Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Computer Running Extremely Slow And Crashing


  • This topic is locked This topic is locked
11 replies to this topic

#1 Kas0988

Kas0988

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 19 August 2007 - 02:17 PM

I can barely even get to this site without IE crashing. Here is the log file:

Logfile of HijackThis v1.99.1
Scan saved at 3:16:15 PM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\jjimlwmy.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.co...c4bf0163_35.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...096/mcfscan.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 21 August 2007 - 07:48 PM

Hello and Welcome to the forum.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Open the HijackThis Folder. Find the file HijackThis.exe, Right Click on the file and Select Rename. Rename Hijackthis.exe to Spyware.exe.

Post a new HijackThis Log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 Kas0988

Kas0988

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 22 August 2007 - 03:59 PM

Done. Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 4:58:05 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\Spyware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {24AD2375-F591-48FE-8AFA-21DE7CB48D67} - C:\WINDOWS\System32\ssttu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\pmuytghe.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\fcccbyw.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\yoqgqgeu.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.co...c4bf0163_35.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...096/mcfscan.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: fcccbyw - fcccbyw.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: ssttu - C:\WINDOWS\System32\ssttu.dll
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 August 2007 - 04:02 PM

Now we can see some of the bad guys :thumbup:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you, combofix.txt. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 Kas0988

Kas0988

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 24 August 2007 - 04:29 PM

Sorry it's taken so long to get back. I got caught up in some other business ;). Anyways, here is the Combofix Log:

ComboFix 07-08-17.2 - "Owner" 2007-08-24 7:40:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.102 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\abixgtlx.dll
C:\WINDOWS\system32\asqsjlws.dll
C:\WINDOWS\system32\aynbskrv.dll
C:\WINDOWS\system32\bevksbfw.dll
C:\WINDOWS\system32\bsssaeap.ini
C:\WINDOWS\system32\btrlksqk.dll
C:\WINDOWS\system32\ckvlmxgu.dll
C:\WINDOWS\system32\cmiiwdbk.dll
C:\WINDOWS\system32\csytvswi.ini
C:\WINDOWS\system32\dkucxise.ini
C:\WINDOWS\system32\dxgftkjk.dll
C:\WINDOWS\system32\edoidjpg.ini
C:\WINDOWS\system32\eebdpjgo.ini
C:\WINDOWS\system32\eptycqgj.dll
C:\WINDOWS\system32\esixcukd.dll
C:\WINDOWS\system32\fckeqfnr.dll
C:\WINDOWS\system32\fcwsuirj.ini
C:\WINDOWS\system32\flccmvko.dll
C:\WINDOWS\system32\fmafaftt.ini
C:\WINDOWS\system32\ftafbvdi.dll
C:\WINDOWS\system32\gfxkflqk.ini
C:\WINDOWS\system32\gpjdiode.dll
C:\WINDOWS\system32\iagnhnyq.ini
C:\WINDOWS\system32\idvbfatf.ini
C:\WINDOWS\system32\iwsvtysc.dll
C:\WINDOWS\system32\jjimlwmy.dll
C:\WINDOWS\system32\jriuswcf.dll
C:\WINDOWS\system32\jtngtkmy.dll
C:\WINDOWS\system32\jxectmvq.ini
C:\WINDOWS\system32\kbdwiimc.ini
C:\WINDOWS\system32\kjktfgxd.ini
C:\WINDOWS\system32\kmkxkxis.dll
C:\WINDOWS\system32\kqlfkxfg.dll
C:\WINDOWS\system32\kqsklrtb.ini
C:\WINDOWS\system32\laowvvnn.dll
C:\WINDOWS\system32\lbbtkody.ini
C:\WINDOWS\system32\lucgamds.dll
C:\WINDOWS\system32\lxnsloht.ini
C:\WINDOWS\system32\mcljuvcx.ini
C:\WINDOWS\system32\mcsjmdcu.ini
C:\WINDOWS\system32\mhiuvvjx.dll
C:\WINDOWS\system32\mqpyeigx.ini
C:\WINDOWS\system32\ncbqtunv.ini
C:\WINDOWS\system32\ndettvrn.dll
C:\WINDOWS\system32\nfxmghho.dll
C:\WINDOWS\system32\nnvvwoal.ini
C:\WINDOWS\system32\nrvttedn.ini
C:\WINDOWS\system32\ogjpdbee.dll
C:\WINDOWS\system32\ohhgmxfn.ini
C:\WINDOWS\system32\okvmcclf.ini
C:\WINDOWS\system32\paeasssb.dll
C:\WINDOWS\system32\pfuljujt.ini
C:\WINDOWS\system32\pmuytghe.dll
C:\WINDOWS\system32\pyxjvcqq.dll
C:\WINDOWS\system32\qlmyraou.dll
C:\WINDOWS\system32\qqcvjxyp.ini
C:\WINDOWS\system32\qvmtcexj.dll
C:\WINDOWS\system32\qynhngai.dll
C:\WINDOWS\system32\rgnjrspw.ini
C:\WINDOWS\system32\rnfqekcf.ini
C:\WINDOWS\system32\rsrewtbt.ini
C:\WINDOWS\system32\sdmagcul.ini
C:\WINDOWS\system32\sixkxkmk.ini
C:\WINDOWS\system32\sptkcdsv.ini
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\swljsqsa.ini
C:\WINDOWS\system32\tbtwersr.dll
C:\WINDOWS\system32\tholsnxl.dll
C:\WINDOWS\system32\tjujlufp.dll
C:\WINDOWS\system32\ttfafamf.dll
C:\WINDOWS\system32\ucdmjscm.dll
C:\WINDOWS\system32\uegqgqoy.ini
C:\WINDOWS\system32\ugxmlvkc.ini
C:\WINDOWS\system32\uoarymlq.ini
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\uttss.tmp
C:\WINDOWS\system32\vnutqbcn.dll
C:\WINDOWS\system32\voydakbw.ini
C:\WINDOWS\system32\vrksbnya.ini
C:\WINDOWS\system32\vsdcktps.dll
C:\WINDOWS\system32\wbkadyov.dll
C:\WINDOWS\system32\wfbskveb.ini
C:\WINDOWS\system32\winzdn32.dll
C:\WINDOWS\system32\wpsrjngr.dll
C:\WINDOWS\system32\xcvujlcm.dll
C:\WINDOWS\system32\xgieypqm.dll
C:\WINDOWS\system32\xjvvuihm.ini
C:\WINDOWS\system32\xltgxiba.ini
C:\WINDOWS\system32\ydoktbbl.dll
C:\WINDOWS\system32\ymktgntj.ini
C:\WINDOWS\system32\ymwlmijj.ini
C:\WINDOWS\system32\yoqgqgeu.dll
D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))


