Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: winvercp.exe - Virus? Slowdowns?

  1. #1
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default winvercp.exe - Virus? Slowdowns?

    winvercp.exe popping up in Online Armor Firewall

    CPU usage and fan are also running higher/hotter than normal.

    Any help would be much appreciated.

    Thanks,
    CP

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:51:16 PM, on 3/16/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    D:\Online Armor\OAcat.exe
    D:\Online Armor\oasrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Avira\AntiVir Desktop\sched.exe
    D:\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\digtizer.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Materialise\LicenseFiles\LicSrv50.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Fujitsu\Utils\FjDspMon.exe
    D:\iTunes\iTunesHelper.exe
    C:\Program Files\Fujitsu\Utils\fjevents.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Fujitsu\Utils\FjMenu.exe
    C:\WINDOWS\system32\igfxext.exe
    D:\Avira\AntiVir Desktop\avgnt.exe
    D:\Online Armor\oaui.exe
    D:\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    D:\Online Armor\OAhlp.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    D:\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    d:\avira\antivir desktop\avcenter.exe
    D:\Avira\AntiVir Desktop\avscan.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\Program Files\VirusRemoval\HJT\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://us.rd.yahoo.com/customize/yco...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital

    Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe

    Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

    D:\PROGRA~1\VIRUSR~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

    D:\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program

    Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

    Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital

    Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program

    Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
    O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe"

    /tf Intel Wireless Tray
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

    9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "D:\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\VirusRemoval\ERUNT\AUTOBACK.EXE
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

    Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program

    Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program

    Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program

    Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat

    8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    D:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    D:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    D:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program

    Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    D:\PROGRA~1\VIRUSR~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\VIRUSR~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=58813
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

    D:\MICROS~1\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common

    Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir

    Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir

    Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
    O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing)
    O23 - Service: IntelŽ PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program

    Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common

    Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

    Files\Java\jre6\bin\jqs.exe
    O23 - Service: Materialise Local License Server 5.0 (MatLocalLicenceServer50) - Unknown owner -

    C:\Program Files\Common Files\Materialise\LicenseFiles\LicSrv50.exe
    O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International -

    C:\WINDOWS\system32\o2flash.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - D:\Online Armor\OAcat.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program

    Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: IntelŽ PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program

    Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: IntelŽ PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation -

    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks

    Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - D:\Online Armor\oasrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth

    Toshiba Stack\TosBtSrv.exe
    O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file

    missing)

    --
    End of file - 14366 bytes

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please turn word wrap off in Notepad. It makes logs more readable.

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default

    Thanks Blade, will do.

    BTW - the first DDS link does not work (FYI).

  4. #4
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default

    Here you go: attached.

    Thanks for your help! - CP

  5. #5
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi CP,


    Show hidden files
    -----------------
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.

    Upload C:\WINDOWS\system32\winvercp.exe file to http://www.virustotal.com and post back the results.

    Please see in task manager (ctrl+alt+del) what processes use most CPU (system idle process excluded).


    Download ATF (Atribune Temp File) CleanerŠ by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default

    Hi Blade,

    I cannot seem to find the file. HJT lists it as missing. Perhaps it was cleaned by my antivirus?

    Here's a new HJT.

    Tx.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:46:33 PM, on 3/20/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    D:\Online Armor\OAcat.exe
    D:\Online Armor\oasrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Avira\AntiVir Desktop\sched.exe
    D:\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\digtizer.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Materialise\LicenseFiles\LicSrv50.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Fujitsu\Utils\FjDspMon.exe
    C:\Program Files\Fujitsu\Utils\fjevents.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Fujitsu\Utils\FjMenu.exe
    D:\MICROS~1\Office12\OUTLOOK.EXE
    D:\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    D:\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    D:\Online Armor\oaui.exe
    D:\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    D:\Online Armor\OAhlp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    D:\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    D:\iTunes\iTunes.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\VirusRemoval\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\VIRUSR~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
    O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "D:\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\VirusRemoval\ERUNT\AUTOBACK.EXE
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\VIRUSR~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\VIRUSR~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
    O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing)
    O23 - Service: IntelŽ PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Materialise Local License Server 5.0 (MatLocalLicenceServer50) - Unknown owner - C:\Program Files\Common Files\Materialise\LicenseFiles\LicSrv50.exe
    O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - D:\Online Armor\OAcat.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: IntelŽ PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: IntelŽ PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - D:\Online Armor\oasrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file missing)

    --
    End of file - 14292 bytes

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Ok. Please continue with other steps listed in my previous post
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default

    Hi Blade,

    Will run the scan tonight - it took quite some time to download the updates.

    Please leave this thread open.

    Tx - CP

  9. #9
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Ok. Thanks for the heads up
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Member
    Join Date
    Nov 2009
    Posts
    48

    Default

    Hi Blade,

    Attached is my KAS report. Does KAS usually take >6hrs to run?

    Tx - CP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •