted

    C:\WINDOWS\system32\ersvc9.dll


    Infected with: Gen:Variant.Vundo.5

    C:\WINDOWS\system32\ersvc9.dll


    Deleted

    C:\WINDOWS\Temp\10.tmp


    Infected with: Trojan.Generic.KDV.116285

    C:\WINDOWS\Temp\10.tmp


    Deleted

    C:\WINDOWS\Temp\13.tmp


    Infected with: Trojan.Generic.KDV.116285

    C:\WINDOWS\Temp\13.tmp


    Delete failed

    C:\WINDOWS\Temp\2C.tmp


    Infected with: Trojan.Generic.KDV.116285

    C:\WINDOWS\Temp\2C.tmp


    Deleted

    C:\WINDOWS\Temp\2D.tmp


    Infected with: Trojan.Generic.KDV.116285

    C:\WINDOWS\Temp\2D.tmp


    Delete failed
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:13:32 PM, on 1/24/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\svchost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = (URL address blocked: See forum rules)=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = (URL address blocked: See forum rules)=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = (URL address blocked: See forum rules)=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = (URL address blocked: See forum rules)=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = (URL address blocked: See forum rules)=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = (URL address blocked: See forum rules)=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = (URL address blocked: See forum rules)=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
    R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (file missing)
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Trillian Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner.YOUR-C37DB1D973\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Xbegeru] rundll32.exe "C:\WINDOWS\mserpdr.dll",Startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - (URL address blocked: See forum rules)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 10920 bytes
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2011
    Posts
    1
    Rep Power
    0

    Same problem


    I seem to have the same problem you have. I was wondering if you made any progress in getting rid of this virus. It's very annoying.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    67
    Rep Power
    4
    I guess upgrading with a newer version and scanning is the only solution when you don't know what exactly solution is.
    Visit ESDS website for Rich Data Center Web Hosting and Software Services at Affordable Costs.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2011
    Posts
    7
    Rep Power
    0
    Get an upgraded version...this will help you
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Oct 2009
    Location
    Nebraska, USA
    Posts
    876
    Rep Power
    275
    try using Combofix http://www.combofix.org/

IMN logo majestic logo threadwatch logo seochat tools logo