Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer Freez - Winfixer 2005, ISearchTech.PowerScan, SurfAccuracy


  • This topic is locked This topic is locked
21 replies to this topic

#1 E Shrode

E Shrode

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 21 February 2006 - 01:06 PM

Asttached is my HijackThisLogs. I have followed your instruction and downloaded and run Spyware Blaster, Spyware Guard and Spybot Search & Destroy. Although they did remove numerous files, they still advised I need to remove WinFixer 2005, ISearchTech.PowerScan and SurfAccuracy from my start up registery. When I atttempted to do so I got an error 10:31 message saying "removal denied". Thanks for your help.

Eric

Logfile of HijackThis v1.97.7
Scan saved at 10:50:30 AM, on 2/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IEPopupKiller\PopupKillerTray.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31801B7B-6A29-43A2-A54F-A8920FA70F9C} - C:\Program Files\IEPopupKiller\IEPopupKillerBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Cleanup] C:\Program Files\Complete Cleanup\compind.bat
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\uwfx5.exe /scan
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 February 2006 - 03:15 PM

E Shrode, :D Welcome to the forum, sorry about the delay but we are swamped with logs. Your HJT program is very outdated, please use the links in my signature to download and install the latest version 1.99.1 and please make sure its in its own folder. Your older version is right where we want it, so delete that one and install the new version in the same folder. Then run the program and post a new log please. The older version is not showing me the whole picture. Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 E Shrode

E Shrode

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 01 March 2006 - 07:24 AM

:D Thanks for your help. Here is the new file.

Logfile of HijackThis v1.99.1
Scan saved at 5:17:40 AM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IEPopupKiller\PopupKillerTray.exe
C:\HJT\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEPopupKillerBHO.CIEPopupKillerBHO - {31801B7B-6A29-43A2-A54F-A8920FA70F9C} - C:\Program Files\IEPopupKiller\IEPopupKillerBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Cleanup] C:\Program Files\Complete Cleanup\compind.bat
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\uwfx5.exe /scan
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 March 2006 - 08:51 AM

Good Morning E Shrode :D ,

Do you know what this is ? Generally when I cant find any info on a entry it is usually bad.
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe


You need to disable the Tea Timer in Spybot or it will interfere wiht any fixes, also the one in Spyware Guard.

Spybot - Go to Mode> Advanced Mode> Tools > Resident
and take the checkmark out of TeaTimer

SW Guard - click on the icon in the system tray and go to options and remove all the checkmarks for the background guard.




Have you tried removing any of these programs from your computer? If not go to the Add-Remove Programs in the Control Panel and see if you can remove them. Let me know which ones you could remove if any.
C:\Program Files\SurfAccuracy
C:\Program Files\Power Scan
C:\Program Files\WinFixer 2005


After you try to remove them, you have to enable windows to show all files and folders.

SHOW HIDDEN FILES AND FOLDERS

* Click on MY COMPUTER
* Then on your C: Drive
* Then to TOOLS/ FOLDER OPTIONS/ VIEW
* Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
* Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
* Then APPLY/ OK

* Don't forget to reverse this once your computer is clean




Download and install Ewido Anti-Malware
Ewido Anti-Malware
* Launch Ewido, there should be an icon on your desktop for it to double-click.
o Click on update
o You should see Update Complete when done.
o Now close out the program <-- Dont run it yet


Now reboot into Safemode
* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD


Now open Ewido
o Click on scanner.
o Run a full system scan
o Let the program scan the machine.
o While the scan is in progress you will be prompted to clean files, click OK.
o Select Perform action on all infections
o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
o Click Save report.
o Save the report to your desktop.


While in Safemode Open HJT Scan Only , close all open windows , put a checkmark in the following enties and click on Fix Checked.

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\uwfx5.exe /scan




While still in Safemode, look for and deletet the folders in Red.

C:\Program Files\SurfAccuracy
C:\Program Files\Power Scan
C:\Program Files\WinFixer 2005


Reboot normally


Download and Install CCleaner

* Click on Run Cleaner
* Run the Issues Scan < When it asks you to backup the Registry..Say Yes


Tutorial for CCleaner
http://www.ccleaner.com/help/tour1.asp



Please post back with the Ewido Report, a new HJT log and I need to know about the 023 entry that I asked about. Also let me know which if any of those programs you where able to get rid of.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 E Shrode

E Shrode

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 01 March 2006 - 09:11 AM

Sorry to be a dunderhead, but I can't seem to find a "systems tray" and nothing happens when I click on the SG icon where I do find it. I tried opening the program in program files, etc. but can't get to where I have "options" to click on. I did turn off SpyBot TeaTimer. Will follow the rest of your instructions as soon as I can turn off SpyGuard. Eric

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 March 2006 - 10:04 AM

NP, everyones computer is different .

You can go to Start> All Programs > Spyware Guard> Spyware Guard and you should see a red SG on the Tray by the clock. You can doubleclick to open it and go to Options and take the checkmark out of the three entries.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 E Shrode

E Shrode

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 01 March 2006 - 05:10 PM

:D OK! In order of your instructions:

1. I don't know what the 023 entry is about.
2. None of the subject programs were listed when I ran Remove Programs. (I think they were previously removed by SpyBot)
3. I ran Ewido Anti-Malware with the report of:

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:11:04 PM, 3/1/2006
+ Report-Checksum: 77599569

+ Scan result:

C:\Documents and Settings\Rick\Cookies\rick@e-2dj6wgkioocjgcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup


::Report End

4. In safemode I did the HJT Scan Only and fixed the subject programs
5. I could find no folders in Program Files for the subject programs.
6. I ran CCleaner.

7. Here is the latest HJY Scan.

Logfile of HijackThis v1.99.1
Scan saved at 3:54:56 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IEPopupKiller\PopupKillerTray.exe
C:\HJT\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEPopupKillerBHO.CIEPopupKillerBHO - {31801B7B-6A29-43A2-A54F-A8920FA70F9C} - C:\Program Files\IEPopupKiller\IEPopupKillerBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Cleanup] C:\Program Files\Complete Cleanup\compind.bat
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

Lastly, I have not yet reversed the "show Hidden Files and Folders" setting on my computer. Should I do that now or wait until we finish the clean up?

Should I run SpyBot again to see if all is cleanewd up?

Thanks for your help Ken, I really appreciate it. Will make a contribution to the site.

#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 March 2006 - 06:44 PM

Eric,

That service running in the 023 entry, has me a little worried. Nothing is coming up when I do any kind of a search for it.

Lets do this, go to C:\Program Files and see what kind of program you have installed related to Photos. Post back and let me know.

Open up HJT Misc Tools > Open Uninstall Manager then click on Save List and paste the list in this thread for me to look at.

For the time being you can leave the hidden files enabled, we can reverse it when we know your all clean.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 E Shrode

E Shrode

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 02 March 2006 - 09:31 AM

:D OK, the files that I know of that have something to do with Photos are: HP PhotoSmart Kodak EasyShareSoftware PhotoDlx Photo TurboBackup Adobe® Photoshop The Uninstall Manager Save List is: Ad-Aware SE Personal Adobe Download Manager 2.0 (Remove Only) Adobe Reader 7.0.5 Adobe® Photoshop® Album Starter Edition 3.0 AVG Free Edition Belarc Advisor 6.1 Better Homes and Gardens Interior Designer 7.0 Better Homes and Gardens Interior Designer 7.0 Training Videos CardRd81 CCleaner (remove only) CCScore Complete Cleanup CR2 ESSBrwr ESSCDBK ESScore ESSCT ESSEMAIL ESSgui ESShelp ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS ESSTUTOR essvcpt ESSvpaht ESSvpot ewido anti-malware Forté Agent HijackThis 1.99.1 HLPIndex HLPPDOCK HLPSFO IE Popup Killer version 2.0 InterVideo WinDVD 4 Kodak EasyShare software KSU Microsoft .NET Framework 1.1 Microsoft Office 2000 Professional Notifier NTI DVD-Maker OfotoXMI OTtBP OTtBPSDK Photo TurboBackup QuickTime Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) SFR SHASTA SKIN0001 SKINXSDK Spy Sweeper Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 SpywareGuard v2.2 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB910437) VIA Rhine-Family Fast Ethernet Adapter VPRINTOL Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WIRELESS Yahoo! Toolbar Just for my info - I now have downloaded and run: Spybot-Search & Destroy (This morning it found no problems) SpywareBlaster SpyGuard Ewido Anti-malware and I already had the following programs which run upon boot-up AVG Free (Anti-Virus) SpySweeper IEPopupKiller Do I have to worry about these programs interfering with each other? Should I keep updating and running each of them on a weekly or monthly basis? Once again, thanks for your help. Hopefully, with your help educating me I will not have to bother yu guys again. Regards Eric

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 March 2006 - 10:09 AM

Eric, The malware prevention programs you are running are fine together, where you get into problems is when you have more than one Anti-Virus program on the same system. If Ewido is a trial, you can keep it after the 30 days, you can get updates and run the scans, you will just lose the background guard feature. Its a great program but will use a lot of system resources. I see you have Spysweeper installed, if its not the trial and you can run a scan, run the scan and paste the report into this thread. Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#11 E Shrode

E Shrode

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 02 March 2006 - 01:31 PM

I ran Ad-Aware SE this morning with the following results. I'm not sure what they mean and have not taken any action at this time. I will run SpySweeper next and post the results. Eric Ad-Aware SE Build 1.06r1 Logfile Created on:Thursday, March 02, 2006 8:37:03 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R94 28.02.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):12 total references Surfaccuracy(TAC index:5):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 3-2-2006 8:37:04 AM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Rick\Application Data\microsoft\office\recent Description : MRU List Object Recognized! Location: : C:\Documents and Settings\Rick\recent Description : MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : MRU List Object Recognized! Location: : S-1-5-21-602162358-746137067-682003330-1004\software\microsoft\internet explorer\typedurls Description : MRU List Object Recognized! Location: : S-1-5-21-602162358-746137067-682003330-1004\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru Description : MRU List Object Recognized! Location: : S-1-5-21-602162358-746137067-682003330-1004\software\microsoft\office\9.0\excel\recent files Description : MRU List Object Recognized! Location: : S-1-5-21-602162358-746137067-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : MRU List Object Recognized! Location: : S-1-5-21-602162358-746137067-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : MRU List Object Recognized! Location: : S-1-5-21-602162358-746137067-682003330-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : MRU List Object Recognized! Location: : S-1-5-21-602162358-746137067-682003330-1004\software\microsoft\windows media\wmsdk\general Description : Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 528 ThreadCreationTime : 3-2-2006 3:01:25 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 608 ThreadCreationTime : 3-2-2006 3:01:28 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 632 ThreadCreationTime : 3-2-2006 3:01:29 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 676 ThreadCreationTime : 3-2-2006 3:01:29 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 688 ThreadCreationTime : 3-2-2006 3:01:29 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 840 ThreadCreationTime : 3-2-2006 3:01:30 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 904 ThreadCreationTime : 3-2-2006 3:01:31 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1000 ThreadCreationTime : 3-2-2006 3:01:31 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1052 ThreadCreationTime : 3-2-2006 3:01:31 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1096 ThreadCreationTime : 3-2-2006 3:01:32 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1380 ThreadCreationTime : 3-2-2006 3:01:34 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1536 ThreadCreationTime : 3-2-2006 3:01:42 PM BasePriority : Normal FileVersion : 7,1,0,365 ProductVersion : 7.1.0.365 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:13 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1548 ThreadCreationTime : 3-2-2006 3:01:42 PM BasePriority : Normal FileVersion : 7,1,0,349 ProductVersion : 7.1.0.349 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:14 [ewidoctrl.exe] FilePath : C:\Program Files\ewido anti-malware\ ProcessID : 1600 ThreadCreationTime : 3-2-2006 3:01:43 PM BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:15 [ewidoguard.exe] FilePath : C:\Program Files\ewido anti-malware\ ProcessID : 1620 ThreadCreationTime : 3-2-2006 3:01:43 PM BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : guard CompanyName : ewido networks FileDescription : guard InternalName : guard LegalCopyright : Copyright © 2004 OriginalFilename : guard.exe #:16 [pbkntservice.exe] FilePath : C:\PROGRA~1\FILEST~1\PHOTOT~1\ ProcessID : 1680 ThreadCreationTime : 3-2-2006 3:01:43 PM BasePriority : Normal #:17 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1868 ThreadCreationTime : 3-2-2006 3:01:47 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:18 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 400 ThreadCreationTime : 3-2-2006 3:01:53 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:19 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 812 ThreadCreationTime : 3-2-2006 3:01:58 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:20 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 864 ThreadCreationTime : 3-2-2006 3:01:58 PM BasePriority : Normal FileVersion : 7,1,0,355 ProductVersion : 7.1.0.355 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:21 [avgemc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1172 ThreadCreationTime : 3-2-2006 3:02:01 PM BasePriority : Normal FileVersion : 7,1,0,371 ProductVersion : 7.1.0.371 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgemc.exe #:22 [apdproxy.exe] FilePath : C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\ ProcessID : 1260 ThreadCreationTime : 3-2-2006 3:02:01 PM BasePriority : Normal #:23 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 1300 ThreadCreationTime : 3-2-2006 3:02:02 PM BasePriority : Normal FileVersion : 6.4 ProductVersion : QuickTime 6.4 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2003 OriginalFilename : QTTask.exe #:24 [spysweeper.exe] FilePath : C:\Program Files\Webroot\Spy Sweeper\ ProcessID : 1596 ThreadCreationTime : 3-2-2006 3:02:04 PM BasePriority : Normal FileVersion : 2.6.1.45 ProductVersion : 1.0.0.0 ProductName : Spy Sweeper CompanyName : Webroot Software, Inc. FileDescription : Spy Sweeper LegalCopyright : Copyright © 2001-2003 Webroot Software, Inc. #:25 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 1772 ThreadCreationTime : 3-2-2006 3:02:05 PM BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:26 [pbksche.exe] FilePath : C:\PROGRA~1\FILEST~1\PHOTOT~1\ ProcessID : 1232 ThreadCreationTime : 3-2-2006 3:02:06 PM BasePriority : Normal FileVersion : 3, 0, 0, 0 ProductVersion : 3, 0, 0, 0 ProductName : Scheduler CompanyName : FileStream, Inc. FileDescription : Scheduler InternalName : tbkSche.exe LegalCopyright : Copyright © 2003-2005 FileStream, Inc. OriginalFilename : tbkSche.exe #:27 [wincinemamgr.exe] FilePath : C:\Program Files\InterVideo\Common\Bin\ ProcessID : 1984 ThreadCreationTime : 3-2-2006 3:02:08 PM BasePriority : Normal FileVersion : 1.0 ProductVersion : 1, 0, 0, 1 ProductName : WinCinema Manager for InterVideo WinCinema products FileDescription : WinCinema Manager InternalName : WinCinema Manager LegalCopyright : Copyright © 2000 InterVideo Inc. OriginalFilename : WinCinemaMgr.EXE #:28 [easyshare.exe] FilePath : C:\Program Files\Kodak\Kodak EasyShare software\bin\ ProcessID : 1132 ThreadCreationTime : 3-2-2006 3:02:12 PM BasePriority : Normal FileVersion : 5, 0, 38, 20 ProductVersion : 5, 1, 0, 45 ProductName : KODAK EasyShare Software FileDescription : KODAK EasyShare Software InternalName : EasyShare LegalCopyright : © Eastman Kodak Company, 2002-2005. All Rights Reserved. OriginalFilename : EasyShare.exe #:29 [kodak software updater.exe] FilePath : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\ ProcessID : 1036 ThreadCreationTime : 3-2-2006 3:02:12 PM BasePriority : Normal #:30 [sgmain.exe] FilePath : C:\Program Files\SpywareGuard\ ProcessID : 1284 ThreadCreationTime : 3-2-2006 3:02:14 PM BasePriority : Normal FileVersion : 2.02.0001 ProductVersion : 2.02.0001 ProductName : SpywareGuard FileDescription : SpywareGuard InternalName : sgmain LegalCopyright : Copyright © 2002-2003 Javacool Software LLC OriginalFilename : sgmain.exe Comments : SpywareGuard #:31 [sgbhp.exe] FilePath : C:\Program Files\SpywareGuard\ ProcessID : 1264 ThreadCreationTime : 3-2-2006 3:02:20 PM BasePriority : Normal FileVersion : 2.02.0001 ProductVersion : 2.02.0001 ProductName : SG Browser Hijacking Protection FileDescription : SG Browser Hijacking Protection InternalName : sgbhp LegalCopyright : Copyright © 2002-2003 Javacool Software LLC. OriginalFilename : sgbhp.exe Comments : SG Browser Hijacking Protection #:32 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 360 ThreadCreationTime : 3-2-2006 4:02:11 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:33 [popupkillertray.exe] FilePath : C:\Program Files\IEPopupKiller\ ProcessID : 2216 ThreadCreationTime : 3-2-2006 4:02:12 PM BasePriority : Normal FileVersion : 2.00 ProductVersion : 2.00 ProductName : IEPopupKillerTray CompanyName : aa InternalName : PopupKillerTray OriginalFilename : PopupKillerTray.exe #:34 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3524 ThreadCreationTime : 3-2-2006 4:33:14 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Surfaccuracy Object Recognized! Type : File Data : A0004433.exe TAC Rating : 5 Category : Malware Comment : Object : C:\System Volume Information\_restore{44E81733-518E-4D68-88F3-B67F8E7BC1D9}\RP28\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : SAcc Application InternalName : SAcc LegalCopyright : Copyright © 2004 OriginalFilename : SAcc.EXE Surfaccuracy Object Recognized! Type : File Data : A0004434.exe TAC Rating : 5 Category : Malware Comment : Object : C:\System Volume Information\_restore{44E81733-518E-4D68-88F3-B67F8E7BC1D9}\RP28\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 14 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 14 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 14 8:44:23 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:07:19.94 Objects scanned:113175 Objects identified:2 Objects ignored:0 New critical objects:2

