Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virus infected, computer reboots auto, cant open many programs even hi


  • This topic is locked This topic is locked

#46
rich06

rich06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
yes
  • 0

Advertisements


#47
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That may be your best option at this point.

It's up to you.
  • 0

#48
rich06

rich06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
there are two options. should i the malicious or w/e one that makes me have to reinstall all the drivers and such??? considering i do not have the xp disk. or try the other normal one. id hate to have to take it to best buy and get a nasty fee for them to do nothing.
  • 0

#49
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You should choose a non destructive system restore.
It should give you that option.
  • 0

#50
rich06

rich06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
ComboFix 08-05-12.1 - Owner 2008-05-13 20:31:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.280 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\register.dat
C:\Program Files\Common Files\crosof~1
C:\Program Files\icroso~1.net
C:\Program Files\icroso~1.net\?ti2evxx.exe
C:\Program Files\newdotnet
C:\Program Files\newdotnet\nncore.dll
C:\Program Files\newdotnet\nnrun.exe
C:\Program Files\newdotnet\readme.html
C:\Program Files\newdotnet\uninstall.exe
C:\Program Files\outlook
C:\smp.bat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\temp\tn3
C:\WINDOWS\BMbf8865d9.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\jky7u64thng5thb.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\advapi3.dll
C:\WINDOWS\system32\bcaoablf.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dwojqpjy.dll
C:\WINDOWS\system32\dxepojch.ini
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\hdpyvkyr.dll
C:\WINDOWS\system32\iqfeaues.ini
C:\WINDOWS\system32\iraaoprk.ini
C:\WINDOWS\system32\iraaoprk.ini2
C:\WINDOWS\system32\iraaoprk.tmp
C:\WINDOWS\system32\iuiueygh.ini
C:\WINDOWS\system32\kswdxhor.ini
C:\WINDOWS\system32\murka.dat
C:\WINDOWS\system32\nqnmhlrt.dll
C:\WINDOWS\system32\oiqypflj.dll
C:\WINDOWS\system32\opkwnrcg.dll
C:\WINDOWS\system32\palqoixr.dll
C:\WINDOWS\system32\qsdkkmxu.ini
C:\WINDOWS\system32\rhbriagd.dll
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\sks~1\??sks\
C:\WINDOWS\system32\sks~1\mmc.exe
C:\WINDOWS\system32\uhikrqtv.ini
C:\WINDOWS\system32\uohfrovl.dll
C:\WINDOWS\system32\uwfrdcwo.dll
C:\WINDOWS\system32\winmsdn.exe
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\xlxhvlgi.dll
C:\WINDOWS\system32\ygxauboo.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-13 20:28 . 2008-05-13 20:28 19,067 --ah----- C:\hpothb07.tif
2008-05-13 20:28 . 2008-05-13 20:28 10,416 --ah----- C:\hpothb07.dat
2008-05-13 20:27 . 2008-05-13 20:27 346,203 --ah----- C:\WINDOWS\hpothb07.tif
2008-05-13 20:27 . 2008-05-13 20:27 39,275 --ah----- C:\WINDOWS\hpothb07.dat
2008-05-08 22:10 . 2008-05-08 22:10 <DIR> d-------- C:\Program Files\USB Storage RW
2008-05-08 22:07 . 2008-05-08 22:10 <DIR> d-------- C:\cmdcons(2)
2008-05-08 22:02 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-05-08 22:02 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-16 00:56 . 2008-04-16 00:56 1,071 --a------ C:\WINDOWS\AWMODEM.INF
2008-04-15 22:43 . 2008-04-16 00:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 22:43 . 2008-04-15 22:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-15 22:43 . 2008-04-15 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 20:55 . 2008-05-13 20:31 1,024 --ah----- C:\Documents and Settings\Rich\NTUSER.DAT.LOG
2008-04-15 20:34 . 2008-04-15 20:34 <DIR> d--hs---- C:\found.001
2008-04-15 16:52 . 2008-01-21 20:13 13,824 --a------ C:\WINDOWS\wdu18.exe
2008-04-15 16:40 . 2008-01-21 20:13 13,824 --a------ C:\WINDOWS\wdm13.exe
2008-04-15 16:39 . 2008-01-21 20:13 13,824 --a------ C:\WINDOWS\wdm3.exe
2008-04-15 16:36 . 2008-01-21 20:13 13,824 --a------ C:\WINDOWS\wdm9.exe
2008-04-15 16:36 . 2008-01-21 20:13 13,824 --a------ C:\WINDOWS\wdm5.exe
2008-04-15 14:08 . 2008-01-21 20:13 13,824 --a------ C:\WINDOWS\wdu1E.exe
2008-04-15 14:08 . 2008-01-21 20:13 13,824 --a------ C:\WINDOWS\wdu1A.exe
2008-04-14 14:57 . 2008-01-21 20:13 13,824 --a------ C:\WINDOWS\wdu2A.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 23:36 --------- d-----w C:\Program Files\Greetings Workshop
2008-05-13 23:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 02:14 4,526 --sha-r C:\WINDOWS\system32\drivers\HP_DF253A-ABA a250n_YW_Pavi_QMXM329_E33NAheBLU4_4_I P4SD-LA _SASUSTeK Computer INC._VRev 1.xx_B3.10_T030627_WXH1_L409_M512_J120_7Intel_8Pentium 4_92.6_1104C8023_N10EC8139_P_Z11C1044C_K_A808624D5_U808624D2_G10DE0181.MRK
2008-05-09 02:09 --------- d-----w C:\Program Files\Easy Internet signup
2008-05-09 02:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 04:23 --------- d-----w C:\Program Files\cezfawfa
2008-04-13 23:11 120,832 ----a-w C:\WINDOWS\system32\drivers\Lmxn69.sys
2008-04-13 04:21 79,872 ----a-w C:\Documents and Settings\Owner\Application Data\winifixer.exe
2008-04-13 04:21 106,496 ----a-w C:\WINDOWS\system32\cfgadmsh.dll
2008-04-13 04:21 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\olcpgjax.dll
2008-04-13 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\xyxopira
2008-04-08 19:35 7,724 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-08 19:35 26,108 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 19:35 2,471,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 19:35 142 ----a-w C:\semp1.bat
2008-04-08 19:35 112,160 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-08 19:34 12,800 ----a-w C:\iW8.exe
2008-04-04 01:28 41,984 --sh--r C:\WINDOWS\system32\adsntt.exe
2008-04-02 22:54 40,960 ----a-w C:\WINDOWS\system32\kugvd.exe
2008-04-02 22:54 40,960 ----a-w C:\WINDOWS\hjj5yrtggfnghjy.exe
2008-03-21 03:50 40,960 ----a-w C:\WINDOWS\system32\fadgsd.exe
2008-03-21 03:50 20,480 ----a-w C:\WINDOWS\quit.exe
2008-03-20 19:05 --------- d-----w C:\Program Files\VB6 Runtime Files for IDAutomation.com Applications
2008-03-20 18:47 396,288 ----a-w C:\Program Files\HijackThis.exe
2008-03-20 18:42 --------- d-----w C:\Program Files\Trend Micro
2008-03-20 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-20 02:55 26,624 ----a-w C:\Documents and Settings\Owner\file.exe
2008-03-20 01:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-20 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-18 21:37 14,336 ----a-w C:\4dl99l.exe
2008-03-17 01:02 40,960 ----a-w C:\WINDOWS\system32\fwehg.exe
2008-03-17 01:02 40,960 ----a-w C:\WINDOWS\fgherghjfg.exe
2008-03-15 23:13 1,366,803 --sh--w C:\WINDOWS\system32\bedoapvd.tmp
2008-02-21 23:54 23,040 ----a-w C:\winhtdo.exe
2008-02-21 18:27 53,760 ----a-w C:\WINDOWS\system32\condw32.dll
2008-01-23 00:57 89 ----a-w C:\Documents and Settings\Owner\del.bat
2007-12-31 02:28 0 --sha-w C:\Documents and Settings\Owner\Application Data\b925c42d1a728a077ffecc0dc7cb4d670ba1e2bc.dat
2006-01-04 16:40 26,958 -c--a-w C:\Program Files\Movieland Terms.html
2005-07-13 17:26 363 ----a-w C:\Documents and Settings\Del Swoll\bker.exe
2005-05-20 11:20 150,576 ----a-w C:\Documents and Settings\Owner\Application Data\spyguard.exe
2003-04-10 11:19 32 --sha-w C:\WINDOWS\{FC92DEF6-B98A-462F-BDEC-6F8042F11C76}.dat
2008-01-03 21:33 4,096 --sha-w C:\WINDOWS\system32\5558.dat
2004-10-20 20:56 56 -csh--r C:\WINDOWS\system32\EB01BC701C.sys
2005-05-27 21:26 475 -csha-w C:\WINDOWS\system32\hhxky.dll
2004-10-20 20:56 1,890 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2003-04-10 11:19 32 --sha-w C:\WINDOWS\system32\{9E165BF4-5E4A-49D1-BA74-00B57060829D}.dat
.
<pre>
----a-w		   349,184 2008-01-22 00:30:47  C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast				  .exe
----a-w			61,440 2008-01-15 02:07:33  C:\hp\KBD\KBD .EXE
----a-w			67,112 2008-01-17 02:24:38  C:\Program Files\AIM\aim .exe
----a-w			94,208 2008-01-17 02:24:35  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w		   155,648 2008-01-17 02:24:05  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w			59,040 2008-01-14 00:47:01  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			81,920 2008-01-17 02:23:56  C:\Program Files\Common Files\Ulead Systems\DVD\USISrv .exe
----a-w		   411,136 2008-01-17 02:24:16  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w			69,632 2008-01-15 02:07:11  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
----a-w			54,840 2008-01-15 02:10:18  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w		   256,576 2008-01-17 02:23:59  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			83,608 2008-01-17 02:24:03  C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w		 1,670,144 2008-01-17 02:24:40  C:\Program Files\Messenger\msmsgs .exe
----a-w		   282,624 2008-01-22 00:21:47  C:\Program Files\QuickTime\qttask											.exe
----a-w		   282,624 2008-01-22 00:21:07  C:\Program Files\QuickTime\qttask										   .exe
----a-w		   282,624 2008-01-22 00:30:02  C:\Program Files\QuickTime\qttask										  .exe
----a-w		   282,624 2008-01-22 00:31:51  C:\Program Files\QuickTime\qttask										 .exe
----a-w		   282,624 2008-01-22 00:22:30  C:\Program Files\QuickTime\qttask										.exe
----a-w		   282,624 2008-01-22 00:23:45  C:\Program Files\QuickTime\qttask									   .exe
----a-w		   282,624 2008-01-22 00:21:52  C:\Program Files\QuickTime\qttask									  .exe
----a-w		   282,624 2008-01-22 00:16:34  C:\Program Files\QuickTime\qttask									 .exe
----a-w		   282,624 2008-01-22 00:31:23  C:\Program Files\QuickTime\qttask									.exe
----a-w		   649,216 2008-01-15 02:08:53  C:\Program Files\QuickTime\qttask								   .exe
----a-w		   282,624 2008-01-22 00:24:11  C:\Program Files\QuickTime\qttask								  .exe
----a-w		   282,624 2008-01-22 00:30:22  C:\Program Files\QuickTime\qttask								 .exe
----a-w		   282,624 2008-01-22 00:27:12  C:\Program Files\QuickTime\qttask								.exe
----a-w		   282,624 2008-01-22 00:28:28  C:\Program Files\QuickTime\qttask							  .exe
----a-w		   282,624 2008-01-22 00:32:18  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   282,624 2008-01-22 00:13:34  C:\Program Files\QuickTime\qttask							.exe
----a-w		   282,624 2008-01-22 00:20:53  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   282,624 2008-01-22 00:14:36  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   282,624 2008-01-22 00:31:02  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   282,624 2008-01-22 00:13:38  C:\Program Files\QuickTime\qttask						.exe
----a-w		   282,624 2008-01-22 00:22:52  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   282,624 2008-01-22 00:20:45  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   282,624 2008-01-22 00:32:30  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   282,624 2008-01-22 00:33:33  C:\Program Files\QuickTime\qttask					.exe
----a-w		   282,624 2008-01-22 00:23:03  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   282,624 2008-01-22 00:33:49  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   282,624 2008-01-22 00:26:30  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   282,624 2008-01-22 00:32:48  C:\Program Files\QuickTime\qttask				.exe
----a-w		   282,624 2008-01-22 00:20:50  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   282,624 2008-01-22 00:19:59  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   282,624 2008-01-22 00:29:46  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-01-22 00:31:59  C:\Program Files\QuickTime\qttask			.exe
----a-w		   282,624 2008-01-22 00:05:14  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   282,624 2008-01-22 00:04:40  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   282,624 2008-01-22 00:04:38  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   282,624 2008-01-22 00:04:34  C:\Program Files\QuickTime\qttask		.exe
----a-w		   282,624 2008-01-22 00:04:23  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   282,624 2008-01-22 00:04:26  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   282,624 2008-01-22 00:31:39  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   282,624 2008-01-22 00:13:47  C:\Program Files\QuickTime\qttask	.exe
----a-w		   282,624 2008-01-22 00:13:32  C:\Program Files\QuickTime\qttask   .exe
----a-w		   282,624 2008-01-22 00:05:20  C:\Program Files\QuickTime\qttask  .exe
----a-w		   282,624 2008-01-22 00:05:22  C:\Program Files\QuickTime\qttask .exe
----a-w		 1,544,192 2008-01-17 02:23:58  C:\Program Files\support.com\bin\tgcmd .exe
----a-w				 0 2008-01-15 02:06:56  C:\Program Files\SymNetDrv\SNDMon .exe
----a-w		 5,367,664 2008-01-21 19:26:54  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w		   358,912 2008-01-15 02:07:30  C:\WINDOWS\avp .exe
----a-w			13,824 2008-01-21 19:16:27  C:\WINDOWS\wdm8B .exe
----a-w			13,824 2008-01-21 19:16:27  C:\WINDOWS\wdu8C .exe
----a-w		   212,992 2008-01-13 23:20:20  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			52,736 2008-01-17 02:23:51  C:\WINDOWS\system\hpsysdrv .exe
----a-w		   155,648 2008-01-15 02:07:15  C:\WINDOWS\system32\NeroCheck .exe
----a-w			 9,728 2008-01-15 01:48:51  C:\WINDOWS\system32\spoolvs .exe
</pre>


