Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I don't know what I have[RESOLVED]


  • This topic is locked This topic is locked

#61
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:49 PM, on 3/27/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPSMain.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...ck/bjattack.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141762598718
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.ritea...PhotoOnline.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinn...v45/wof/wof.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8781 bytes
  • 0

Advertisements


#62
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Well your log is showing clean, but I am a bit concerned about the red cross next to your C: drive, so I would like you to take a picture of it, so I can see exactly what you mean.

Please download MWSnap from here or here
  • Double click MWSnap300.exe to run the installation, and follow the prompts to complete installation.
  • Once installed there will be a Camera icon on your desktop, double click it to run the program.
  • Now bring up the error you are telling me about, then go to the MWSnap window.
  • Click Any rect. area, then click the Snap any area button.
  • Your mouse cursor will change to a cross, and the MWSnap window will disappear.
  • Left click, and drag your mouse over the error area
  • A dotted line will show what MWSnap is going to take a shot of.
  • Left click again to complete the snapshot.
  • In the MWSnap window, go to File, then Save As, and save the snapshot to your desktop.
  • Attach the snapshot into your next reply.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Also let me know how your computer is running.

Regards,
RatHat
  • 0

#63
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
My computer seems to be running fine. I hope we kicked it.

Attached Files


  • 0

#64
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Can you take a larger shot so I can see what window this is being shown in. Use the Window/Menu or Full Desktop option to get me a better shot please.

Thanks,
RatHat
  • 0

#65
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OK, I haven't been able to get on lately. My computer is getting really slow again. It's taking forever to browse on the internet. I will try and get that picture to you in just a minute
  • 0

#66
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
While you are at it, download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
  • 0

#67
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
we did do this once. Did you want me to do it again?
  • 0

#68
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
The thing says the picture is too big to upload on here. Do you want me to email it to ya or something?
  • 0

#69
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Yes, it is one of the best ways to clear out any temp files that may be slowing your computer. Run it a couple of times until it tells you it has cleared 0 bytes, then see if things have sped up a bit.
  • 0

#70
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
ok, I did that until it said 0. It doesn't seem any different though. It seems like whatever I have is coming back again. When I close out screens it creates this white square for awhile. It is like the computer is stalling and can't keep up with what I am doing. It's driving me nuts.
  • 0

Advertisements


#71
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Well, lets have a look at that picture of the red cross first, then we'll go from there.
  • 0

#72
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Sorry, didn't see your earlier post. Take another one, and save it as a .jpg file. They are a lot smaller in file size.
  • 0

#73
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OK, here it is.

Attached Thumbnails

  • picture_of_red_x_2.JPG

  • 0

#74
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, can you delete any versions of Combofix that you have, then download and run a new version, and we'll see what it turns up.

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#75
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
ComboFix 08-04-03.2 - Cortney 2008-04-03 21:12:32.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.102 [GMT -6:00]Running from: C:\Documents and Settings\Cortney\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-03-30 21:04 . 2008-03-30 21:04 268 --ah----- C:\sqmdata16.sqm
2008-03-30 21:04 . 2008-03-30 21:04 244 --ah----- C:\sqmnoopt16.sqm
2008-03-30 13:05 . 2008-03-30 13:05 268 --ah----- C:\sqmdata15.sqm
2008-03-30 13:05 . 2008-03-30 13:05 244 --ah----- C:\sqmnoopt15.sqm
2008-03-29 21:39 . 2008-03-29 21:39 268 --ah----- C:\sqmdata14.sqm
2008-03-29 21:39 . 2008-03-29 21:39 244 --ah----- C:\sqmnoopt14.sqm
2008-03-28 09:58 . 2008-03-28 09:58 <DIR> d-------- C:\Program Files\MWSnap
2008-03-26 21:16 . 2008-03-26 21:19 <DIR> d-------- C:\Downloads
2008-03-26 21:10 . 2008-03-26 21:32 <DIR> d-------- C:\Kaspersky
2008-03-25 11:18 . 2008-03-26 14:21 3,550 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-25 11:17 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-25 11:17 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-25 11:17 . 2008-03-22 15:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-25 11:17 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-25 11:17 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-25 11:17 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-25 11:17 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-21 14:27 . 2008-03-21 14:27 <DIR> d-------- C:\Program Files\IZArc
2008-03-20 21:08 . 2008-03-20 21:08 <DIR> d-------- C:\fsaua.data
2008-03-20 20:13 . 2008-03-20 20:13 <DIR> d-------- C:\ComboFix(2)
2008-03-20 17:44 . 2008-03-20 17:44 <DIR> d-------- C:\Documents and Settings\Cortney\Application Data\Malwarebytes
2008-03-20 17:43 . 2008-03-20 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-20 17:41 . 2008-03-20 17:41 <DIR> d-------- C:\_OTMoveIt
2008-03-19 22:23 . 2008-03-19 22:23 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-03-14 23:36 . 2008-03-14 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-14 21:00 . 2008-03-14 22:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-14 21:00 . 2008-03-14 22:27 <DIR> d-------- C:\Documents and Settings\Cortney\Application Data\SUPERAntiSpyware.com
2008-03-14 21:00 . 2008-03-14 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-11 10:13 . 2008-04-03 21:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 10:13 . 2008-04-03 21:14 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 03:04 --------- d-----w C:\Program Files\Lx_cats
2008-03-15 03:59 --------- d-----w C:\Program Files\Trend Micro
2008-03-15 02:18 --------- d-----w C:\Program Files\Java
2008-02-22 15:51 --------- d-----w C:\Program Files\Diet Analysis Plus 8.0
2008-02-19 17:00 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-15 02:24 --------- d-----w C:\Program Files\Roguescanfix
2008-02-15 02:24 --------- d-----w C:\Program Files\Alfa & Ariss
2008-02-04 15:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 15:23 --------- d-----w C:\Program Files\Yahoo!
.

((((((((((((((((((((((((((((( [email protected]_10.59.57.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-27 21:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 21:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 22:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 21:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
- 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 14:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 14:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2000-08-31 14:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 14:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 14:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
- 2008-03-20 16:48:27 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2008-04-04 03:12:25 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2000-08-31 14:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 14:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24 65536]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 06:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 02:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 02:07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 13:20 88363 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-07-17 19:38 159744]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 20:00 126976]
"TPSMain"="TPSMain.exe" [2003-11-19 23:15 278528 C:\WINDOWS\system32\TPSMain.exe]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39 159744]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 18:16 172032]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-04-15 22:01 258048]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 12:29 40960]
"TFNF5"="TFNF5.exe" [2003-10-15 18:03 73728 C:\WINDOWS\system32\TFNF5.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-11-20 19:24 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-11-20 19:25 77824]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-03-25 07:30 57344]
"000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 12:42 69632]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-06 23:56 188416]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 10:30 65536]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 19:09 842584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 15:23:32 51776]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 23:01:04 83360]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-03-07 19:42:20 1306624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-05-26 16:17 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\System32\drivers\BsStor.sys [2002-06-06 03:07]
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-12 11:03]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-05-14 19:38]

.
Contents of the 'Scheduled Tasks' folder
"2006-12-14 07:45:35 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 21:16:51
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
.
**************************************************************************
.
Completion time: 2008-04-03 21:19:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 03:19:06
ComboFix2.txt 2008-03-21 03:06:31
ComboFix3.txt 2008-03-21 02:22:47
ComboFix4.txt 2008-03-20 17:00:39
Pre-Run: 47,409,795,072 bytes free
Post-Run: 47,399,530,496 bytes free
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP