Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plz Help...dial_agent.rjt Found


  • This topic is locked This topic is locked
9 replies to this topic

#1 frustrated_chik

frustrated_chik

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 30 August 2007 - 11:56 PM

HELP PLEEEEEEEAASEE!!! :thumbsup:

i ran trend micro anti virus yesterday and did a scan on program files which detected DIAL_AGENT.RJT on my computer, i don't remember the last time i did a virus scan so i'm not sure how long it was on my computer...i did some research and found out about dialers so i am very nervous, i use road runner cable connection to connect to the internet and the past 2 days my phone been acting kind of funny like when we try to turn it on it won't turn on and come up with a dial tone...i have ran ewido online scan, webroot spysweeper, and trend-micro housecall which i don't know how to read housecalls program so i'm not sure if it removed anything off my computer...

Here's today's log of hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:13:04 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 31 August 2007 - 10:06 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum frustrated_chik
My name is Richie and i'll be helping you to fix your problems.

You now have Norton Internet Security and Trend Micro\Antivirus installed.
Its definitely not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one of them now,then restart your pc.

If you decide to uninstall Norton,if there’s no uninstaller available in Add\Remove Programs then you’’ll need to download and run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
*Please Note:*
The Norton Removal Tool will remove all Norton/Symantec products from your pc.


Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.


Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 frustrated_chik

frustrated_chik
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 02 September 2007 - 09:45 AM

thanks for the reply...the instructions you gave me was very easy to follow :thumbsup:

i had to do a system recovery today so i don't know if that will mess things up...anyway i followed the steps you gave me and did everything you told me to do...

here's my log from combofix...


ComboFix 07-08-30.3 - "Compaq_Owner" 2007-09-02 4:32:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.74 [GMT -10:00]


((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))


2007-09-02 04:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-02 02:46 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-02 02:46 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-09-02 02:46 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-02 02:46 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-02 02:46 172,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-02 02:46 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-09-02 02:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-09-02 02:44 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-09-02 02:34 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-09-02 02:34 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-09-02 02:34 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-09-02 02:34 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-09-02 02:34 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-09-02 02:34 <DIR> d-------- C:\Program Files\Webroot
2007-09-02 02:34 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-09-02 02:34 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Webroot
2007-09-02 02:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-09-02 02:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-02 02:22 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Lavasoft
2007-09-02 02:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-02 00:41 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-02 00:40 <DIR> d-------- C:\Program Files\CCleaner
2007-09-02 00:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-02 00:36 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Yahoo!
2007-09-02 00:30 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-09-02 00:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-02 00:19 <DIR> d-------- C:\$WIN_NT$.~BT
2007-09-01 21:08 164 --a------ C:\install.dat
2007-09-01 20:54 <DIR> d-------- C:\WINDOWS\pss
2007-09-01 20:50 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-01 20:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-01 20:20 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\WINDOWS
2007-09-01 20:20 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Real
2007-09-01 20:20 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Intuit
2007-09-01 20:19 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\WINDOWS
2007-09-01 20:19 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Symantec
2007-09-01 20:19 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Real
2007-09-01 20:19 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Intuit
2007-09-01 20:18 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-09-01 20:16 180 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2007-09-01 19:30 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2007-09-01 19:30 5,376 --a------ C:\WINDOWS\system32\dllcache\viaide.sys
2007-09-01 19:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
2007-09-01 19:16 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-01 19:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-01 19:13 <DIR> d-------- C:\Program Files\Google
2007-09-01 19:08 28,848 --a------ C:\WINDOWS\system32\drivers\USBkey.sys
2007-09-01 19:08 13,440 --a------ C:\WINDOWS\system32\drivers\pcdrndisuio.sys
2007-09-01 19:08 11,351 --a------ C:\WINDOWS\system32\drivers\diag69xp.sys
2007-09-01 19:08 <DIR> d-------- C:\Program Files\PC-Doctor for DOS
2007-09-01 19:08 <DIR> d-------- C:\Program Files\PC-Doctor 5 for Windows
2007-09-01 19:05 <DIR> d-------- C:\WINDOWS\HPCPCUninstall-5577497
2007-09-01 19:04 118,842 -ra------ C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
2007-09-01 19:04 0 --a------ C:\WINDOWS\viassary-hp.reg
2007-09-01 19:04 <DIR> d-a------ C:\WINDOWS\system32\pcintro
2007-09-01 19:04 <DIR> d-------- C:\Program Files\Compaq Connections
2007-09-01 19:03 667,896 --a------ C:\WINDOWS\unins000.exe
2007-09-01 19:03 45,056 --a------ C:\WINDOWS\system32\hpreg.dll
2007-09-01 19:03 40,960 --a------ C:\WINDOWS\system32\omano.dll
2007-09-01 19:03 12,992 --a------ C:\WINDOWS\system32\CHODDI.SYS
2007-09-01 19:03 1,227 --a------ C:\WINDOWS\unins000.dat
2007-09-01 19:01 1,667,072 --a------ C:\WINDOWS\system32\cdintf250.dll
2007-09-01 19:01 <DIR> d-------- C:\Program Files\Quicken
2007-09-01 19:01 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2007-09-01 19:01 <DIR> d-------- C:\Program Files\Common Files\Intuit
2007-09-01 19:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit
2007-09-01 19:00 266,240 --a------ C:\WINDOWS\system32\ShellvRTF64.dll
2007-09-01 19:00 237,568 --a------ C:\WINDOWS\system32\ShellvRTF.dll
2007-09-01 19:00 <DIR> d-a------ C:\WINDOWS\CREATOR
2007-09-01 18:59 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-09-01 18:59 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-01 18:59 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-09-01 18:58 <DIR> dr-h----- C:\MSOCache
2007-09-01 18:58 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-01 18:58 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-01 18:57 <DIR> d-------- C:\Program Files\Microsoft Works
2007-09-01 18:55 <DIR> d-------- C:\Program Files\Microsoft Money 2006
2007-09-01 18:54 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-09-01 18:54 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-09-01 18:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-09-01 18:53 <DIR> d-a------ C:\Program Files\Common Files\LightScribe
2007-09-01 18:53 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-09-01 18:52 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2007-09-01 18:48 <DIR> d-------- C:\WINDOWS\wt
2007-09-01 18:48 <DIR> d-------- C:\Program Files\WildTangent
2007-09-01 18:48 <DIR> d-------- C:\Program Files\HP Games
2007-09-01 18:47 <DIR> d-------- C:\Program Files\Sonic
2007-09-01 18:47 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-09-01 18:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-09-01 18:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-09-01 18:46 45,929 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE
2007-09-01 18:46 <DIR> d-------- C:\Program Files\Netscape
2007-09-01 18:46 <DIR> d-------- C:\Program Files\music_now
2007-09-01 18:46 <DIR> d-------- C:\Program Files\HP Rhapsody
2007-09-01 18:45 <DIR> d-------- C:\Program Files\Real
2007-09-01 18:45 <DIR> d-------- C:\Program Files\MSN Encarta Standard
2007-09-01 18:45 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-01 18:45 <DIR> d-------- C:\Program Files\Common Files\Real
2007-09-01 18:42 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-02 04:03 3092 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-01 20:50 36112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-01 20:50 203024 --a------ C:\WINDOWS\system32\drivers\TmXPFlt.sys
2007-09-01 20:50 1126328 --a------ C:\WINDOWS\system32\drivers\VSAPINT.SYS
2007-09-01 20:22 1835 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EX318AA-ABA SR1920NX NA630_YC_0Pres_QCNH623_E63NAheREA2_48_INAGAMI2L_SASUSTek Computer INC._V2.00_B3.11_T060919_WXH2_L409_M447_J200_7AMD_8Athlon 64_92.2_#070902_N_Z11C10620_G10DE0241.MRK
2007-09-01 19:49 --------- d-------- C:\Program Files\microsoft frontpage
2007-09-01 19:07 61440 --a------ C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2007-09-01 19:07 45056 --a------ C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2007-09-01 19:07 44032 --a------ C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2007-09-01 19:07 40960 --a------ C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2007-09-01 19:07 341048 --a------ C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2007-09-01 19:07 32768 --a------ C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2007-09-01 19:07 32768 --a------ C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2007-09-01 19:07 217088 --a------ C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2007-09-01 19:07 163840 --a------ C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2007-07-30 16:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 16:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 16:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 16:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 16:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 16:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 16:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 16:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 16:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-18 20:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 13:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 04:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 04:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 04:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 04:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 04:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 04:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 04:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 04:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 04:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 04:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 04:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 04:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 04:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 04:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 04:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 04:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 04:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 04:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 04:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 04:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-26 22:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-26 22:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-26 22:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-26 21:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-21 21:54 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-19 03:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 03:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 22:12 474112 --a------ C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 22:12 151040 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 22:12 1498112 --a------ C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 22:12 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 22:12 1022976 --a------ C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-13 00:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 00:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-02-19 00:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 01:54 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 18:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-01-24 16:15 C:\WINDOWS\system32\nwiz.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 12:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 12:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 16:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 20:11]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 12:51]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 12:51]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 12:50]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-06 20:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:00]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS


Contents of the 'Scheduled Tasks' folder
2007-09-02 12:39:58 C:\WINDOWS\Tasks\wrSpySweeper_L415C92A8ACE9467B861BF2CF72AEA15C.job - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 04:34:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-02 4:36:04
C:\ComboFix-quarantined-files.txt ... 2007-09-02 04:36

--- E O F ---







and here's my new hijackthislog.....



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:32 AM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [regcmdcons] "c:\hp\bin\cloaker.exe" c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6563 bytes





thanks again for taking the time to help me

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 02 September 2007 - 10:01 AM

Click on Start/Contol Panel/Add or Remove Programs and remove/uninstall the following if present,then restart your pc:
WildTangent

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Exit Hijackthis.

Find and delete:
C:\WINDOWS\wt
C:\Program Files\WildTangent

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 frustrated_chik

frustrated_chik
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 03 September 2007 - 06:51 AM

Hi,
I followed your instructions, but now i can't play my hp games anymore...what was the reason for uninstalling wild tangent, just curious...it came with my computer along with hp games console, i am confused...

My computer is not really giving me any problems, it's running pretty smoothly, it's not slow...but i have a question for you, in my startup files (START>RUN>MSCONFIG>Startup tab) i noticed a file that is blank i'm not sure but is it supposed to be that way?

I did a superantispyware scan and it didn't find anything...here's the log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/03/2007 at 01:39 AM

Application Version : 3.9.1008

Core Rules Database Version : 3298
Trace Rules Database Version: 1306

Scan type : Complete Scan
Total Scan Time : 00:59:54

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 5537
Registry threats detected : 0
File items scanned : 41990
File threats detected : 0



and here's the hijackthis log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:10 AM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.EXE
C:\Program Files\Trend Micro\Antivirus\PCCGUIDE.EXE
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [regcmdcons] "c:\hp\bin\cloaker.exe" c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8326 bytes



thank you so so so so much for your help!!!! :thumbsup:

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 03 September 2007 - 08:04 AM

About WildTangent:
http://www.spyany.com/program/article_spw_...ildTangent.html

What is Wild Tangent?
http://www.pchell.com/support/wildtangent.shtml

If you want to reinstall WildTangent,download/install the WildTangent Console:
http://www.wildtangent.com/home.html

Let me know how you get on.
Posted Image
Posted Image

#7 frustrated_chik

frustrated_chik
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 03 September 2007 - 10:48 PM

i'm not sure what you're asking...'how do i get on hp games?...if that is what you are asking, i get on hp games by going to START>ALL PROGRAMS>MY HP GAMES>HP GAME CONSOLE , then i find what game i want to play then click on download then free trial/play and then it takes me straight to the game...

i looked up on yahoo answers to see what people say about wild tangent and majority of them say that it has alot of spyware and adware so i can see why you made me delete wild tangent from my computer...

i have 2 questions for you...

my first question is, i would like to continue enjoying online games similar to the ones on hp game console so if i were to downlaod and play those games from yahoo would that be a better solution than using hp games and wild tangent???

my second question is, by looking at my hijackthis log that i previously posted does everything look ok, meaning is my computer virus, spyware, adware, malware etc. free???

and also you didn't get back to me about my question i previously posted concerning a blank file in startup.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 04 September 2007 - 08:53 AM

in my startup files (START>RUN>MSCONFIG>Startup tab) i noticed a file that is blank i'm not sure but is it supposed to be that way?

As long as the box to the left of that blank entry is unchecked the its perfectly harmless.

i would like to continue enjoying online games similar to the ones on hp game console so if i were to downlaod and play those games from yahoo would that be a better solution than using hp games and wild tangent???

Thats entirely up to you,if you would prefer carrying on using the HP Games Console you can download and reinstall it from here:
http://hp.wildgames.com/ECS/htdocs/home.aspx?DP=hpdesktop


Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\Qoobox

Download and install CCleaner:
http://www.ccleaner.com/download/builds/downloading-slim

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
*Note*
Do not use the Issues block to clean anything with this program.
It is for experts only and it is risky.

Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked.
In the Advanced section,have a check only on Old PreFetch Data.

Click on the Options block on the left.
Select Advanced.
Uncheck "Only delete files in Windows Temp folders older than 48 hours".

Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.

Run Cleaning Scan.
Click on the Cleaner block on the left.
Choose the Windows tab.
Click the Run Cleaner button.
This process could take a while.
When CCleaner shows how much has been removed,cleaning is finished.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#9 frustrated_chik

frustrated_chik
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 05 September 2007 - 07:40 PM

THANK U SOOOOOOO MUCH RichieUK... :thumbsup: u have been so helpful, u have relieved me from my concerns, and i appreciate your help to the fullest extent...



i rate my help as being a 9 out of 10...good job RichieUK

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 06 September 2007 - 06:13 AM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users