------- Sigcheck -------

2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-03 14:44 831557 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 20:11 114688]
"KYE_UDSI"="C:\Program Files\USB Storage RW\udsi.exe" [2003-02-22 00:30 212992]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 10:27 69632]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 20:42 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 11:01 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 02:36 151597]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" [2002-12-04 03:24 184800]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-03 14:44 4595712]
"nwiz"="nwiz.exe" [2003-03-03 14:44 323584 C:\WINDOWS\system32\nwiz.exe]
"NAV CfgWiz"="c:\PROGRA~1\NORTON~1\Cfgwiz.exe" [ ]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 05:29 54976]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 05:29 59072]
"BCNT"="C:\PROGRA~1\AWS\WEATHE~1\BCNT.EXE" [2002-08-20 09:20 28672]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 23:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-03-18 04:50 331776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2002-08-21 19:48:26 40960]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
findfast .exe [2008-01-21 20:30:47 349184]
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1996-06-25 01:00:00 40448]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-02 12:28:52 344064]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 07:21:36 552960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll


*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-05 15:00:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 02:09:11 C:\WINDOWS\Tasks\easy Internet sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-02-24 02:28:23 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\System32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [email protected]
"2005-02-08 21:30:23 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 20:37:10
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-05-13 20:39:28
ComboFix-quarantined-files.txt 2008-05-14 00:39:24

Pre-Run: 4,369,244,160 bytes free
Post-Run: 4,641,017,856 bytes free

278
  • 0

#51
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in one at a time)

C:\WINDOWS\system32\drivers\Lmxn69.sys
C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys


Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

#52
rich06

rich06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Scan taken on 14 May 2008 23:42:14 (GMT)
A-Squared
Found nothing
AntiVir
Found TR/Rootkit.Gen
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found Scagent.L
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Rootkit.Win32.Qandr.ai
Fortinet
Found nothing
Ikarus
Found Rootkit.Win32.Agent.ea
Kaspersky Anti-Virus
Found Rootkit.Win32.Qandr.ai
NOD32
Found a variant of Win32/Srizbi
Norman Virus Control
Found Srizbi.gen1
Panda Antivirus
Found Trj/Dropper.WF
Sophos Antivirus
Found Mal/RootKit-C
VirusBuster
Found nothing
VBA32
Found nothing
  • 0

#53
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

File::
C:\WINDOWS\wdu18.exe
C:\WINDOWS\wdm13.exe
C:\WINDOWS\wdm3.exe
C:\WINDOWS\wdm9.exe
C:\WINDOWS\wdm5.exe
C:\WINDOWS\wdu1E.exe
C:\WINDOWS\wdu1A.exe
C:\WINDOWS\wdu2A.exe
C:\WINDOWS\system32\drivers\Lmxn69.sys
C:\Documents and Settings\Owner\Application Data\winifixer.exe
C:\WINDOWS\system32\cfgadmsh.dll
C:\Documents and Settings\All Users\Application Data\olcpgjax.dll
C:\semp1.bat
C:\iW8.exe
C:\WINDOWS\system32\kugvd.exe
C:\WINDOWS\hjj5yrtggfnghjy.exe
C:\WINDOWS\system32\fadgsd.exe
C:\WINDOWS\quit.exe
C:\Documents and Settings\Owner\file.exe
C:\4dl99l.exe
C:\WINDOWS\system32\fwehg.exe
C:\WINDOWS\fgherghjfg.exe
C:\WINDOWS\system32\bedoapvd.tmp
C:\winhtdo.exe
C:\WINDOWS\system32\condw32.dll
C:\Documents and Settings\Owner\del.bat
C:\Program Files\Movieland Terms.html
C:\Documents and Settings\Del Swoll\bker.exe
C:\Documents and Settings\Owner\Application Data\spyguard.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast				  .exe
C:\WINDOWS\avp .exe
C:\WINDOWS\wdm8B .exe
C:\WINDOWS\wdu8C .exe
C:\WINDOWS\system32\spoolvs .exe
RenV::
C:\hp\KBD\KBD .EXE
C:\Program Files\AIM\aim .exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv .exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\QuickTime\qttask											.exe
C:\Program Files\QuickTime\qttask										   .exe
C:\Program Files\QuickTime\qttask										  .exe
C:\Program Files\QuickTime\qttask										 .exe
C:\Program Files\QuickTime\qttask										.exe
C:\Program Files\QuickTime\qttask									   .exe
C:\Program Files\QuickTime\qttask									  .exe
C:\Program Files\QuickTime\qttask									 .exe
C:\Program Files\QuickTime\qttask									.exe
C:\Program Files\QuickTime\qttask								   .exe
C:\Program Files\QuickTime\qttask								  .exe
C:\Program Files\QuickTime\qttask								 .exe
C:\Program Files\QuickTime\qttask								.exe
C:\Program Files\QuickTime\qttask							  .exe
C:\Program Files\QuickTime\qttask							 .exe
C:\Program Files\QuickTime\qttask							.exe
C:\Program Files\QuickTime\qttask						   .exe
C:\Program Files\QuickTime\qttask						  .exe
C:\Program Files\QuickTime\qttask						 .exe
C:\Program Files\QuickTime\qttask						.exe
C:\Program Files\QuickTime\qttask					   .exe
C:\Program Files\QuickTime\qttask					  .exe
C:\Program Files\QuickTime\qttask					 .exe
C:\Program Files\QuickTime\qttask					.exe
C:\Program Files\QuickTime\qttask				   .exe
C:\Program Files\QuickTime\qttask				  .exe
C:\Program Files\QuickTime\qttask				 .exe
C:\Program Files\QuickTime\qttask				.exe
C:\Program Files\QuickTime\qttask			   .exe
C:\Program Files\QuickTime\qttask			  .exe
C:\Program Files\QuickTime\qttask			 .exe
C:\Program Files\QuickTime\qttask			.exe
C:\Program Files\QuickTime\qttask		   .exe
C:\Program Files\QuickTime\qttask		  .exe
C:\Program Files\QuickTime\qttask		 .exe
C:\Program Files\QuickTime\qttask		.exe
C:\Program Files\QuickTime\qttask	   .exe
C:\Program Files\QuickTime\qttask	  .exe
C:\Program Files\QuickTime\qttask	 .exe
C:\Program Files\QuickTime\qttask	.exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\support.com\bin\tgcmd .exe
C:\Program Files\SymNetDrv\SNDMon .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\system\hpsysdrv .exe
C:\WINDOWS\system32\NeroCheck .exe
Folder::
C:\Documents and Settings\All Users\Application Data\xyxopira
Driver::
Lmxn69
Dirlook::
C:\Program Files\cezfawfa


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by kahdah, 14 May 2008 - 07:10 PM.

  • 0

#54
rich06

rich06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
ComboFix 08-05-12.1 - Owner 2008-05-14 20:47:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.256 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\4dl99l.exe
C:\Documents and Settings\All Users\Application Data\olcpgjax.dll
C:\Documents and Settings\Del Swoll\bker.exe
C:\Documents and Settings\Owner\Application Data\spyguard.exe
C:\Documents and Settings\Owner\Application Data\winifixer.exe
C:\Documents and Settings\Owner\del.bat
C:\Documents and Settings\Owner\file.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe
C:\iW8.exe
C:\Program Files\Movieland Terms.html
C:\semp1.bat
C:\WINDOWS\avp .exe
C:\WINDOWS\fgherghjfg.exe
C:\WINDOWS\hjj5yrtggfnghjy.exe
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\bedoapvd.tmp
C:\WINDOWS\system32\cfgadmsh.dll
C:\WINDOWS\system32\condw32.dll
C:\WINDOWS\system32\drivers\Lmxn69.sys
C:\WINDOWS\system32\fadgsd.exe
C:\WINDOWS\system32\fwehg.exe
C:\WINDOWS\system32\kugvd.exe
C:\WINDOWS\system32\spoolvs .exe
C:\WINDOWS\wdm13.exe
C:\WINDOWS\wdm3.exe
C:\WINDOWS\wdm5.exe
C:\WINDOWS\wdm8B .exe
C:\WINDOWS\wdm9.exe
C:\WINDOWS\wdu18.exe
C:\WINDOWS\wdu1A.exe
C:\WINDOWS\wdu1E.exe
C:\WINDOWS\wdu2A.exe
C:\WINDOWS\wdu8C .exe
C:\winhtdo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\4dl99l.exe
C:\Documents and Settings\All Users\Application Data\olcpgjax.dll
C:\Documents and Settings\All Users\Application Data\xyxopira
C:\Documents and Settings\Del Swoll\bker.exe
C:\Documents and Settings\Owner\Application Data\spyguard.exe
C:\Documents and Settings\Owner\Application Data\winifixer.exe
C:\Documents and Settings\Owner\del.bat
C:\Documents and Settings\Owner\file.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\n.ini
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe
C:\iW8.exe
C:\Program Files\Movieland Terms.html
C:\semp1.bat
C:\WINDOWS\avp .exe
C:\WINDOWS\Downloaded Program Files\UGDC_0001_N122M0502NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\USCR_0001_N10M0402NetInstaller.exe
C:\WINDOWS\fgherghjfg.exe
C:\WINDOWS\hjj5yrtggfnghjy.exe
C:\WINDOWS\NDNuninstall7_48.exe
C:\WINDOWS\PSEXESVC.EXE
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\bedoapvd.tmp
C:\WINDOWS\system32\cfgadmsh.dll
C:\WINDOWS\system32\condw32.dll
C:\WINDOWS\system32\drivers\Lmxn69.sys
C:\WINDOWS\system32\fadgsd.exe
C:\WINDOWS\system32\fwehg.exe
C:\WINDOWS\system32\kugvd.exe
C:\WINDOWS\system32\spoolvs .exe
C:\WINDOWS\wdm13.exe
C:\WINDOWS\wdm3.exe
C:\WINDOWS\wdm5.exe
C:\WINDOWS\wdm8B .exe
C:\WINDOWS\wdm9.exe
C:\WINDOWS\wdu18.exe
C:\WINDOWS\wdu1A.exe
C:\WINDOWS\wdu1E.exe
C:\WINDOWS\wdu2A.exe
C:\WINDOWS\wdu8C .exe
C:\winhtdo.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-14 20:06 . 2008-05-14 20:06 36 -rahs---- C:\.uid_xxx
2008-05-14 19:59 . 2008-05-14 20:01 1,024 -r-h----- C:\WINDOWS\system32\NTIRIPPER.dll
2008-05-14 19:55 . 2008-05-14 19:59 <DIR> d-------- C:\Program Files\NewTech Infosystems
2008-05-13 20:28 . 2008-05-14 19:22 19,561 --ah----- C:\hpothb07.tif
2008-05-13 20:28 . 2008-05-14 20:24 10,293 --ah----- C:\hpothb07.dat
2008-05-13 20:27 . 2008-05-13 20:27 346,203 --ah----- C:\WINDOWS\hpothb07.tif
2008-05-13 20:27 . 2008-05-13 20:27 39,275 --ah----- C:\WINDOWS\hpothb07.dat
2008-05-08 22:10 . 2008-05-08 22:10 <DIR> d-------- C:\Program Files\USB Storage RW
2008-05-08 22:07 . 2008-05-08 22:10 <DIR> d-------- C:\cmdcons(2)
2008-05-08 22:02 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-05-08 22:02 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-16 00:56 . 2008-04-16 00:56 1,071 --a------ C:\WINDOWS\AWMODEM.INF
2008-04-15 22:43 . 2008-04-16 00:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 22:43 . 2008-04-15 22:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-15 22:43 . 2008-04-15 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 20:55 . 2008-05-13 20:31 1,024 --ah----- C:\Documents and Settings\Rich\NTUSER.DAT.LOG
2008-04-15 20:34 . 2008-04-15 20:34 <DIR> d--hs---- C:\found.001