#12 E Shrode

E Shrode

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 02 March 2006 - 02:05 PM

:D OK SpySweeper found no files. Copy of report follows: Think we have a clean machine? Regards Eric |··· Thursday, 2 March 2006 07:02 AM ···| 12:38 PM Sweeping memory for active software. 12:38 PM Memory sweep has completed. 12:40 PM Registry sweep completed. 12:40 PM Full sweep on all local drives initiated. 12:40 PM Now sweeping drive C: 12:46 PM Full Sweep has completed. Elapsed time 0 hours, 8 minutes, 24 seconds. Files swept: 30,561 Software Located: 0

#13 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 March 2006 - 03:03 PM

Eric, Post one last HJT log and if it looks all clean, I have some tips and free tools for you to install to help keep you more secure on the internet. Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#14 E Shrode

E Shrode

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 03 March 2006 - 07:27 AM

:D Good Morning Ken

I did have Ad-Aware SE delete the 12 references it found to SurfAccuracy - I now believe we are clean.
Did you find out what the 023 reference was all about? Thanks a lot for your help. Here is the logfile you requested.

Eric

Logfile of HijackThis v1.99.1
Scan saved at 6:09:27 AM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IEPopupKiller\PopupKillerTray.exe
C:\HJT\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEPopupKillerBHO.CIEPopupKillerBHO - {31801B7B-6A29-43A2-A54F-A8920FA70F9C} - C:\Program Files\IEPopupKiller\IEPopupKillerBHO.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Cleanup] C:\Program Files\Complete Cleanup\compind.bat
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

#15 E Shrode

E Shrode

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 03 March 2006 - 07:51 AM

:( DRATS! My computer just froze again while in IE. Had to re-boot. Perhaps we shouldt put the 023 reference into quarantine (just in case we do need it) to see if that stops the problem. What do you think? Eric

Related Topics



1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users