[Tech for Glory]

Hello, I foolishly opened an exe I didn't trust, and now I've run into problems. I went through the standard procedure: Restart in safe mode, scan for viruses, with Spybot and AdAware, and some others. I still have the problem, though, and am now posting my Hijack This log.

Can someone tell me what I need to remove?

Thank you.

 

[Tech for Glory]

I did another anti-spyware scan and it found some more crap, so I cleaned it up, and now here is the latest HJT.

Thanks in advance for your help.

 

[Tech for Glory]

Everyone seems to be getting their HJT logs checked but me. Maybe it's cuz you guys don't want to download the log files?

Very well, I'll follow suit and post the whole thing here. Please let me know if I can remove anything. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 10:48:04 PM, on 12/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\My Downloads\Anti\HijackThis\hijackthis\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deadringerart.com/
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Launch Ai Booster] D:\Program Files\ASUS\Ai Booster\OverClk.exe 1
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] D:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [StarSkin] D:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = D:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Launchy.lnk = D:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: MagicTune3.6.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - D:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - D:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: TabletService - Wacom Technology, Corp. - D:\WINDOWS\system32\Tablet.exe

 

[MMJ]

The reason why is because the experts look for topics with no replies.

To help please describe your problem more and if you can post the antispyware log.

 

[Tech for Glory]

Okay, thank you.

My computer is randomly restarting. It says services.exe has unexpectedly quit and gives an error code 203.

Additionally, I can rarely shut down my computer to restart. It freezes when I go to Start -> Shut Down. When it does shut down, it gives me a memory error: "The instruction _________ could not be read at _________ Click okay to terminate the program."

I've done a search for similar problems, and they've pointed to the Sasser Worm and Blaster Virus. I've run Symantec's fix for both, and they come up empty.

Unfortunately, I don't have any other logs to give right now.

Thank you for helping me with this.