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 00:54 --------- d-----w C:\Program Files\Greetings Workshop
2008-05-15 00:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-14 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 02:14 4,526 --sha-r C:\WINDOWS\system32\drivers\HP_DF253A-ABA a250n_YW_Pavi_QMXM329_E33NAheBLU4_4_I P4SD-LA _SASUSTeK Computer INC._VRev 1.xx_B3.10_T030627_WXH1_L409_M512_J120_7Intel_8Pentium 4_92.6_1104C8023_N10EC8139_P_Z11C1044C_K_A808624D5_U808624D2_G10DE0181.MRK
2008-05-09 02:09 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-16 04:23 --------- d-----w C:\Program Files\cezfawfa
2008-04-08 19:35 7,724 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-08 19:35 26,108 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 19:35 2,471,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 19:35 112,160 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-20 19:05 --------- d-----w C:\Program Files\VB6 Runtime Files for IDAutomation.com Applications
2008-03-20 18:47 396,288 ----a-w C:\Program Files\HijackThis.exe
2008-03-20 18:42 --------- d-----w C:\Program Files\Trend Micro
2008-03-20 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-20 01:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-20 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 02:28 0 --sha-w C:\Documents and Settings\Owner\Application Data\b925c42d1a728a077ffecc0dc7cb4d670ba1e2bc.dat
2003-04-10 11:19 32 --sha-w C:\WINDOWS\{FC92DEF6-B98A-462F-BDEC-6F8042F11C76}.dat
2008-01-03 21:33 4,096 --sha-w C:\WINDOWS\system32\5558.dat
2004-10-20 20:56 56 -csh--r C:\WINDOWS\system32\EB01BC701C.sys
2005-05-27 21:26 475 -csha-w C:\WINDOWS\system32\hhxky.dll
2004-10-20 20:56 1,890 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2003-04-10 11:19 32 --sha-w C:\WINDOWS\system32\{9E165BF4-5E4A-49D1-BA74-00B57060829D}.dat
.
<pre>
----a-w			61,440 2008-01-15 02:07:33  C:\hp\KBD\KBD .EXE
----a-w			67,112 2008-01-17 02:24:38  C:\Program Files\AIM\aim .exe
----a-w			94,208 2008-01-17 02:24:35  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w		   155,648 2008-01-17 02:24:05  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w			59,040 2008-01-14 00:47:01  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			81,920 2008-01-17 02:23:56  C:\Program Files\Common Files\Ulead Systems\DVD\USISrv .exe
----a-w		   411,136 2008-01-17 02:24:16  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w			69,632 2008-01-15 02:07:11  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
----a-w			54,840 2008-01-15 02:10:18  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w		   256,576 2008-01-17 02:23:59  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			83,608 2008-01-17 02:24:03  C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w		 1,670,144 2008-01-17 02:24:40  C:\Program Files\Messenger\msmsgs .exe
----a-w		   282,624 2008-01-22 00:21:47  C:\Program Files\QuickTime\qttask											.exe
----a-w		   282,624 2008-01-22 00:21:07  C:\Program Files\QuickTime\qttask										   .exe
----a-w		   282,624 2008-01-22 00:30:02  C:\Program Files\QuickTime\qttask										  .exe
----a-w		   282,624 2008-01-22 00:31:51  C:\Program Files\QuickTime\qttask										 .exe
----a-w		   282,624 2008-01-22 00:22:30  C:\Program Files\QuickTime\qttask										.exe
----a-w		   282,624 2008-01-22 00:23:45  C:\Program Files\QuickTime\qttask									   .exe
----a-w		   282,624 2008-01-22 00:21:52  C:\Program Files\QuickTime\qttask									  .exe
----a-w		   282,624 2008-01-22 00:16:34  C:\Program Files\QuickTime\qttask									 .exe
----a-w		   282,624 2008-01-22 00:31:23  C:\Program Files\QuickTime\qttask									.exe
----a-w		   649,216 2008-01-15 02:08:53  C:\Program Files\QuickTime\qttask								   .exe
----a-w		   282,624 2008-01-22 00:24:11  C:\Program Files\QuickTime\qttask								  .exe
----a-w		   282,624 2008-01-22 00:30:22  C:\Program Files\QuickTime\qttask								 .exe
----a-w		   282,624 2008-01-22 00:27:12  C:\Program Files\QuickTime\qttask								.exe
----a-w		   282,624 2008-01-22 00:28:28  C:\Program Files\QuickTime\qttask							  .exe
----a-w		   282,624 2008-01-22 00:32:18  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   282,624 2008-01-22 00:13:34  C:\Program Files\QuickTime\qttask							.exe
----a-w		   282,624 2008-01-22 00:20:53  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   282,624 2008-01-22 00:14:36  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   282,624 2008-01-22 00:31:02  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   282,624 2008-01-22 00:13:38  C:\Program Files\QuickTime\qttask						.exe
----a-w		   282,624 2008-01-22 00:22:52  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   282,624 2008-01-22 00:20:45  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   282,624 2008-01-22 00:32:30  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   282,624 2008-01-22 00:33:33  C:\Program Files\QuickTime\qttask					.exe
----a-w		   282,624 2008-01-22 00:23:03  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   282,624 2008-01-22 00:33:49  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   282,624 2008-01-22 00:26:30  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   282,624 2008-01-22 00:32:48  C:\Program Files\QuickTime\qttask				.exe
----a-w		   282,624 2008-01-22 00:20:50  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   282,624 2008-01-22 00:19:59  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   282,624 2008-01-22 00:29:46  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-01-22 00:31:59  C:\Program Files\QuickTime\qttask			.exe
----a-w		   282,624 2008-01-22 00:05:14  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   282,624 2008-01-22 00:04:40  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   282,624 2008-01-22 00:04:38  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   282,624 2008-01-22 00:04:34  C:\Program Files\QuickTime\qttask		.exe
----a-w		   282,624 2008-01-22 00:04:23  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   282,624 2008-01-22 00:04:26  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   282,624 2008-01-22 00:31:39  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   282,624 2008-01-22 00:13:47  C:\Program Files\QuickTime\qttask	.exe
----a-w		   282,624 2008-01-22 00:13:32  C:\Program Files\QuickTime\qttask   .exe
----a-w		   282,624 2008-01-22 00:05:20  C:\Program Files\QuickTime\qttask  .exe
----a-w		   282,624 2008-01-22 00:05:22  C:\Program Files\QuickTime\qttask .exe
----a-w		 1,544,192 2008-01-17 02:23:58  C:\Program Files\support.com\bin\tgcmd .exe
----a-w				 0 2008-01-15 02:06:56  C:\Program Files\SymNetDrv\SNDMon .exe
----a-w		 5,367,664 2008-01-21 19:26:54  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w		   212,992 2008-01-13 23:20:20  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			52,736 2008-01-17 02:23:51  C:\WINDOWS\system\hpsysdrv .exe
----a-w		   155,648 2008-01-15 02:07:15  C:\WINDOWS\system32\NeroCheck .exe
</pre>


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\cezfawfa ----



------- Sigcheck -------

2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-03 14:44 831557 C:\WINDOWS\system32\nview.dll]
"Shadow"="C:\Program Files\NewTech Infosystems\NTI Shadow 3\Shadow.exe" [2006-12-30 11:56 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 20:11 114688]
"KYE_UDSI"="C:\Program Files\USB Storage RW\udsi.exe" [2003-02-22 00:30 212992]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 10:27 69632]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 20:42 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 11:01 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 02:36 151597]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" [2002-12-04 03:24 184800]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-03 14:44 4595712]
"nwiz"="nwiz.exe" [2003-03-03 14:44 323584 C:\WINDOWS\system32\nwiz.exe]
"NAV CfgWiz"="c:\PROGRA~1\NORTON~1\Cfgwiz.exe" [ ]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 05:29 54976]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 05:29 59072]
"BCNT"="C:\PROGRA~1\AWS\WEATHE~1\BCNT.EXE" [2002-08-20 09:20 28672]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 23:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-03-18 04:50 331776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2002-08-21 19:48:26 40960]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1996-06-25 01:00:00 40448]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-02 12:28:52 344064]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 07:21:36 552960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

