Log Help

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Log Help, Computer is a bit slow

Options

Chase View Member Profile	Sep 10 2007, 07:19 PM Post #1
Authentic Member Group: Authentic Member Posts: 74 Joined: 1-August 07 From: Houston, Texas Member No.: 71,815 Operating System: XP	My mom's computer has been running slow lately, and she's been getting pop-ups, so I thought I'd run the computer's HJT log file past you guys: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:18:45 PM, on 9/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\1100823383\ee\SSCEvtHdlr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Common Files\AOL\1100823383\ee\aolsoftware.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\program files\common files\aol\1100823383\ee\anotify.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {02833E71-76FD-21D7-31CF-3DF95B3F438B} - C:\WINDOWS\System32\hdbhqkyw.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {15493A03-4322-1FBD-355C-E9E997D6970A} - C:\WINDOWS\system32\oatkdzzv.dll (file missing) O2 - BHO: (no name) - {27737FFC-7A59-3D2E-FBA7-3F56A7938E11} - C:\WINDOWS\System32\cljrajvn.dll (file missing) O2 - BHO: (no name) - {358AE56B-D804-31C3-15BC-85F7CFB7F7BC} - C:\WINDOWS\System32\mhaawlye.dll (file missing) O2 - BHO: SDWin32 Class - {43A3BAB5-E85D-4A9E-80F0-67F9DB3AE8FC} - C:\WINDOWS\system32\qikhv.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: FunBar - {2CA511C5-C677-4e33-A018-EADF07E08299} - C:\DOCUME~1\Owner\Desktop\FUNBAR~1.01\funbar.dll (file missing) O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [qikhvc] C:\WINDOWS\system32\qikhvc.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [3FrS35g] hostopl.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100823383\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Io02RRM3V] hdbedit.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - http://www.michyland.com/Xmas/WallPaper/SantasWorkshop.jpg O24 - Desktop Component 1: (no name) - http://www.endymion.org/images/leann_rimes.jpg -- End of file - 14865 bytes Thanks!

__RiP_ChAiN_ View Member Profile	Sep 10 2007, 08:21 PM Post #2
GeekU Teacher Group: Visiting Teacher Posts: 142 Joined: 28-December 05 From: U.S.A Member No.: 47,160 Operating System: Windows Vista x64/x86 Ultimate/Windows XP Professional SP2	Hello Chase, Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post. Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Chase View Member Profile	Sep 10 2007, 08:36 PM Post #3
Authentic Member Group: Authentic Member Posts: 74 Joined: 1-August 07 From: Houston, Texas Member No.: 71,815 Operating System: XP	Hi, Here's my Uninstall List: 2Wire Wireless Client 3D Groove Playback Engine Adobe Flash Player 9 ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.0 Adobe® Photoshop® Album Starter Edition 3.0 AIM Toolbar AOL Coach Version 2.0(Build:20041026.5 en) AOL Deskbar AOL Instant Messenger AOL Toolbar AOL Uninstaller (Choose which Products to Remove) AOL You've Got Pictures Screensaver Apple Software Update ArcSoft Camera Suite AT&T Yahoo! Applications CA Pest Patrol Realtime Protection Compaq Connections Easy Internet Sign-up GdiplusUpgrade Google Desktop Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) HP Deskjet Preloaded Printer Drivers HP PSC & OfficeJet 3.0 HP Software Update HyperLoad Instant Support Intel® Extreme Graphics Driver IntelliMover Data Transfer Demo InterVideo WinDVD Player iTunes J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.1_02 Java Web Start Learn2 Player (Uninstall Only) LimeWire 4.12.11 Macromedia Shockwave Player Memories Disc Creator 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Standard for Students and Teachers Microsoft Visual J# .NET Redistributable Package 1.1 Mozilla Firefox (2.0.0.6) MSXML 4.0 SP2 (KB936181) Musicmatch® Jukebox Network Play System (Patching) NoAdware v4.0 NVIDIA Windows 2000/XP Display Drivers OmniPass overland Pure Networks Port Magic QuickTime QuickTime Alternative 1.70 RealPlayer RecordNow! S3Display S3Gamma2 S3Info2 S3Overlay Safety and Security Center Uninstaller SBC Self Support Tool SBC Yahoo! DSL Home Networking Installer Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926247) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Shockwave Slyder from Compaq (remove only) Sonic Update Manager STX from Compaq (remove only) The Sims Online Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) USB Driver Viewpoint Manager (Remove Only) Viewpoint Media Player Viewpoint Toolbar Weblink Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Player 10 Windows Sasser Worm Removal Tool (KB841720) Windows SR 2.0 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885295 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinRAR archiver WinZip Let me download ComboFix, and I'll have that to you within an hour.

