WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] slow running windows xp system

Started by garbo , Oct 19 2007 04:38 PM

This topic is locked

6 replies to this topic

#1 garbo

New Member

New Member
3 posts

Posted 19 October 2007 - 04:38 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:13:35 a.m., on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\lxcccoms.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Altavista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\PROGRA~1\ALTAVI~1\ALTAVI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: Altavista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\PROGRA~1\ALTAVI~1\ALTAVI~1.DLL
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32THotkey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AltaVista Search - file://C:\Documents and Settings\Warren\Application Data\ALTAVISTA\SelectedContextSearch_AltaVista Search.htm
O8 - Extra context menu item: Translate - file://C:\Documents and Settings\Warren\Application Data\ALTAVISTA\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1172042353868
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

Advertisements

Register to Remove

#2 tallin

SuperMember

Authentic Member
2,343 posts

Posted 19 October 2007 - 06:54 PM

Welcome to WhatTheTech

I'm afraid this isn't the place for your HijackThis log.

Please read these instructions

HijackThis logs go here.

kind regards,

Moving to HJT: doug

Edited by tallin, 19 October 2007 - 10:03 PM.

Ť
Security Tips

Backup Tutorial

Help! My Computer is Slow

Windows Update Problem? Solution

#3 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 19 October 2007 - 07:32 PM

Hello and welcome to the forums

I'm not seeing anything bad in your log, but we'll see if we find anything.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you, combofix.txt. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#4 garbo

New Member

New Member
3 posts

Posted 21 October 2007 - 05:52 PM

Instructions followed and here are Logs as instructed - Many Thanks

ComboFix 07-10-20.6 - Warren 2007-10-21 21:36:25.2 - NTFSx86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Temp\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-20 20:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-20 20:37 1,525,635 --a------ C:\Temp\ComboFix.exe
2007-10-20 20:32 50,688 --a------ C:\Temp\ATF-Cleaner.exe
2007-10-20 13:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\ALTAVISTA
2007-10-20 11:08 488,144 --a------ C:\Temp\HJTsetup.exe
2007-10-20 09:46 23,876,904 --a------ C:\Temp\SkypeSetup.exe
2007-10-16 00:26 <DIR> d-------- C:\WINDOWS\system32\ebay
2007-10-15 13:18 <DIR> d-------- C:\Program Files\iPod
2007-10-15 13:17 <DIR> d-------- C:\Program Files\iTunes
2007-10-14 02:04 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-09-27 00:01 <DIR> d-------- C:\Program Files\uTorrent
2007-09-27 00:01 <DIR> d-------- C:\Documents and Settings\Warren\Application Data\uTorrent
2007-09-26 01:39 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-09-24 00:44 11,399,207 --a------ C:\Temp\SkypeBrandBook.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 08:24 --------- d-----w C:\Documents and Settings\Warren\Application Data\Skype
2007-10-20 19:50 --------- d-----w C:\Program Files\Lx_cats
2007-10-20 10:49 --------- d-----w C:\Documents and Settings\Warren\Application Data\DVD Profiler
2007-10-20 09:17 --------- d-----w C:\Program Files\DVD Profiler
2007-10-20 07:58 --------- d-----w C:\Documents and Settings\Warren\Application Data\OpenOffice.org2
2007-10-20 01:58 --------- d-----w C:\Program Files\Lexmark 3300 Series
2007-10-06 12:49 --------- d-----w C:\Program Files\Java
2007-09-25 12:37 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-09-25 08:12 --------- d-----w C:\Program Files\Apple Software Update
2007-09-10 08:59 --------- d-----w C:\Program Files\Picasa2
2007-09-09 01:28 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2007-09-09 01:07 --------- d-----w C:\Program Files\Common Files\xing shared
2007-09-09 01:07 --------- d-----w C:\Program Files\Common Files\Real
2007-09-09 01:06 --------- d-----w C:\Program Files\Real
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-02 11:27 --------- d-----w C:\Documents and Settings\Warren\Application Data\BeoMediaDatabase
2007-09-01 12:19 --------- d-----w C:\Documents and Settings\Warren\Application Data\altavista
2007-09-01 01:53 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2007-09-01 01:53 --------- d-----w C:\Program Files\Yahoo!
2007-09-01 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-09-01 00:34 --------- d-----w C:\Program Files\altavista
2007-08-26 05:49 --------- d-----w C:\Program Files\jv16 PowerTools 2007
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 07:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 07:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 07:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 07:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 07:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 07:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 07:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 07:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-03-04 21:41 532,992 ----a-w C:\Program Files\OEView.exe
2007-07-07 22:42:13 23 --sha-w C:\WINDOWS\system32\eafabdace_r.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-20_20.47.42.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 07:47:10 53,248 ----a-w C:\WINDOWS\Temp\cggmyjyb.dll
+ 2007-10-21 08:40:16 53,248 ----a-w C:\WINDOWS\Temp\cggmyjyb.dll
+ 2007-10-20 08:34:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3f0.dat
+ 2007-10-20 07:57:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"000StTHK"="000StTHK.exe" [2001-06-24 16:28 C:\WINDOWS\system32\000StTHK.exe]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2002-02-22 16:12]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-03-29 18:40]
"TFNF5"="TFNF5.exe" [2001-08-04 06:08 C:\WINDOWS\system32\TFNF5.exe]
"Drag'n Drop CD"="C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe" [2002-02-15 15:37]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2002-04-13 07:13]
"TFncKy"="TFncKy.exe" []
"Tpwrtray"="TPWRTRAY.EXE" [2002-03-20 16:38 C:\WINDOWS\system32\TPWRTRAY.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 23:06]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-02-22 00:21]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 15:19]
"WheelMouse"="Amoumain.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-07-09 17:51]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-09 03:59]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-09 14:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 22:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 05:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:56]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-09 03:59]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Warren\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoFileAssociate"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
R3 tridxp;tridxp;C:\WINDOWS\system32\DRIVERS\tridxpm.sys
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b975cc10-1329-11dc-b15b-0040b9a46700}]
AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-15 00:06:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 21:40:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-21 21:42:05
C:\ComboFix2.txt ... 2007-10-20 20:49
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 11:52:12 a.m., on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\lxcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Altavista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\PROGRA~1\ALTAVI~1\ALTAVI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: Altavista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\PROGRA~1\ALTAVI~1\ALTAVI~1.DLL
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32THotkey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AltaVista Search - file://C:\Documents and Settings\Warren\Application Data\ALTAVISTA\SelectedContextSearch_AltaVista Search.htm
O8 - Extra context menu item: Translate - file://C:\Documents and Settings\Warren\Application Data\ALTAVISTA\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1172042353868
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

#5 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 21 October 2007 - 06:06 PM

Did you run the ATF Cleaner?

Delete these files if listed:
C:\WINDOWS\Temp\cggmyjyb.dll
C:\WINDOWS\Temp\cggmyjyb.dll

1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.

Restart your computer.

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 24 October 2007 - 04:18 PM

How are you doing with the fix?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 29 October 2007 - 06:00 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme