Scan saved at 7:59:44 PM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600) - Media Center Edition
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Caught a virus (JS_Agent) from "chicagomission.com". Since then receiving "Generic Hist Process for Win32 Services has encountered a problem and needs to close" message after each reboot; Internet Explorer hangs; Outlook hangs; can not use Windows Command prompt (even in Safe Mode). Have run CCleaner & Glary Utilities; have scanned with Spybot, AVG Free 8.5, Malwarebytes, SUPER AntiSpyware, Norton AntiVirus 2009, Trend House Calls - each has found Trojans & removed them - PC still crippled.
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32inetsrvinetinfo.exe
C:Program FilesJavajre6binjqs.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesLogMeInx86RaMaint.exe
C:Program FilesLogMeInx86LogMeIn.exe
C:Program FilesNetwork AssociatesVirusScanSHSTAT.EXE
C:Program FilesCommon FilesNetwork AssociatesTalkBackTBMon.exe
C:Program FilesNetwork AssociatesCommon FrameworkUpdaterUI.exe
C:Program FilesLogMeInx86LogMeInSystray.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesLogMeInx86LMIGuardian.exe
C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
C:Program FilesLogMeInx86LMIGuardian.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
C:WINDOWSehomeehtray.exe
C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe
C:Program FilesLogitechQuickCamQuickcam.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Program FilesJavajre6binjusched.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:Program FilesNetwork AssociatesVirusScanMcshield.exe
C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSehomeRMSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesWindows Media PlayerWMPNSCFG.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesHPDigital Imagingbinhpqimzone.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesWindows LiveMessengerusnsvc.exe
C:Program FilesAVGAVG8aAvgApi.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program FilesNorton AntiVirusEngine16.5.0.134IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O4 - HKLM..Run: [ShStatEXE] "C:Program FilesNetwork AssociatesVirusScanSHSTAT.EXE" /STANDALONE
O4 - HKLM..Run: [Network Associates Error Reporting Service] "C:Program FilesCommon FilesNetwork AssociatesTalkBackTBMon.exe"
O4 - HKLM..Run: [McAfeeUpdaterUI] "C:Program FilesNetwork AssociatesCommon FrameworkUpdaterUI.exe" /StartedFromRunKey
O4 - HKLM..Run: [LogMeIn GUI] "C:Program FilesLogMeInx86LogMeInSystray.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [ISUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [ehTray] "C:WINDOWSehomeehtray.exe"
O4 - HKLM..Run: [LogitechCommunicationsManager] "C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe"
O4 - HKLM..Run: [LogitechQuickCamRibbon] "C:Program FilesLogitechQuickCamQuickcam.exe" /hide
O4 - HKLM..Run: [Ad-Watch] C:Program FilesLavasoftAd-AwareAAWTray.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-18..Run: [MySpaceIM] C:Program FilesMySpaceIMMySpaceIM.exe (User SYSTEM)
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User SYSTEM)
O4 - HKUS.DEFAULT..Run: [MySpaceIM] C:Program FilesMySpaceIMMySpaceIM.exe (User Default user)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra Tools menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra Tools menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra Tools menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://63.112.191.12/iNotes6W.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7592254625
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Code ... ontrol.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:Program FilesLogMeInx86RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:Program FilesLogMeInx86LogMeIn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:Program FilesNetwork AssociatesCommon FrameworkFrameworkService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:Program FilesCommon FilesMotiveMcciCMService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:Program FilesNetwork AssociatesVirusScanMcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:Program FilesNetwork AssociatesVirusScanVsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:Program FilesNorton AntiVirusEngine16.5.0.134ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
--
End of file - 12621 bytes
Read More...
No comments:
Post a Comment