Chase View Member Profile	Sep 10 2007, 08:48 PM Post #4
Authentic Member Group: Authentic Member Posts: 74 Joined: 1-August 07 From: Houston, Texas Member No.: 71,815 Operating System: XP	Here's my ComboFix Log: ComboFix 07-09-10.6 - "Owner" 2007-09-10 21:39:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.102 [GMT -5:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\Owner\APPLIC~1\winantiviruspro2007freeinstall[1].exe C:\WA7P C:\WINDOWS\NDNuninstall5_48.exe C:\WINDOWS\NDNuninstall5_64.exe C:\WINDOWS\NDNuninstall6_10.exe C:\WINDOWS\NDNuninstall6_22.exe D:\Autorun.inf ((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 ))))))))))))))))))))))))))))))) . 2007-09-10 21:38 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-09 20:37 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR 2007-08-24 03:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-08-11 02:36 <DIR> d-------- C:\Program Files\The Sims Online (TC3) 2007-08-10 20:18 <DIR> d-------- C:\Program Files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-10 19:57 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\McAfee.com Personal Firewall 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-20 23:39 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-20 23:39 --------- d-------- C:\Program Files\2Wire 2007-07-10 22:50 --------- d-------- C:\Program Files\Maxis 2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02833E71-76FD-21D7-31CF-3DF95B3F438B}] 2002-08-29 07:00 217640 --a------ C:\WINDOWS\System32\hdbhqkyw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15493A03-4322-1FBD-355C-E9E997D6970A}] C:\WINDOWS\system32\oatkdzzv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27737FFC-7A59-3D2E-FBA7-3F56A7938E11}] C:\WINDOWS\System32\cljrajvn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{358AE56B-D804-31C3-15BC-85F7CFB7F7BC}] C:\WINDOWS\System32\mhaawlye.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43A3BAB5-E85D-4A9E-80F0-67F9DB3AE8FC}] 2004-12-10 18:41 98816 --a------ C:\WINDOWS\system32\qikhv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18] "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01] "nwiz"="nwiz.exe" [2003-05-03 01:19 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 01:19] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50] "WebScan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [] "ashMaiSv"="C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe" [2006-09-25 19:52] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 16:51] "qikhvc"="C:\WINDOWS\system32\qikhvc.exe" [] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE] "3FrS35g"="hostopl.exe" [] "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-05-09 15:32] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-20 21:18] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 05:52] "AOLSPScheduler"="C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [2007-01-25 16:34] "sscRun"="C:\Program Files\Common Files\AOL\1100823383\ee\SSCRun.exe" [2007-01-25 16:34] "OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2006-07-28 12:43] "EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2006-07-28 11:43] "MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 15:05] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-23 08:59] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "NVIEW"="nview.dll,nViewLoadHook" [] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-10-26 22:21] "Io02RRM3V"="hdbedit.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56] "AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-01-23 06:40] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04] SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-01-14 11:06:17] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-05-09 11:37:12] C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\ mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14] C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\ 2WireSetup.lnk - C:\Program Files\2Wire\WebWorks.exe [2007-07-20 23:39:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-09-02 11:56:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-10 21:44:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2007-09-10 21:46:51 C:\ComboFix-quarantined-files.txt ... 2007-09-10 21:46 . --- E O F ---

__RiP_ChAiN_ View Member Profile	Sep 10 2007, 08:58 PM Post #5
GeekU Teacher Group: Visiting Teacher Posts: 142 Joined: 28-December 05 From: U.S.A Member No.: 47,160 Operating System: Windows Vista x64/x86 Ultimate/Windows XP Professional SP2	Please post a new HijackThis log, as well.

