MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Slow start-up, please help (HJT log)
April 06, 2020, 05:04:07 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 06, 2020, 05:04:07 PM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Slow start-up, please help (HJT log)  (Read 3387 times)
favrekicksass
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 65


Bookmark and Share

View Profile
« on: April 20, 2007, 12:10:15 AM »

dont know whats going on any suggestion will be helpful here are the problems:
i get redirected on websites like yahoo when clicking on links
it takes about 3 min for my desktop to load
i click on internet explorer and my homepage is switched to google, but it will never load (cant change it, after every reboot it appears again)

here is my log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:06:19 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\mcjincap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX04.328\HiJackThis_v2.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C780502-C65B-4D79-AC43-B08C2EC18B61} - c:\windows\system32\okbbokb.dll
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mops.dll
O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - C:\WINDOWS\system\btlmct32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [mcjincap] C:\WINDOWS\system32\mcjincap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [mcjincap] C:\WINDOWS\system32\mcjincap.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O4 - Global Startup: ReSchedHPSU.lnk = C:\hp\bin\CLOAKER.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: yzewtjgj - C:\WINDOWS\SYSTEM32\okbbokb.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - c:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7266 bytes
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #1 on: April 21, 2007, 05:49:39 AM »

Hello,

Run HijackThis and check the following:

O2 - BHO: (no name) - {1C780502-C65B-4D79-AC43-B08C2EC18B61} - c:\windows\system32\okbbokb.dll
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mops.dll
O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - C:\WINDOWS\system\btlmct32.dll (file missing)

Click FIX CHECKED

Download ATF (Atribune Temp File) Cleaner
Logged

Steve
favrekicksass
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 65


Bookmark and Share

View Profile
« Reply #2 on: April 30, 2007, 09:41:25 PM »

computer wont shut down at all now :-( here is AVG log


 + Created at:   10:26:03 AM 4/29/2007

 + Scan result:   



C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014999.dll -> Adware.Webdir : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014982.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014983.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014984.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014985.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014986.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014987.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014988.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014989.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014990.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014991.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014992.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014981.dll -> Downloader.Busky : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP30\A0010897.dll -> Downloader.ConHook : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014993.dll -> Downloader.Small.ctp : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014994.exe -> Downloader.Small.dam : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014997.exe -> Hijacker.Small : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014998.exe -> Hijacker.Spywad.o : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP30\A0010896.dll -> Logger.Agent.ir : No action taken.
C:\WINDOWS\system32\jyrmpuwr.exe -> Logger.Agent.ir : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014995.exe -> Proxy.Delf.be : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\WINDOWS\system32\pldloaaa.exe -> Trojan.GoldSpy : No action taken.
C:\WINDOWS\system32\abhaaaaa.exe -> Trojan.Tanspy : No action taken.
C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP31\A0014996.exe -> Trojan.Zapchast.ca : No action taken.


HI jack log

Logfile of HijackThis v1.99.1
Scan saved at 5:41:20 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\mcjincap.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C780502-C65B-4D79-AC43-B08C2EC18B61} - c:\windows\system32\okbbokb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [mcjincap] C:\WINDOWS\system32\mcjincap.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [mcjincap] C:\WINDOWS\system32\mcjincap.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O4 - Global Startup: ReSchedHPSU.lnk = C:\hp\bin\CLOAKER.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: yzewtjgj - C:\WINDOWS\SYSTEM32\okbbokb.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - c:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #3 on: April 30, 2007, 11:00:15 PM »

Please download FindAWF:
http://noahdfear.geekstogo.com/FindAWF.exe

Save the file to the Desktop
Double-click: FindAWF.exe

If a Security Alert shows, allow the program to run.

When done, a text file awf.txt is produced.

Please post it in your reply.
Logged

Steve
favrekicksass
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 65


Bookmark and Share

View Profile
« Reply #4 on: May 01, 2007, 07:20:52 PM »

thank you for all your help so far
 
Find AWF report by noahdfear
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #5 on: May 02, 2007, 04:52:27 PM »

Download The Avenger by Swandog46, and save it to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop2.
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:
Files to delete:

C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wltray.exe

Files to move:

C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\hkcmd.exe | C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\bak\igfxpers.exe | C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\bak\igfxtray.exe | C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\bak\wltray.exe | C:\WINDOWS\system32\wltray.exe


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger
Logged

Steve
favrekicksass
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 65


Bookmark and Share

View Profile
« Reply #6 on: May 03, 2007, 09:22:11 PM »

here is the log, now when i click a link or open IE, i get a windows installer box, and it says its installing microsoft office

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jmtxxlbe

*******************

Script file located at: \??\C:\Program Files\ffhptvgk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\ctfmon.exe not found!
Deletion of file C:\WINDOWS\system32\ctfmon.exe failed!

Could not process line:
C:\WINDOWS\system32\ctfmon.exe
Status: 0xc0000034



File C:\WINDOWS\system32\hkcmd.exe not found!
Deletion of file C:\WINDOWS\system32\hkcmd.exe failed!

Could not process line:
C:\WINDOWS\system32\hkcmd.exe
Status: 0xc0000034



File C:\WINDOWS\system32\igfxpers.exe not found!
Deletion of file C:\WINDOWS\system32\igfxpers.exe failed!

Could not process line:
C:\WINDOWS\system32\igfxpers.exe
Status: 0xc0000034



File C:\WINDOWS\system32\igfxtray.exe not found!
Deletion of file C:\WINDOWS\system32\igfxtray.exe failed!

Could not process line:
C:\WINDOWS\system32\igfxtray.exe
Status: 0xc0000034



File C:\WINDOWS\system32\wltray.exe not found!
Deletion of file C:\WINDOWS\system32\wltray.exe failed!

Could not process line:
C:\WINDOWS\system32\wltray.exe
Status: 0xc0000034



File C:\WINDOWS\system32\bak\ctfmon.exe not found!
File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe
Status: 0xc0000034



File C:\WINDOWS\system32\bak\hkcmd.exe not found!
File move operation C:\WINDOWS\system32\bak\hkcmd.exe|C:\WINDOWS\system32\hkcmd.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\hkcmd.exe|C:\WINDOWS\system32\hkcmd.exe
Status: 0xc0000034



File C:\WINDOWS\system32\bak\igfxpers.exe not found!
File move operation C:\WINDOWS\system32\bak\igfxpers.exe|C:\WINDOWS\system32\igfxpers.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\igfxpers.exe|C:\WINDOWS\system32\igfxpers.exe
Status: 0xc0000034



File C:\WINDOWS\system32\bak\igfxtray.exe not found!
File move operation C:\WINDOWS\system32\bak\igfxtray.exe|C:\WINDOWS\system32\igfxtray.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\igfxtray.exe|C:\WINDOWS\system32\igfxtray.exe
Status: 0xc0000034



File C:\WINDOWS\system32\bak\wltray.exe not found!
File move operation C:\WINDOWS\system32\bak\wltray.exe|C:\WINDOWS\system32\wltray.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\wltray.exe|C:\WINDOWS\system32\wltray.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #7 on: May 05, 2007, 01:17:36 PM »

Let's try this:

Click START>RUN then type cmd

in the new window that opens type he following lines (except the red ones) and press <enter> after each line

cd c:\
cd c:\windows\system32\bak\
copy ctfmon.exe c:\windows\system32\
Now it should say the files exists and ask if you wan to overwrite - say YES)
exit

Please post any error messages you received (if any) and run FINDAWF again and post the log.
Logged

Steve
favrekicksass
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 65


Bookmark and Share

View Profile
« Reply #8 on: May 05, 2007, 02:40:26 PM »

it said the system could not find the file specified, here is the log, thank you


  Find AWF report by noahdfear
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #9 on: May 06, 2007, 03:48:43 PM »

Click START>RUN then type cmd

in the new window that opens type the following lines (except the red ones) and press <enter> after each line

cd c:\
cd C:\Program Files\QuickTime\bak\
copy qttask.exe C:\Program Files\QuickTime\
Now it should say the files exists and ask if you wan to overwrite - say YES)
cd c:\
cd C:\Program Files\Verizon\bak\
copy McciTrayApp.exe C:\Program Files\Verizon\
exit

Please post any error messages you received (if any) and run FINDAWF again and post the log.
« Last Edit: May 07, 2007, 11:59:25 PM by dahli » Logged

Steve
favrekicksass
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 65


Bookmark and Share

View Profile
« Reply #10 on: May 06, 2007, 11:08:29 PM »

it tells me that the syntax of the command is incorrect
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #11 on: May 08, 2007, 12:13:46 AM »

Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'


Go to My Computer and browse to the following folder:
C:\Program Files\Verizon\bak\
Inside the BAK folder is a file named McciTrayApp.exe
Right click it with your mouse and choose Cut
The go back to the main folder, C:\Program Files\Verizon\
Click the background with your mouse, choose Paste
Now you should have the McciTrayApp.exe file in the C:\Program Files\Verizon\ folder.
Now go ahead and delete the BAK folder

C:\Program Files\QuickTime\bak\
Inside the BAK folder are files named qttask.exe
Select the files with you mouse, right click it with your mouse and choose Cut
The go back to the main folder, C:\Program Files\QuickTime\
Click the background with your mouse, choose Paste
Now you should have the qttask.exe file in the C:\Program Files\QuickTime\ folder
Now go ahead and delete the BAK folder



1.) Please download  DelDomains by WinHelp2002 and save it to your desktop:
Right-click on DelDomains.inf, and choose Install.
You may not see any noticeable changes or prompts; this is normal.
Then, please restart your computer.
You will have to re-immunize with SpywareBlaster, IE-SPYAD, and/or Spybot - Search & Destroy after doing this.

2.) Please download ResetProtocolDefaults by WinHelp2002 and save it to your desktop:
Locate ResetProtocolDefaults.reg which should be on your desktop.
Right-click and select: Merge.
OK the prompt.

Reboot your computer

Run FindAWF again,  post the log and we will see how it looks.[/quote]
Logged

Steve
favrekicksass
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 65


Bookmark and Share

View Profile
« Reply #12 on: May 08, 2007, 10:09:38 PM »

here is the new AWF log


  Find AWF report by noahdfear
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #13 on: May 10, 2007, 11:23:22 PM »

How is your system running now?
Logged

Steve
favrekicksass
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 65


Bookmark and Share

View Profile
« Reply #14 on: May 12, 2007, 03:20:52 AM »

better, but still a real slow start up, like 2 min before anything on the desktop will load

also ill run CleanUp and it causes problems, says svchost.exe fails and gives me winlogon32 faulire and runtime errors, eventually casuing comp to crash
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page February 17, 2020, 03:34:41 PM