Pipas.A Trouble HELP!

**backstage8** · 2005-12-30, 04:32

Logfile of HijackThis v1.99.1
Scan saved at 10:10:54 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\AOL\1135888142\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
F:\WINDOWS\wanmpsvc.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\atiptaxx.exe
F:\Program Files\Java\jre1.5.0\bin\jusched.exe
F:\Program Files\Symantec AntiVirus\DoScan.exe
F:\WINDOWS\System32\alg.exe
F:\Documents and Settings\Steve\Desktop\HijackThis.exe
F:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [OASClnt] F:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] F:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [dmdru.exe] F:\WINDOWS\system32\dmdru.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma06.mail.gm.com/iNotes.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128394424366
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E3AEDCF-B769-4B24-ABBF-0F8CD88D4D80}: NameServer = 85.255.114.74,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA099AF3-68E2-402F-BF2E-EC9CCB7156DD}: NameServer = 85.255.114.74,85.255.112.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E3AEDCF-B769-4B24-ABBF-0F8CD88D4D80}: NameServer = 85.255.114.74,85.255.112.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E3AEDCF-B769-4B24-ABBF-0F8CD88D4D80}: NameServer = 85.255.114.74,85.255.112.138
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - F:\Program Files\Common Files\AOL\1135888142\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - F:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe

**LonnyRJones** · 2005-12-30, 15:06

Hi

Lets take a look at a blacklite log
Download and run blacklite
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
!!Do not rename any files yet

**backstage8** · 2005-12-30, 15:58

Thank you for the help! Here is the Backlight log:

12/30/05 09:55:15 [Info]: BlackLight Engine 1.0.30 initialized
12/30/05 09:55:15 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/30/05 09:55:19 [Note]: 7019 4
12/30/05 09:55:19 [Note]: 7005 0
12/30/05 09:55:27 [Note]: 7006 0
12/30/05 09:55:28 [Note]: 7011 1592
12/30/05 09:55:30 [Note]: FSRAW library version 1.7.1014
12/30/05 09:55:42 [Note]: 4013 28602
12/30/05 09:55:42 [Note]: 4020 25438 4653056
12/30/05 09:55:42 [Note]: 4018 25438 4653056
12/30/05 09:55:42 [Note]: 4013 28602
12/30/05 09:55:42 [Note]: 4020 25438 4653056
12/30/05 09:55:42 [Note]: 4018 25438 4653056
12/30/05 09:56:35 [Note]: 7007 0

**LonnyRJones** · 2005-12-30, 16:10

Thanks

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan,
and check the following items(if there):
O4 - HKLM\..\Run: [dmdru.exe] F:\WINDOWS\system32\dmdru.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E3AEDCF-B769-4B24-ABBF-0F8CD88D4D80}: NameServer = 85.255.114.74,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA099AF3-68E2-402F-BF2E-EC9CCB7156DD}: NameServer = 85.255.114.74,85.255.112.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E3AEDCF-B769-4B24-ABBF-0F8CD88D4D80}: NameServer = 85.255.114.74,85.255.112.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E3AEDCF-B769-4B24-ABBF-0F8CD88D4D80}: NameServer = 85.255.114.74,85.255.112.138
============================================
Click Fix Checked. Close HijackThis, and click OK to proceed.

Note: If those 017s return or if there are connection problems

If You have connection problems or those 017's return >
Before doing this write down all the settings, Note that not all system/setups even have these settings, While some connection service's will require them.
(These instruction's are basicly for home users.)
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable one some systems

Finally, please post the contents of report.txt (it should open), along with a new HijackThis log.

**backstage8** · 2005-12-30, 16:56

Whewww...not too bad...a bit scary but...here is the new log

Logfile of HijackThis v1.99.1
Scan saved at 10:53:10 AM, on 12/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\AOL\1135888142\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\wanmpsvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\WINDOWS\system32\atiptaxx.exe
F:\Program Files\Java\jre1.5.0\bin\jusched.exe
F:\Program Files\mcafee.com\antivirus\oasclnt.exe
F:\Program Files\Symantec AntiVirus\DoScan.exe
F:\Program Files\Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [OASClnt] F:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] F:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dmhvm.exe] F:\WINDOWS\system32\dmhvm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma06.mail.gm.com/iNotes.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128394424366
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - F:\Program Files\Common Files\AOL\1135888142\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - F:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe

**backstage8** · 2005-12-30, 17:03

I never received a report.txt Is there something I need to rerun?

**backstage8** · 2005-12-30, 17:06

also...the folder that contains what SSD said was the trojan still exsists...
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\RUINS
Is this a BAD thing?

**LonnyRJones** · 2005-12-30, 17:46

Hi
did your pc reboot ?

Scan with hijackthis and fix this item
O4 - HKLM\..\Run: [dmhvm.exe] F:\WINDOWS\system32\dmhvm.exe
===============
And delete the file if it exists
open the c:\fixwareout folder find the report.txt and post it

**backstage8** · 2005-12-30, 18:02

The file...
O4 - HKLM\..\Run: [dmhvm.exe] F:\WINDOWS\system32\dmhvm.exe
has now changed to
O4 - HKLM\..\Run: [dmqjv.exe] F:\WINDOWS\system32\dmqjv.exe

Should I Fix and Delete this one?

**backstage8** · 2005-12-30, 18:07

Logfile of HijackThis v1.99.1
Scan saved at 11:55:05 AM, on 12/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\AOL\1135888142\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Symantec AntiVirus\DefWatch.exe
F:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
F:\WINDOWS\wanmpsvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
F:\WINDOWS\system32\atiptaxx.exe
F:\Program Files\Java\jre1.5.0\bin\jusched.exe
F:\Program Files\mcafee.com\antivirus\oasclnt.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [OASClnt] F:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] F:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dmqjv.exe] F:\WINDOWS\system32\dmqjv.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma06.mail.gm.com/iNotes.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128394424366
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - F:\Program Files\Common Files\AOL\1135888142\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - F:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: SAVRoam (SavRoam) - symantec - F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - F:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe

Thread: Pipas.A Trouble HELP!

Thread Tools

Display

Pipas.A Trouble HELP!

Backlight log

New HJT Log

report.txt

also...

Posting Permissions