Chase View Member Profile	Sep 10 2007, 09:05 PM Post #6
Authentic Member Group: Authentic Member Posts: 74 Joined: 1-August 07 From: Houston, Texas Member No.: 71,815 Operating System: XP	Here you go: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:05:35 PM, on 9/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\1100823383\ee\SSCEvtHdlr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Common Files\AOL\1100823383\ee\aolsoftware.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\program files\common files\aol\1100823383\ee\anotify.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG09.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02833E71-76FD-21D7-31CF-3DF95B3F438B} - C:\WINDOWS\System32\hdbhqkyw.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {15493A03-4322-1FBD-355C-E9E997D6970A} - C:\WINDOWS\system32\oatkdzzv.dll (file missing) O2 - BHO: (no name) - {27737FFC-7A59-3D2E-FBA7-3F56A7938E11} - C:\WINDOWS\System32\cljrajvn.dll (file missing) O2 - BHO: (no name) - {358AE56B-D804-31C3-15BC-85F7CFB7F7BC} - C:\WINDOWS\System32\mhaawlye.dll (file missing) O2 - BHO: SDWin32 Class - {43A3BAB5-E85D-4A9E-80F0-67F9DB3AE8FC} - C:\WINDOWS\system32\qikhv.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: FunBar - {2CA511C5-C677-4e33-A018-EADF07E08299} - C:\DOCUME~1\Owner\Desktop\FUNBAR~1.01\funbar.dll (file missing) O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [qikhvc] C:\WINDOWS\system32\qikhvc.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [3FrS35g] hostopl.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100823383\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Io02RRM3V] hdbedit.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - http://www.michyland.com/Xmas/WallPaper/SantasWorkshop.jpg O24 - Desktop Component 1: (no name) - http://www.endymion.org/images/leann_rimes.jpg -- End of file - 14579 bytes

__RiP_ChAiN_ View Member Profile	Sep 10 2007, 09:13 PM Post #7
GeekU Teacher Group: Visiting Teacher Posts: 142 Joined: 28-December 05 From: U.S.A Member No.: 47,160 Operating System: Windows Vista x64/x86 Ultimate/Windows XP Professional SP2	Hello Chase, Using Add Or Remove Programs remove the following entries (if present): (To get into add Or Remove Programs press the START button > Control Panel > Add Or Remove Programs.) LimeWire 4.12.11 Viewpoint Manager (Remove Only) Viewpoint Media Player Viewpoint Toolbar A. Please RUN HijackThis Click the SCAN button to produce a log. Place a check mark beside each one of the following items: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: (no name) - {02833E71-76FD-21D7-31CF-3DF95B3F438B} - C:\WINDOWS\System32\hdbhqkyw.dll O2 - BHO: (no name) - {15493A03-4322-1FBD-355C-E9E997D6970A} - C:\WINDOWS\system32\oatkdzzv.dll (file missing) O2 - BHO: (no name) - {27737FFC-7A59-3D2E-FBA7-3F56A7938E11} - C:\WINDOWS\System32\cljrajvn.dll (file missing) O2 - BHO: (no name) - {358AE56B-D804-31C3-15BC-85F7CFB7F7BC} - C:\WINDOWS\System32\mhaawlye.dll (file missing) O2 - BHO: SDWin32 Class - {43A3BAB5-E85D-4A9E-80F0-67F9DB3AE8FC} - C:\WINDOWS\system32\qikhv.dll O4 - HKLM\..\Run: [qikhvc] C:\WINDOWS\system32\qikhvc.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [3FrS35g] hostopl.exe O4 - HKCU\..\Run: [Io02RRM3V] hdbedit.exe O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O22 - SharedTaskScheduler: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file) Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window. B. 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: QUOTE File:: C:\WINDOWS\System32\hdbhqkyw.dll C:\WINDOWS\system32\qikhv.dll C:\WINDOWS\system32\qikhvc.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\hostopl.exe C:\WINDOWS\system32\hdbedit.exe: 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log.

Chase View Member Profile	Sep 10 2007, 10:05 PM Post #8
Authentic Member Group: Authentic Member Posts: 74 Joined: 1-August 07 From: Houston, Texas Member No.: 71,815 Operating System: XP	ComboFix Log: ComboFix 07-09-10.6 - "Owner" 2007-09-10 22:49:18.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.65 [GMT -5:00] Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\System32\hdbhqkyw.dll C:\WINDOWS\system32\qikhv.dll C:\WINDOWS\system32\qikhvc.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\hostopl.exe C:\WINDOWS\system32\hdbedit.exe: . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\qikhv.dll ((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 ))))))))))))))))))))))))))))))) . 2007-09-10 22:37 16 --a------ C:\WINDOWS\system32\hiwinnager.dat 2007-09-10 21:38 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-09 20:37 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR 2007-08-24 03:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-08-11 02:36 <DIR> d-------- C:\Program Files\The Sims Online (TC3) 2007-08-10 20:18 <DIR> d-------- C:\Program Files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-10 22:37 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint 2007-09-10 22:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint 2007-09-10 22:36 --------- d-------- C:\Program Files\Viewpoint 2007-08-10 19:57 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\McAfee.com Personal Firewall 2007-07-20 23:39 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-20 23:39 --------- d-------- C:\Program Files\2Wire 2007-07-10 22:50 --------- d-------- C:\Program Files\Maxis 2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((( snapshot_2007-09-10_214537.37 ))))))))))))))))))))))))))))))))))))))))) . ----atw 16,384 2007-09-11 03:58:22 C:\WINDOWS\Temp\Perflib_Perfdata_654.dat . ----atw 16,384 2007-04-07 19:51:51 C:\WINDOWS\Temp\Perflib_Perfdata_654.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18] "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01] "nwiz"="nwiz.exe" [2003-05-03 01:19 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 01:19] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50] "WebScan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [] "ashMaiSv"="C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe" [2006-09-25 19:52] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 16:51] "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-05-09 15:32] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-20 21:18] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 05:52] "AOLSPScheduler"="C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [2007-01-25 16:34] "sscRun"="C:\Program Files\Common Files\AOL\1100823383\ee\SSCRun.exe" [2007-01-25 16:34] "OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2006-07-28 12:43] "EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2006-07-28 11:43] "MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 15:05] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-23 08:59] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "NVIEW"="nview.dll,nViewLoadHook" [] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-10-26 22:21] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56] "AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-01-23 06:40] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04] SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-01-14 11:06:17] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-05-09 11:37:12] C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\ mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14] C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\ 2WireSetup.lnk - C:\Program Files\2Wire\WebWorks.exe [2007-07-20 23:39:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL . Contents of the 'Scheduled Tasks' folder "2007-09-02 11:56:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-10 22:58:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . Completion time: 2007-09-10 23:03:52 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-10 23:03 C:\ComboFix2.txt ... 2007-09-10 21:46 . --- E O F --- HijackThis Log**: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:43 PM, on 9/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\AOL\1100823383\ee\aolsoftware.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\AOL 9.0\waol.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Common Files\AOL\1100823383\ee\SSCEvtHdlr.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AOL 9.0\shellmon.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: FunBar - {2CA511C5-C677-4e33-A018-EADF07E08299} - C:\DOCUME~1\Owner\Desktop\FUNBAR~1.01\funbar.dll (file missing) O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100823383\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O24 - Desktop Component 0: (no name) - http://www.michyland.com/Xmas/WallPaper/SantasWorkshop.jpg O24 - Desktop Component 1: (no name) - http://www.endymion.org/images/leann_rimes.jpg -- End of file - 12174 bytes

__RiP_ChAiN_ View Member Profile	Sep 11 2007, 10:22 AM Post #9
GeekU Teacher Group: Visiting Teacher Posts: 142 Joined: 28-December 05 From: U.S.A Member No.: 47,160 Operating System: Windows Vista x64/x86 Ultimate/Windows XP Professional SP2	Hello Chase, A. Please RUN HijackThis Click the SCAN button to produce a log. Place a check mark beside each one of the following items: O24 - Desktop Component 0: (no name) - http://www.michyland.com/Xmas/WallPaper/SantasWorkshop.jpg O24 - Desktop Component 1: (no name) - http://www.endymion.org/images/leann_rimes.jpg Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window. B. 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: QUOTE File:: C:\WINDOWS\system32\hiwinnager.dat: 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log.

Chase View Member Profile	Sep 11 2007, 06:15 PM Post #10
Authentic Member Group: Authentic Member Posts: 74 Joined: 1-August 07 From: Houston, Texas Member No.: 71,815 Operating System: XP	Here's my ComboFix Log: ComboFix 07-09-10.6 - "Owner" 2007-09-11 19:07:25.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.120 [GMT -5:00] * Created a new restore point FILE:: C:\WINDOWS\system32\hiwinnager.dat: . ((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 ))))))))))))))))))))))))))))))) . 2007-09-10 22:37 16 --a------ C:\WINDOWS\system32\hiwinnager.dat 2007-09-10 21:38 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-09 20:37 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR 2007-08-24 03:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-08-11 02:36 <DIR> d-------- C:\Program Files\The Sims Online (TC3) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-10 22:37 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint 2007-09-10 22:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint 2007-09-10 22:36 --------- d-------- C:\Program Files\Viewpoint 2007-08-10 20:18 --------- d-------- C:\Program Files\Trend Micro 2007-08-10 19:57 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\McAfee.com Personal Firewall 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-20 23:39 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-20 23:39 --------- d-------- C:\Program Files\2Wire 2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((( snapshot_2007-09-10_214537.37 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 53,640 2007-09-11 04:02:54 C:\WINDOWS\system32\perfc009.dat ----a-w 382,022 2007-09-11 04:02:54 C:\WINDOWS\system32\perfh009.dat ----atw 16,384 2007-09-11 03:58:22 C:\WINDOWS\Temp\Perflib_Perfdata_654.dat . ----a-w 53,640 2007-04-03 03:53:29 C:\WINDOWS\system32\perfc009.dat ----a-w 382,022 2007-04-03 03:53:30 C:\WINDOWS\system32\perfh009.dat ----atw 16,384 2007-04-07 19:51:51 C:\WINDOWS\Temp\Perflib_Perfdata_654.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18] "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01] "nwiz"="nwiz.exe" [2003-05-03 01:19 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 01:19] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50] "WebScan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [] "ashMaiSv"="C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe" [] "HostManager"="C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe" [2006-09-25 19:52] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 16:51] "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-05-09 15:32] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-20 21:18] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 05:52] "AOLSPScheduler"="C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [2007-01-25 16:34] "sscRun"="C:\Program Files\Common Files\AOL\1100823383\ee\SSCRun.exe" [2007-01-25 16:34] "OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2006-07-28 12:43] "EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2006-07-28 11:43] "MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 15:05] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-23 08:59] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "NVIEW"="nview.dll,nViewLoadHook" [] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-10-26 22:21] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56] "AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-01-23 06:40] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04] SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-01-14 11:06:17] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-05-09 11:37:12] C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\ mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14] C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\ 2WireSetup.lnk - C:\Program Files\2Wire\WebWorks.exe [2007-07-20 23:39:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL . Contents of the 'Scheduled Tasks' folder "2007-09-02 11:56:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-11 19:11:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . Completion time: 2007-09-11 19:14:34 C:\ComboFix-quarantined-files.txt ... 2007-09-11 19:13 C:\ComboFix2.txt ... 2007-09-10 23:03 C:\ComboFix3.txt ... 2007-09-10 21:46 . --- E O F --- I'll post the HijackThis Log following this post.**

Chase View Member Profile	Sep 11 2007, 06:16 PM Post #11
Authentic Member Group: Authentic Member Posts: 74 Joined: 1-August 07 From: Houston, Texas Member No.: 71,815 Operating System: XP	Here's my HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:16:34 PM, on 9/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\AOL 9.0\waol.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Common Files\AOL\1100823383\ee\SSCEvtHdlr.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\1100823383\ee\aolsoftware.exe c:\program files\common files\aol\1100823383\ee\anotify.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: FunBar - {2CA511C5-C677-4e33-A018-EADF07E08299} - C:\DOCUME~1\Owner\Desktop\FUNBAR~1.01\funbar.dll (file missing) O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100823383\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 11993 bytes

__RiP_ChAiN_ View Member Profile	Sep 13 2007, 12:33 AM Post #12
GeekU Teacher Group: Visiting Teacher Posts: 142 Joined: 28-December 05 From: U.S.A Member No.: 47,160 Operating System: Windows Vista x64/x86 Ultimate/Windows XP Professional SP2	Hello Chase, Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Please download OTMoveIt by Oldtimer and save it to your desktop. Run ATF Cleaner: Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Run OTMoveIt: Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\system32\hiwinnager.dat Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply. Close OTMoveIt (If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.) Click the red Moveit! button. Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum. Reboot into Normal Mode. In your next reply please include the following: A new Hijackthis log. The OTMoveIt log.

Chase View Member Profile	Sep 13 2007, 03:01 PM Post #13
Authentic Member Group: Authentic Member Posts: 74 Joined: 1-August 07 From: Houston, Texas Member No.: 71,815 Operating System: XP	OTMoveIt Results: C:\WINDOWS\system32\hiwinnager.dat moved successfully. Created on 09/13/2007 15:59:29 HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:01:29 PM, on 9/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\1100823383\ee\SSCEvtHdlr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\Program Files\Common Files\AOL\1100823383\ee\aolsoftware.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = home.netscape.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: FunBar - {2CA511C5-C677-4e33-A018-EADF07E08299} - C:\DOCUME~1\Owner\Desktop\FUNBAR~1.01\funbar.dll (file missing) O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100823383\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1100823383\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1100823383\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 12705 bytes

__RiP_ChAiN_ View Member Profile	Sep 13 2007, 06:34 PM Post #14
GeekU Teacher Group: Visiting Teacher Posts: 142 Joined: 28-December 05 From: U.S.A Member No.: 47,160 Operating System: Windows Vista x64/x86 Ultimate/Windows XP Professional SP2	Hello Chase, Using Windows Explorer delete the following folders (if present): (To get into Windows Explorer, right click the START button and select "explore.") C:\Qoobox Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

« Next Oldest · Infections Removal · Next Newest »

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 22nd March 2010 - 01:59 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy