PDA

View Full Version : Gebca.dll Malware?



precision256
2006-09-04, 03:24
Here are my logs from Security Task Manager:

Security Task Manager: Computer ******, Benutzer Administrator, 9/3/2006 8:16:04 PM

Name Rating PID CPU Memory Active File Type Start Title, Description Manufacturer : product

gebca.dll 92% C:\WINDOWS\system32\gebca.dll Internet when Internet Explorer starts (Browser Extension) -
Java(TM) 2 Platform Standard Edition binary 66% C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll Internet when Internet Explorer starts SSVHelper Class (Browser Extension) Sun Microsystems, Inc. : Java(TM) 2 Platform Standard Edition 5.0 Update 8
Sigmatel Audio system tray application 59% 308 7.4 MB C:\WINDOWS\stsystra.exe Program 8:04:36 PM when Windows starts, Registry: Machine\Run SigmatelSysTray SigmaTel, Inc. : C-Major Audio
ATI Catalyst Control Center 58% 2696 6.2 MB 0:03 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe Program 8:04:44 PM when Windows starts, Registry: Machine\Run CLI Application (Command Line Interface) - Command Line Interface application for all ACE Components - GDI+ Window ATI Technologies Inc. : Catalyst Control Centre
GoogleToolbar 52% c:\program files\google\googletoolbar1.dll Internet when Internet Explorer starts Google IE Client Toolbar - Google Toolbar Helper (Browser Extension) Google Inc. : Google Toolbar for IE
ATI Catalyst Control Center 50% 3956 7.1 MB 0:01 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe Program 8:05:14 PM from ATI Catalyst Control Center CLI Application (Command Line Interface) - Command Line Interface application for all ACE Components ATI Technologies Inc. : Catalyst Control Centre
PowerDVD RC Service 49% 4048 4.1 MB C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Program 8:04:29 PM when Windows starts, Registry: Machine\Run CL RC Engine2 Dummy Winidow Cyberlink Corp. : PowerDVD
TouchPad Driver Helper Application 49% 4064 4.2 MB C:\Program Files\Synaptics\SynTP\SynTPLpr.exe Program 8:04:29 PM when Windows starts, Registry: Machine\Run Touchpad driver helper window Synaptics, Inc. : Synaptics Pointing Device Driver
ZeroCfgSvc MFC Application 49% 1724 14.5 MB 0:01 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe Program 8:04:43 PM when Windows starts, Registry: Machine\Run Available Networks Intel Corporation : ZeroCfgSvc Application
Adobe Acrobat IE Helper Version 7.0 for ActiveX 48% C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll Internet when Internet Explorer starts AcroIEHelper.AcroIEHlprObj.1 (Browser Extension) Adobe Systems, Incorporated : AcroIEHelper Library
Intel(R) PROSet/Wireless Event Log 42% 1476 11.7 MB C:\Program Files\Intel\Wireless\Bin\EvtEng.exe Program 8:03:09 PM Intel Corporation : Intel(R) PROSet/Wireless Event Log
Wireless Management Service 42% 1632 1% 12.2 MB 0:08 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe Program 8:03:14 PM IWMSWindow Intel Corporation : Intel(R) PROSet/Wireless Service
ewido anti-spyware guard 42% 1504 0.9 MB 0:01 C:\Program Files\ewido anti-spyware 4.0\guard.exe Program 8:03:33 PM Anti-Malware Development a.s. : ewido anti-spyware
RAID Monitor 42% 1600 1.4 MB C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe Program 8:03:33 PM Intel Corporation : RAID Monitor
PrismXL Service 42% 1916 1.8 MB C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS Program 8:03:36 PM New Boundary Technologies, Inc. : PrismXL Software Family
Intel(R) PROSet/Wireless Registry Service 42% 1844 3.0 MB C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe Program 8:03:40 PM Registry Interface for Intel Wireless Products Intel Corporation : Intel(R) PROSet/Wireless Registry Service
Intel 802.1x Server 42% 4260 15.1 MB C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe Program 8:07:08 PM Gsm Event Window Intel Corporation : Intel PROSet/Wireless
Office Source Engine 36% 1708 1.1 MB C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe Program 8:03:34 PM Microsoft Corporation : Office Source Engine
Java Update Scheduler 34% 524 3.1 MB C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe Program 8:04:38 PM when Windows starts, Registry: Machine\Run Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. : Java(TM) 2 Platform Standard Edition 5.0 Update 8
Symantec AntiVirus 33% 1828 8.3 MB 0:01 C:\Program Files\Common Files\Symantec Shared\ccApp.exe Program 8:04:39 PM when Windows starts, Registry: Machine\Run Symantec User Session - ccApp Symantec Corporation : Client and Host Security Platform
ViewMgr 30% 508 5.0 MB C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe Program 8:04:37 PM when Windows starts, Registry: Machine\Run Viewpoint Manager Notification Window Viewpoint Corporation : Viewpoint Manager
StyleXP Application 26% C:\Program Files\TGTSoft\StyleXP\StyleXP.exe Program when Windows starts, Registry: User\Run STYLEXP (not active) : StyleXP Application
Windows Defender 22% 1312 12.8 MB 0:07 C:\Program Files\Windows Defender\MsMpEng.exe Program 8:03:07 PM Service Executable Microsoft Corporation : Windows Defender
wizard.hta 21% %windir%\help\wizard.hta Program when Windows starts, Registry: Def\Run TabletWizard (not active) -
NA 21% NA Program when Windows starts, Registry: Def\Run Power2GoExpress (not active) -
QuickTime Task 21% C:\Program Files\QuickTime\qttask.exe Program when Windows starts, Registry: Machine\Run (not active) Apple Computer, Inc. : QuickTime
Firefox 19% 2832 25.9 MB 0:02 C:\Program Files\Mozilla Firefox\firefox.exe Program 8:14:37 PM from Windows Explorer Malware Removal - Safer Networking Forums - Mozilla Firefox Mozilla Corporation : Firefox
avast! Antivirus 18% 976 0.3 MB C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe Program 8:03:31 PM ALWIL Software :
ATI External Event Utility EXE Module 17% 1132 2.5 MB C:\WINDOWS\system32\Ati2evxx.exe Program 8:03:04 PM ATI video bios poller ATI Technologies Inc. : ATI External Event Utility for WindowsNT and Windows9X
ATI External Event Utility EXE Module 17% 3000 4.7 MB 0:08 C:\WINDOWS\system32\Ati2evxx.exe Program 8:03:57 PM ATI video bios poller client ATI Technologies Inc. : ATI External Event Utility for WindowsNT and Windows9X
Event Monitor User Notification Tool 16% 212 3.9 MB C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe Taskicon 8:04:33 PM when Windows starts, Registry: Machine\Run IAAMonitor Notify App, Intel Corporation : RAID Event Monitor
Intel Framework MFC Application 16% 1864 17.5 MB 0:06 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe Taskicon 8:04:43 PM when Windows starts, Registry: Machine\Run MCI command handling window, Intel PROSet/Wireless, Connected to: Dorm, Speed: 54.0 Mbps, Signal Quality: Excellent, IP Address: 192.168.1.100 Intel Corporation : Intel(R) PROSet/Wireless
Windows User Mode Driver Manager 16% 2164 1.7 MB C:\WINDOWS\system32\wdfmgr.exe Program 8:03:45 PM Microsoft Corporation : Microsoft® Windows® Operating System
SnippingTool 15% C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe Program when Windows starts, Registry: Machine\Run Snippet - Designed for Windows XP Tablet PC Edition -- use the pen to capture the contents of your Tablet PC's screen, then annotate, save, print, or send via email. (not active) Microsoft Corporation : Microsoft Snipping Tool
Symantec AntiVirus 13% 600 2.2 MB 0:01 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Program 8:03:29 PM SPBBC Service Symantec Corporation : SPBBC
Recovery Software Suite Gateway 11% C:\WINDOWS\SMINST\RECGUARD.EXE Program when Windows starts, Registry: Machine\Run Recguard MFC Application (not active) : Recguard Application
Symantec AntiVirus 8% 1988 2.8 MB 0:01 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Program 8:03:21 PM Symantec Event Manager Service Symantec Corporation : Client and Host Security Platform
Symantec AntiVirus 8% 172 3.2 MB C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Program 8:03:24 PM Symantec Settings Manager Service Symantec Corporation : Client and Host Security Platform
avast! Antivirus 8% 1188 7.3 MB 0:03 C:\Program Files\Alwil Software\Avast4\ashServ.exe Program 8:03:31 PM avast! antivirus service - aswServ helper window ALWIL Software : avast! Antivirus
Symantec AntiVirus 8% 1464 3.8 MB 0:01 C:\Program Files\Symantec AntiVirus\DefWatch.exe Program 8:03:32 PM Virus Definition Daemon Symantec Corporation : Symantec AntiVirus
Symantec AntiVirus 8% 2080 35.7 MB 0:22 C:\Program Files\Symantec AntiVirus\Rtvscan.exe Program 8:03:40 PM Scan Symantec Corporation : Symantec AntiVirus
Recovery Software Suite Gateway 6% C:\WINDOWS\Creator\Remind_XP.exe Program when Windows starts, Registry: Machine\Run Application Remind_XP - Reminder (not active) SoftThinks : Application Remind_XP
Adobe Common File Installer 6% C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Program when Windows starts, Registry: User\Startup Adobe Gamma Loader - Utility to set the video card's Gamma table (if the video driver supports it) using data set by Adobe Gamma. (not active) Adobe Systems, Inc. : Adobe Systems, Inc. Adobe Gamma Loader
Adobe Reader 7.0.8 6% C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Program when Windows starts, Registry: Machine\Common Startup Adobe Acrobat SpeedLauncher - Adobe Reader Speed Launch (not active) Adobe Systems Incorporated : Adobe Acrobat
Windows Defender 0% 668 7.8 MB 0:01 C:\Program Files\Windows Defender\MSASCui.exe Taskicon 8:04:40 PM when Windows starts, Registry: Machine\Run Windows Defender User Interface - Windows Defender (Beta 2), Windows Defender Microsoft Corporation : Windows Defender
Windows Messenger 0% C:\Program Files\Messenger\msmsgs.exe Program when Windows starts, Registry: User\Run MSMSGS (not active) Microsoft Corporation : Messenger
Synaptics TouchPad Enhancements 0% 4092 6.1 MB 0:01 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Taskicon 8:04:30 PM when Windows starts, Registry: Machine\Run Touchpad driver helper window, Synaptics Pointing Device Synaptics, Inc. : Synaptics Pointing Device Driver
Application executable file 0% 476 4.5 MB C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe Taskicon 8:04:37 PM when Windows starts, Registry: Machine\Run Motorola SM56 Modem Helper Motorola Inc. : SM56 Helper Win32 Utility
Symantec AntiVirus 0% 660 10.9 MB 0:01 C:\Program Files\Symantec AntiVirus\VPTray.exe Taskicon 8:04:39 PM when Windows starts, Registry: Machine\Run Missing Virus Definitions, Symantec AntiVirus Symantec Corporation : Symantec AntiVirus
avast! Antivirus 0% 2724 5.8 MB 0:01 C:\Program Files\Alwil Software\Avast4\ashDisp.exe Taskicon 8:04:45 PM when Windows starts, Registry: Machine\Run avast! service GUI component - aswDisp helper window, avast! Virus Recovery Database (VRDB) Generator ALWIL Software : avast! Antivirus
Security Task Manager 0% 2264 10.6 MB 0:02 C:\Program Files\Security Task Manager\TaskMan.exe Program 8:15:53 PM from Windows Explorer Security Task Manager A. & M. Neuber Software : Security Task Manager
Tablet PC Buttons Service 0% 3048 2.6 MB C:\WINDOWS\System32\tabbtnu.exe Taskicon 8:03:57 PM Tablet PC Buttons Service, Change tablet and pen settings Microsoft Corporation : Tablet PC
Windows Explorer 0% 3176 40.5 MB 0:23 C:\WINDOWS\Explorer.EXE Program 8:03:58 PM Program Manager, Microsoft Corporation : Microsoft® Windows® Operating System
Windows Security Center Notification App 0% 4296 3.3 MB C:\WINDOWS\system32\wscntfy.exe Taskicon 8:05:45 PM Windows Security Alerts Microsoft Corporation : Microsoft® Windows® Operating System
Notepad 0% 3824 5.6 MB 0:02 C:\WINDOWS\system32\NOTEPAD.EXE Program 8:14:26 PM hijackthis - Notepad Microsoft Corporation : Microsoft® Windows® Operating System


I've run multiple antivirus and antispyware programs and haven't been able to find much on the removal of gebca.dll. So far, it's caused system instability and a decrease in speed. Thanks so much for any help!

precision256
2006-09-04, 03:25
And also from Hijack this!:

Logfile of HijackThis v1.99.1
Scan saved at 8:14:26 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M285-E
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M285-E
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://learn.vt.edu
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

teacup61
2006-09-05, 08:08
Hello precision256,

Welcome to Safer Networking Forums :)

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Thanks,
tea

tashi
2006-09-10, 23:20
:confused:

This topic is closed due to lack of a response to helper, if you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.