S3 N;N;C:\Program Files\NewTech Infosystems\NTI Ripper\ [2008-05-14 20:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-05 15:00:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 02:09:11 C:\WINDOWS\Tasks\easy Internet sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-02-24 02:28:23 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\System32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt [email protected]
"2005-02-08 21:30:23 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 20:52:58
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N]
"ImagePath"="\??\C:\Program Files\NewTech Infosystems\NTI Ripper\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Norton AntiVirus\Navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\omniServ.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
.
**************************************************************************
.
Completion time: 2008-05-14 21:05:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 01:04:58
ComboFix2.txt 2008-05-14 00:39:29

Pre-Run: 4,375,678,976 bytes free
Post-Run: 4,384,219,136 bytes free

288
  • 0

#55
rich06

rich06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:13 PM, on 5/14/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\NewTech Infosystems\NTI Shadow 3\Shadow.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BCNT] C:\PROGRA~1\AWS\WEATHE~1\BCNT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Shadow] C:\Program Files\NewTech Infosystems\NTI Shadow 3\Shadow.exe --minimize
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MsnFixer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

--
End of file - 6885 bytes
  • 0

Advertisements


#56
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Download RenV.exe by sUBs to your desktop
  • Double click on it to run it
  • It will search your system drive looking for any modified .exe file and will produce a log for you.
  • Please copy and paste the report it produces.

  • 0

#57
rich06

rich06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Ran on Thu 05/15/2008 - 18:15:45.79



----a-w			61,440 2008-01-15 02:07:33  C:\hp\KBD\KBD .EXE

----a-w			67,112 2008-01-17 02:24:38  C:\Program Files\AIM\aim .exe

----a-w			94,208 2008-01-17 02:24:35  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe

----a-w		   155,648 2008-01-17 02:24:05  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe

----a-w			59,040 2008-01-14 00:47:01  C:\Program Files\Common Files\Symantec Shared\ccApp .exe

----a-w			81,920 2008-01-17 02:23:56  C:\Program Files\Common Files\Ulead Systems\DVD\USISrv .exe

----a-w		   411,136 2008-01-17 02:24:16  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe

----a-w			69,632 2008-01-15 02:07:11  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe

----a-w			54,840 2008-01-15 02:10:18  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe

----a-w		   256,576 2008-01-17 02:23:59  C:\Program Files\iTunes\iTunesHelper .exe

----a-w			83,608 2008-01-17 02:24:03  C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe

----a-w		 1,670,144 2008-01-17 02:24:40  C:\Program Files\Messenger\msmsgs .exe

----a-w		   282,624 2008-01-22 00:21:47  C:\Program Files\QuickTime\qttask											.exe

----a-w		   282,624 2008-01-22 00:21:07  C:\Program Files\QuickTime\qttask										   .exe

----a-w		   282,624 2008-01-22 00:30:02  C:\Program Files\QuickTime\qttask										  .exe

----a-w		   282,624 2008-01-22 00:31:51  C:\Program Files\QuickTime\qttask										 .exe

----a-w		   282,624 2008-01-22 00:22:30  C:\Program Files\QuickTime\qttask										.exe

----a-w		   282,624 2008-01-22 00:23:45  C:\Program Files\QuickTime\qttask									   .exe

----a-w		   282,624 2008-01-22 00:21:52  C:\Program Files\QuickTime\qttask									  .exe

----a-w		   282,624 2008-01-22 00:16:34  C:\Program Files\QuickTime\qttask									 .exe

----a-w		   282,624 2008-01-22 00:31:23  C:\Program Files\QuickTime\qttask									.exe

----a-w		   649,216 2008-01-15 02:08:53  C:\Program Files\QuickTime\qttask								   .exe

----a-w		   282,624 2008-01-22 00:24:11  C:\Program Files\QuickTime\qttask								  .exe

----a-w		   282,624 2008-01-22 00:30:22  C:\Program Files\QuickTime\qttask								 .exe

----a-w		   282,624 2008-01-22 00:27:12  C:\Program Files\QuickTime\qttask								.exe

----a-w		   282,624 2008-01-22 00:28:28  C:\Program Files\QuickTime\qttask							  .exe

----a-w		   282,624 2008-01-22 00:32:18  C:\Program Files\QuickTime\qttask							 .exe

----a-w		   282,624 2008-01-22 00:13:34  C:\Program Files\QuickTime\qttask							.exe

----a-w		   282,624 2008-01-22 00:20:53  C:\Program Files\QuickTime\qttask						   .exe

----a-w		   282,624 2008-01-22 00:14:36  C:\Program Files\QuickTime\qttask						  .exe

----a-w		   282,624 2008-01-22 00:31:02  C:\Program Files\QuickTime\qttask						 .exe

----a-w		   282,624 2008-01-22 00:13:38  C:\Program Files\QuickTime\qttask						.exe

----a-w		   282,624 2008-01-22 00:22:52  C:\Program Files\QuickTime\qttask					   .exe

----a-w		   282,624 2008-01-22 00:20:45  C:\Program Files\QuickTime\qttask					  .exe

----a-w		   282,624 2008-01-22 00:32:30  C:\Program Files\QuickTime\qttask					 .exe

----a-w		   282,624 2008-01-22 00:33:33  C:\Program Files\QuickTime\qttask					.exe

----a-w		   282,624 2008-01-22 00:23:03  C:\Program Files\QuickTime\qttask				   .exe

----a-w		   282,624 2008-01-22 00:33:49  C:\Program Files\QuickTime\qttask				  .exe

----a-w		   282,624 2008-01-22 00:26:30  C:\Program Files\QuickTime\qttask				 .exe

----a-w		   282,624 2008-01-22 00:32:48  C:\Program Files\QuickTime\qttask				.exe

----a-w		   282,624 2008-01-22 00:20:50  C:\Program Files\QuickTime\qttask			   .exe

----a-w		   282,624 2008-01-22 00:19:59  C:\Program Files\QuickTime\qttask			  .exe