2007-08-24 07:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-20 15:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Motive
2007-08-20 12:41 <DIR> d-------- C:\WINDOWS\wt
2007-08-19 21:25 119,545 --a------ C:\WINDOWS\system32\ohvcdhhf.dll
2007-08-19 12:44 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-08-17 14:09 1,294,336 --a------ C:\WINDOWS\system32\MGIIpl2A6.dll
2007-08-17 14:09 1,261,568 --a------ C:\WINDOWS\system32\MGIIpl2M6.dll
2007-08-17 14:09 1,228,800 --a------ C:\WINDOWS\system32\MGIIpl2M5.dll
2007-08-17 14:09 1,105,920 --a------ C:\WINDOWS\system32\MGIIpl2P6.dll
2007-08-17 14:09 1,052,672 --a------ C:\WINDOWS\system32\MGIIpl2P5.dll
2007-08-17 14:08 71,168 --a------ C:\WINDOWS\system32\Camapi32.dll
2007-08-17 14:08 63,488 --a------ C:\WINDOWS\system32\PICN1111.DLL
2007-08-17 14:08 522,752 --a------ C:\WINDOWS\system32\DC120fc7_32.dll
2007-08-17 14:08 5,632 --a------ C:\WINDOWS\system32\HELLUT32.DLL
2007-08-17 14:08 45,568 --a------ C:\WINDOWS\system32\DC210.dll
2007-08-17 14:08 332,800 --a------ C:\WINDOWS\system32\FPXLIB.DLL
2007-08-17 14:08 32,768 --a------ C:\WINDOWS\system32\F210.dll
2007-08-17 14:08 29,184 --a------ C:\WINDOWS\system32\PICN11.DLL
2007-08-17 14:08 29,184 --a------ C:\WINDOWS\system32\Comm32.dll
2007-08-17 14:08 254,976 --a------ C:\WINDOWS\system32\SFWIUDLL.DLL
2007-08-17 14:08 24,576 --a------ C:\WINDOWS\system32\SFWUTS20.DLL
2007-08-17 14:08 20,480 --a------ C:\WINDOWS\system32\MGIIpl2.dll
2007-08-17 14:08 196,608 --a------ C:\WINDOWS\system32\opccli32.dll
2007-08-17 14:08 126,976 --a------ C:\WINDOWS\system32\ipubgrnd.dll
2007-08-17 14:08 122,880 --a------ C:\WINDOWS\system32\JPEGLIB.DLL
2007-08-17 14:08 122,880 --a------ C:\WINDOWS\system32\EnrouteStitch.dll
2007-08-17 14:08 1,093,632 --a------ C:\WINDOWS\system32\MGIIpl2PX.dll
2007-08-17 14:08 <DIR> d-------- C:\Program Files\MGI
2007-08-17 14:08 <DIR> d-------- C:\Program Files\Common Files\MGI Shared
2007-08-13 16:11 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-08-13 16:05 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-13 16:04 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-08-13 16:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SiteAdvisor
2007-08-13 16:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-08-13 16:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-09 11:51 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-08 21:18 <DIR> d-------- C:\WINDOWS\provisioning
2007-08-08 21:18 <DIR> d-------- C:\WINDOWS\peernet
2007-08-08 21:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-08 21:04 <DIR> d-------- C:\WINDOWS\EHome
2007-08-08 20:47 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-08-08 20:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-08 05:29 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-08-08 05:29 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-08-08 05:29 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-08-08 05:29 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-08-08 05:29 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-08-08 05:29 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-08-08 05:29 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-08-08 05:29 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-08-08 05:29 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-08-08 05:29 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-08-08 05:29 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-08-08 05:29 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-08-08 05:29 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-08-08 05:29 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-08-08 05:29 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-08-08 05:29 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-08-08 05:29 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-08-08 05:29 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-08-08 05:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-06 20:45 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ArcSoft
2007-08-05 20:21 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-08-05 20:20 <DIR> d-------- C:\Program Files\iTunes
2007-08-05 20:20 <DIR> d-------- C:\Program Files\iPod
2007-08-05 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-05 20:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-05 20:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-05 19:33 <DIR> d-------- C:\Program Files\QuickTime
2007-08-05 16:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-08-05 15:26 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ATI MMC
2007-08-03 20:14 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\X10 Commander
2007-08-03 20:07 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
2007-08-03 20:07 809,984 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-08-03 20:07 759,296 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-08-03 20:07 695,296 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-08-03 20:07 670,720 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-08-03 20:07 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-08-03 20:07 408,064 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-08-03 20:07 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
2007-08-03 20:07 286,208 --a------ C:\WINDOWS\system32\blackbox.dll
2007-08-03 20:07 259,072 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-08-03 20:07 240,640 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-08-03 20:07 237,568 --a------ C:\WINDOWS\system32\qasf.dll
2007-08-03 20:07 230,400 --a------ C:\WINDOWS\system32\wmasf.dll
2007-08-03 20:07 103,936 --a------ C:\WINDOWS\system32\logagent.exe
2007-08-03 20:07 1,050,624 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-08-03 20:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI MMC
2007-08-03 19:38 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2007-08-03 19:38 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2007-08-03 19:36 <DIR> d-------- C:\Program Files\ATI Multimedia
2007-08-03 19:33 <DIR> d-------- C:\Program Files\msaccrt
2007-08-03 19:32 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-08-03 19:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-08-03 19:31 <DIR> d-------- C:\Program Files\Windows Media Components
2007-08-03 19:28 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2007-08-03 19:28 <DIR> d-------- C:\Program Files\Common Files\ATI
2007-08-03 19:25 <DIR> d-------- C:\Program Files\ATI Technologies
2007-08-03 19:24 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-08-03 19:24 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 14:48 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-09 15:21 --------- d-------- C:\Program Files\Messenger
2007-08-09 09:17 3992 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-08-09 09:15 9546 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-08-08 21:18 --------- d-------- C:\Program Files\Movie Maker
2007-08-08 21:14 --------- d-------- C:\Program Files\Windows NT
2007-08-06 17:55 77824 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\WinVerifyTrust.dll
2007-08-06 17:55 49152 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHI18N.dll
2007-08-06 17:55 159744 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHButton.exe
2007-08-06 17:55 126976 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\ContentUpdater.exe
2007-08-06 17:55 122880 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\SearchCtrl.dll
2007-08-06 17:55 106496 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PluginCtrl.dll
2007-08-03 19:34 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-01 18:31 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Real
2007-08-01 17:56 --------- d-------- C:\Program Files\MUSICMATCH
2007-08-01 17:38 --------- d-------- C:\Program Files\Easy Internet signup
2007-08-01 17:03 --------- d-------- C:\Program Files\Quicken
2007-08-01 16:07 --------- d--h----- C:\Program Files\WindowsUpdate
2007-08-01 15:48 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-01 15:48 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-01 15:48 --------- d-------- C:\Program Files\Symantec
2007-08-01 15:37 --------- d-------- C:\Program Files\AWS
2007-08-01 15:29 --------- d-------- C:\Program Files\ArcSoft
2007-08-01 12:44 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-01 12:33 3610 -rahs---- C:\WINDOWS\system32\drivers\HP_DF277A-ABA 746c_YC_Pavi_QMXM327_E33NAheBLU4_4_IMS-6577_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.20_T030519_WXH1_L409_M504_J80_7Intel_8Pentium 4_92.4_1103300F2_N10EC8139_P_Z11C1044C_K_A808624C5_U808624C2_G80862562.MRK
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}]
C:\WINDOWS\system32\fcccbyw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 14:51]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 09:27]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 19:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 01:36]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-03-18 03:50]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 21:05]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-26 00:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 14:55]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 20:10]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 21:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-05 19:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 19:14]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 10:42]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2002-09-27 14:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 21:22]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 05:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}"= C:\WINDOWS\system32\fcccbyw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccbyw]
fcccbyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

S3 PCDRDRV;Pcdr Helper Driver;\??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-08-18 15:15:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-08 10:23:08 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 10:47:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-24 10:53:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-24 10:53

--- E O F ---







And here is the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:28:54 PM, on 8/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\Spyware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\fcccbyw.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.co...c4bf0163_35.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...096/mcfscan.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: fcccbyw - fcccbyw.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 24 August 2007 - 04:46 PM

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\fcccbyw.dll
C:\WINDOWS\wt\updater\wcmdmgrl.exe

Folder::
C:\WINDOWS\wt\updater
C:\WINDOWS\wt

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wcmdmgr"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E4EEFFED-93CD-4CF0-A0F3-50D139121FEE}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccbyw]


Save this as Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 Kas0988

Kas0988

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 24 August 2007 - 05:39 PM

The computer seems to be improving. I haven't had a popup since I ran Combofix the first time. The only problem I see is that Combofix never fixed the time clock back from military to standard. Here's the log:

ComboFix 07-08-17.2 - "Owner" 2007-08-24 18:15:06.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.237 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\fcccbyw.dll
C:\WINDOWS\wt\updater\wcmdmgrl.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\wt
C:\WINDOWS\wt\backup\1.6.0.037\_privacy.txt
C:\WINDOWS\wt\backup\1.6.0.037\info.txt
C:\WINDOWS\wt\backup\1.6.0.037\stopwcmdr.bat
C:\WINDOWS\wt\backup\1.6.0.037\updatenow.bat
C:\WINDOWS\wt\backup\1.6.0.037\wcmdmgr.exe
C:\WINDOWS\wt\backup\1.6.0.037\wcmdmgrl.exe
C:\WINDOWS\wt\backup\1.6.0.037\wtcpl.cpl
C:\WINDOWS\wt\backup\1.6.0.037\wtisa.dll
C:\WINDOWS\wt\data.wts
C:\WINDOWS\wt\info.txt
C:\WINDOWS\wt\updater
C:\WINDOWS\wt\updater\_privacy.txt
C:\WINDOWS\wt\updater\data.wts
C:\WINDOWS\wt\updater\stopwcmdr.bat
C:\WINDOWS\wt\updater\updatenow.bat
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\wt\updater\wcmdmgrl.exe
C:\WINDOWS\wt\updater\wt.ini
C:\WINDOWS\wt\updater\wtisa.dll
C:\WINDOWS\wt\updater\wtlog.txt
C:\WINDOWS\wt\WDInUsePlugin.dll
C:\WINDOWS\wt\webdriver.dll
C:\WINDOWS\wt\webdriver\actorobject.dll
C:\WINDOWS\wt\webdriver\dx5drv.dll
C:\WINDOWS\wt\webdriver\dx7drv.dll
C:\WINDOWS\wt\webdriver\export.dat
C:\WINDOWS\wt\webdriver\objectbundle.dll
C:\WINDOWS\wt\webdriver\rdriver.dll
C:\WINDOWS\wt\webdriver\sound.dll
C:\WINDOWS\wt\webdriver\wdcaps.ded
C:\WINDOWS\wt\webdriver\wdengine.dll
C:\WINDOWS\wt\webdriver\webdriver.dll
C:\WINDOWS\wt\webdriver\wildtangent.jar
C:\WINDOWS\wt\webdriver\wthost.exe
C:\WINDOWS\wt\webdriver\wthostctl.dll
C:\WINDOWS\wt\webdriver\wtmulti.dll
C:\WINDOWS\wt\webdriver\wtmulti.jar
C:\WINDOWS\wt\webdriver\wtwmplug.ax
C:\WINDOWS\wt\webdriver\wtwmplug.ini
C:\WINDOWS\wt\wt3d.dll
C:\WINDOWS\wt\wt3d.ini
C:\WINDOWS\wt\wtgutils\wtgutils.dll
C:\WINDOWS\wt\wtgutils\wtgutils.jar
C:\WINDOWS\wt\wtupdates\wtupdater\appinfo.dat
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\actorobject.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\dx5drv.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\dx7drv.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\legacy\data.wts
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\legacy\webdriver.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\legacy\wt3d.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwtplug.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\nsiwthostplugin.xpt
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\objectbundle.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\rdriver.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\sound.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wdcaps.ded
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wdengine.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\webdriver.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wildtangent.jar
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wthost.exe
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wthost.jar
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wthostctl.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtmulti.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtmulti.jar
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtwmplug.ax
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtwmplug.ini
C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts
C:\WINDOWS\wt\wtvh.dll


((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))


2007-08-24 07:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-20 15:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Motive
2007-08-19 21:25 119,545 --a------ C:\WINDOWS\system32\ohvcdhhf.dll
2007-08-19 12:44 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-08-17 14:09 1,294,336 --a------ C:\WINDOWS\system32\MGIIpl2A6.dll
2007-08-17 14:09 1,261,568 --a------ C:\WINDOWS\system32\MGIIpl2M6.dll
2007-08-17 14:09 1,228,800 --a------ C:\WINDOWS\system32\MGIIpl2M5.dll
2007-08-17 14:09 1,105,920 --a------ C:\WINDOWS\system32\MGIIpl2P6.dll
2007-08-17 14:09 1,052,672 --a------ C:\WINDOWS\system32\MGIIpl2P5.dll
2007-08-17 14:08 71,168 --a------ C:\WINDOWS\system32\Camapi32.dll
2007-08-17 14:08 63,488 --a------ C:\WINDOWS\system32\PICN1111.DLL
2007-08-17 14:08 522,752 --a------ C:\WINDOWS\system32\DC120fc7_32.dll
2007-08-17 14:08 5,632 --a------ C:\WINDOWS\system32\HELLUT32.DLL
2007-08-17 14:08 45,568 --a------ C:\WINDOWS\system32\DC210.dll
2007-08-17 14:08 332,800 --a------ C:\WINDOWS\system32\FPXLIB.DLL
2007-08-17 14:08 32,768 --a------ C:\WINDOWS\system32\F210.dll
2007-08-17 14:08 29,184 --a------ C:\WINDOWS\system32\PICN11.DLL
2007-08-17 14:08 29,184 --a------ C:\WINDOWS\system32\Comm32.dll
2007-08-17 14:08 254,976 --a------ C:\WINDOWS\system32\SFWIUDLL.DLL
2007-08-17 14:08 24,576 --a------ C:\WINDOWS\system32\SFWUTS20.DLL
2007-08-17 14:08 20,480 --a------ C:\WINDOWS\system32\MGIIpl2.dll
2007-08-17 14:08 196,608 --a------ C:\WINDOWS\system32\opccli32.dll
2007-08-17 14:08 126,976 --a------ C:\WINDOWS\system32\ipubgrnd.dll
2007-08-17 14:08 122,880 --a------ C:\WINDOWS\system32\JPEGLIB.DLL
2007-08-17 14:08 122,880 --a------ C:\WINDOWS\system32\EnrouteStitch.dll
2007-08-17 14:08 1,093,632 --a------ C:\WINDOWS\system32\MGIIpl2PX.dll
2007-08-17 14:08 <DIR> d-------- C:\Program Files\MGI
2007-08-17 14:08 <DIR> d-------- C:\Program Files\Common Files\MGI Shared
2007-08-13 16:11 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-08-13 16:05 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-13 16:04 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-08-13 16:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SiteAdvisor
2007-08-13 16:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-08-13 16:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-09 11:51 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-08 21:18 <DIR> d-------- C:\WINDOWS\provisioning
2007-08-08 21:18 <DIR> d-------- C:\WINDOWS\peernet
2007-08-08 21:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-08 21:04 <DIR> d-------- C:\WINDOWS\EHome
2007-08-08 20:47 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-08-08 20:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-08 05:29 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-08-08 05:29 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-08-08 05:29 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-08-08 05:29 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-08-08 05:29 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-08-08 05:29 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-08-08 05:29 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-08-08 05:29 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-08-08 05:29 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-08-08 05:29 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-08-08 05:29 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-08-08 05:29 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-08-08 05:29 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-08-08 05:29 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-08-08 05:29 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-08-08 05:29 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-08-08 05:29 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-08-08 05:29 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-08-08 05:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-06 20:45 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ArcSoft
2007-08-05 20:21 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-08-05 20:20 <DIR> d-------- C:\Program Files\iTunes
2007-08-05 20:20 <DIR> d-------- C:\Program Files\iPod
2007-08-05 20:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-05 20:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-05 20:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-05 19:33 <DIR> d-------- C:\Program Files\QuickTime
2007-08-05 16:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-08-05 15:26 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ATI MMC
2007-08-03 20:14 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\X10 Commander
2007-08-03 20:07 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
2007-08-03 20:07 809,984 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-08-03 20:07 759,296 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-08-03 20:07 695,296 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-08-03 20:07 670,720 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-08-03 20:07 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-08-03 20:07 408,064 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-08-03 20:07 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
2007-08-03 20:07 286,208 --a------ C:\WINDOWS\system32\blackbox.dll
2007-08-03 20:07 259,072 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-08-03 20:07 240,640 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-08-03 20:07 237,568 --a------ C:\WINDOWS\system32\qasf.dll
2007-08-03 20:07 230,400 --a------ C:\WINDOWS\system32\wmasf.dll
2007-08-03 20:07 103,936 --a------ C:\WINDOWS\system32\logagent.exe
2007-08-03 20:07 1,050,624 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-08-03 20:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI MMC
2007-08-03 19:38 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2007-08-03 19:38 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2007-08-03 19:36 <DIR> d-------- C:\Program Files\ATI Multimedia
2007-08-03 19:33 <DIR> d-------- C:\Program Files\msaccrt
2007-08-03 19:32 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-08-03 19:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-08-03 19:31 <DIR> d-------- C:\Program Files\Windows Media Components
2007-08-03 19:28 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2007-08-03 19:28 <DIR> d-------- C:\Program Files\Common Files\ATI
2007-08-03 19:25 <DIR> d-------- C:\Program Files\ATI Technologies
2007-08-03 19:24 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-08-03 19:24 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-08-03 19:24 131,072 -ra------ C:\WINDOWS\system32\ATIDEMGR.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-24 15:55 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-09 15:21 --------- d-------- C:\Program Files\Messenger
2007-08-09 09:17 3992 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-08-09 09:15 9546 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-08-08 21:18 --------- d-------- C:\Program Files\Movie Maker
2007-08-08 21:14 --------- d-------- C:\Program Files\Windows NT
2007-08-06 17:55 77824 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\WinVerifyTrust.dll
2007-08-06 17:55 49152 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHI18N.dll
2007-08-06 17:55 159744 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHButton.exe
2007-08-06 17:55 126976 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\ContentUpdater.exe
2007-08-06 17:55 122880 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\SearchCtrl.dll
2007-08-06 17:55 106496 --a------ C:\WINDOWS\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PluginCtrl.dll
2007-08-03 19:34 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-01 18:31 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Real
2007-08-01 17:56 --------- d-------- C:\Program Files\MUSICMATCH
2007-08-01 17:38 --------- d-------- C:\Program Files\Easy Internet signup
2007-08-01 17:03 --------- d-------- C:\Program Files\Quicken
2007-08-01 16:07 --------- d--h----- C:\Program Files\WindowsUpdate
2007-08-01 15:48 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-01 15:48 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-01 15:48 --------- d-------- C:\Program Files\Symantec
2007-08-01 15:37 --------- d-------- C:\Program Files\AWS
2007-08-01 15:29 --------- d-------- C:\Program Files\ArcSoft
2007-08-01 12:44 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-01 12:33 3610 -rahs---- C:\WINDOWS\system32\drivers\HP_DF277A-ABA 746c_YC_Pavi_QMXM327_E33NAheBLU4_4_IMS-6577_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.20_T030519_WXH1_L409_M504_J80_7Intel_8Pentium 4_92.4_1103300F2_N10EC8139_P_Z11C1044C_K_A808624C5_U808624C2_G80862562.MRK
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 14:51]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 09:27]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 19:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 01:36]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-03-18 03:50]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 21:05]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-26 00:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 14:55]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 20:10]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 21:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-05 19:33]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 19:14]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 10:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 21:22]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 05:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

S3 PCDRDRV;Pcdr Helper Driver;\??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-08-18 15:15:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-08 10:23:08 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 18:25:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-24 18:32:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-24 18:32
C:\ComboFix2.txt ... 2007-08-24 10:53

--- E O F ---

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 24 August 2007 - 06:11 PM

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 Kas0988

Kas0988

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 28 August 2007 - 06:52 PM

Sorry about the delay, but once again it's been a rough week. As for my computer, I am pleased to tell you it has been several days since I have seen a popup anywhere, and the system seems to be a little more stable than it was before (I can play Call of Duty). However, booting up and shutting down are extremely slow (booting up from a restart can take 5 mins). This is the only major problem I am noticing right now. Here is the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:48:24 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\Spyware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.co...c4bf0163_35.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...096/mcfscan.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 29 August 2007 - 05:11 PM

1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
WildTangent <--If listed



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.co...c4bf0163_35.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...096/mcfscan.cab

Close ALL windows and browsers except HijackThis and click "Fix checked"

Delete these Files if listed:
C:\ALCXMNTR.EXE
C:\WINDOWS\wt\updater\wcmdmgrl.exe

Delete these Folders if listed:
C:\WINDOWS\wt\updater
C:\WINDOWS\wt


Empty Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 September 2007 - 04:39 PM

How are you doing with the fix?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 09 September 2007 - 08:06 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users