----a-w		   282,624 2008-01-22 00:29:46  C:\Program Files\QuickTime\qttask			 .exe

----a-w		   282,624 2008-01-22 00:31:59  C:\Program Files\QuickTime\qttask			.exe

----a-w		   282,624 2008-01-22 00:05:14  C:\Program Files\QuickTime\qttask		   .exe

----a-w		   282,624 2008-01-22 00:04:40  C:\Program Files\QuickTime\qttask		  .exe

----a-w		   282,624 2008-01-22 00:04:38  C:\Program Files\QuickTime\qttask		 .exe

----a-w		   282,624 2008-01-22 00:04:34  C:\Program Files\QuickTime\qttask		.exe

----a-w		   282,624 2008-01-22 00:04:23  C:\Program Files\QuickTime\qttask	   .exe

----a-w		   282,624 2008-01-22 00:04:26  C:\Program Files\QuickTime\qttask	  .exe

----a-w		   282,624 2008-01-22 00:31:39  C:\Program Files\QuickTime\qttask	 .exe

----a-w		   282,624 2008-01-22 00:13:47  C:\Program Files\QuickTime\qttask	.exe

----a-w		   282,624 2008-01-22 00:13:32  C:\Program Files\QuickTime\qttask   .exe

----a-w		   282,624 2008-01-22 00:05:20  C:\Program Files\QuickTime\qttask  .exe

----a-w		   282,624 2008-01-22 00:05:22  C:\Program Files\QuickTime\qttask .exe

----a-w		 1,544,192 2008-01-17 02:23:58  C:\Program Files\support.com\bin\tgcmd .exe

----a-w				 0 2008-01-15 02:06:56  C:\Program Files\SymNetDrv\SNDMon .exe

----a-w		 5,367,664 2008-01-21 19:26:54  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe

----a-w		   212,992 2008-01-13 23:20:20  C:\WINDOWS\SMINST\RECGUARD .EXE

----a-w			52,736 2008-01-17 02:23:51  C:\WINDOWS\system\hpsysdrv .exe

----a-w		   155,648 2008-01-15 02:07:15  C:\WINDOWS\system32\NeroCheck .exe



 Entries:			   61  (61)

 Directories:			0  Files:			61

 Bytes:		 22,917,960  Blocks:	   44,766

  • 0

#58
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as Log.txt (Overwrite the existing one)
  • Change the Save as Type to All Files
  • and Save it on the desktop
C:\hp\KBD\KBD .EXE
C:\Program Files\AIM\aim .exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv .exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\QuickTime\qttask											.exe
C:\Program Files\QuickTime\qttask										   .exe
C:\Program Files\QuickTime\qttask										  .exe
C:\Program Files\QuickTime\qttask										 .exe
C:\Program Files\QuickTime\qttask										.exe
C:\Program Files\QuickTime\qttask									   .exe
C:\Program Files\QuickTime\qttask									  .exe
C:\Program Files\QuickTime\qttask									 .exe
C:\Program Files\QuickTime\qttask									.exe
C:\Program Files\QuickTime\qttask								   .exe
C:\Program Files\QuickTime\qttask								  .exe
C:\Program Files\QuickTime\qttask								 .exe
C:\Program Files\QuickTime\qttask								.exe
C:\Program Files\QuickTime\qttask							  .exe
C:\Program Files\QuickTime\qttask							 .exe
C:\Program Files\QuickTime\qttask							.exe
C:\Program Files\QuickTime\qttask						   .exe
C:\Program Files\QuickTime\qttask						  .exe
C:\Program Files\QuickTime\qttask						 .exe
C:\Program Files\QuickTime\qttask						.exe
C:\Program Files\QuickTime\qttask					   .exe
C:\Program Files\QuickTime\qttask					  .exe
C:\Program Files\QuickTime\qttask					 .exe
C:\Program Files\QuickTime\qttask					.exe
C:\Program Files\QuickTime\qttask				   .exe
C:\Program Files\QuickTime\qttask				  .exe
C:\Program Files\QuickTime\qttask				 .exe
C:\Program Files\QuickTime\qttask				.exe
C:\Program Files\QuickTime\qttask			   .exe
C:\Program Files\QuickTime\qttask			  .exe
C:\Program Files\QuickTime\qttask			 .exe
C:\Program Files\QuickTime\qttask			.exe
C:\Program Files\QuickTime\qttask		   .exe
C:\Program Files\QuickTime\qttask		  .exe
C:\Program Files\QuickTime\qttask		 .exe
C:\Program Files\QuickTime\qttask		.exe
C:\Program Files\QuickTime\qttask	   .exe
C:\Program Files\QuickTime\qttask	  .exe
C:\Program Files\QuickTime\qttask	 .exe
C:\Program Files\QuickTime\qttask	.exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\support.com\bin\tgcmd .exe
C:\Program Files\SymNetDrv\SNDMon .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\system\hpsysdrv .exe
C:\WINDOWS\system32\NeroCheck .exe

Posted Image


Refering to the picture above, drag Log.txt into RenV.exe and post the resulting report to your reply.
  • 0

#59
rich06

rich06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Ran on Fri 05/16/2008 - 19:29:00.09



------w			59,040 2008-01-14 00:47:01  C:\Program Files\Common Files\Symantec Shared\ccApp .exe

------w			69,632 2008-01-15 02:07:11  C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe

----a-w		   282,624 2008-01-22 00:31:51  C:\Program Files\QuickTime\qttask										 .exe



 Entries:				3  (3)

 Directories:			0  Files:			 3

 Bytes:			411,296  Blocks:		  804

  • 0

#60
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as Log.txt (Overwrite the existing one)
  • Change the Save as Type to All Files
  • and Save it on the desktop
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
C:\Program Files\QuickTime\qttask										 .exe

Posted Image


Refering to the picture above, drag Log.txt into RenV.exe and post the resulting report to your reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP