WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed]Hjt Log, Computer Runs Slow

Started by Larry70454 , Jul 15 2007 12:31 PM

This topic is locked

5 replies to this topic

#1 Larry70454

New Member

New Member
3 posts

Posted 15 July 2007 - 12:31 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:29:36 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\solarSoft\Madesafe\ControlPad.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\jxiashdA.exe
C:\windows\system32\nkdsregl.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [madeSafe ControlPad] C:\Program Files\solarSoft\Madesafe\ControlPad.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jxiashdA] C:\WINDOWS\jxiashdA.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\rnmwgcdo.dll",forkonce
O4 - HKLM\..\Run: [{24-45-54-48-ZN}] C:\windows\system32\nkdsregl.exe SKY009
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [D2C] C:\Documents and Settings\Mark\My Documents\JMAlert.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZUxdm082YYUS
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1184459995046
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Advertisements

Register to Remove

#2 Trevuren

Teacher Emeritus

Authentic Member
8,632 posts

Interests:Woodworking

Posted 15 July 2007 - 08:54 PM

Hello Larry70454 and welcome to the TomCoyote Forums

My name is Trevuren and I will be helping you with your problem.

1. Some trojans have a way of masking their presence from the HijackThis program when they recognize the name. I think that this is the case here because there are no 02 or 020 entries visible in your log.

Please locate the following file on your desktop: HijackThis.exe
Next, right click on the file and from the popup menu that appears, choose the RENAME option and rename the file Killer.exe.

From now on, when I ask you to start HijackThis, just click on the Killer.exe file.

2. Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

3. Download ComboFix from Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

4. Reports/Logs to post:

VundoFix.txt
ComboFix.txt
HijackThis log

Microsoft MVP Consumer Security 2008 - 2009

Proud graduate of TC/WTT Classroom

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#3 Larry70454

New Member

New Member
3 posts

Posted 18 July 2007 - 03:42 PM

Sorry I am taking so long to reply. This is not my computer, I am helping a friend. Anyway, he said he doesn't know how to rename the hijackthis.exe so I'll just have to pass on that one.

He sent back the first log though, ComboFix. He should be sending the VundoFix any time now I'll edit the post when he does.

2007-07-18 16:04:51 - ComboFix 07-07-19.3 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\awtromn.dll
C:\WINDOWS\system32\bybumyow.dll
C:\WINDOWS\system32\eifjgvbt.dll
C:\WINDOWS\system32\hojigkbk.dll
C:\WINDOWS\system32\jkkiggd.dll
C:\WINDOWS\system32\jkqrwbac.dll
C:\WINDOWS\system32\jrgxfxfp.dll
C:\WINDOWS\system32\ltgblbly.dll
C:\WINDOWS\system32\qgknkhgy.dll
C:\WINDOWS\system32\rwaiwnmx.dll
C:\WINDOWS\system32\ahykhmgc.exe
C:\WINDOWS\system32\asshcymg.exe
C:\WINDOWS\system32\bdxhdsxk.exe
C:\WINDOWS\system32\enkdygpu.exe
C:\WINDOWS\system32\gmuwxeju.exe
C:\WINDOWS\system32\gsipjtka.exe
C:\WINDOWS\system32\hhidcmnd.exe
C:\WINDOWS\system32\ivnsasua.exe
C:\WINDOWS\system32\jbrxcwbm.exe
C:\WINDOWS\system32\kipixdgd.exe
C:\WINDOWS\system32\kitcxrrm.exe
C:\WINDOWS\system32\lvnhnegr.exe
C:\WINDOWS\system32\nbayxaso.exe
C:\WINDOWS\system32\nsmounde.exe
C:\WINDOWS\system32\oeaxamly.exe
C:\WINDOWS\system32\orhwvfsa.exe
C:\WINDOWS\system32\owpvpwxy.exe
C:\WINDOWS\system32\pirigfke.exe
C:\WINDOWS\system32\qovgpcvp.exe
C:\WINDOWS\system32\rnervdpg.exe
C:\WINDOWS\system32\ryshkbub.exe
C:\WINDOWS\system32\tlbuuwbo.exe
C:\WINDOWS\system32\unctwctq.exe
C:\WINDOWS\system32\urqowxgw.exe
C:\WINDOWS\system32\wdgylnxa.exe
C:\WINDOWS\system32\woupqcgl.exe
C:\WINDOWS\system32\aagfgobp.dll
C:\WINDOWS\system32\ajturlhc.dll
C:\WINDOWS\system32\aruqmegt.dll
C:\WINDOWS\system32\cjvdueyt.dll
C:\WINDOWS\system32\ewatmwau.dll
C:\WINDOWS\system32\gdcwuumb.dll
C:\WINDOWS\system32\hnfdawyo.dll
C:\WINDOWS\system32\nbcvusbq.dll
C:\WINDOWS\system32\oiwtamht.dll
C:\WINDOWS\system32\pcedvstl.dll
C:\WINDOWS\system32\pduccqek.dll
C:\WINDOWS\system32\qfwugsbg.dll
C:\WINDOWS\system32\rrshdpdc.dll
C:\WINDOWS\system32\sdfmqhch.dll
C:\WINDOWS\system32\tgaqmqig.dll
C:\WINDOWS\system32\tshskgqg.dll
C:\WINDOWS\system32\ubdyqygw.dll
C:\WINDOWS\system32\uchkdkax.dll
C:\WINDOWS\system32\uxtljioh.dll
C:\WINDOWS\system32\wfkwwlcr.dll
C:\WINDOWS\system32\wgumvhgr.dll
C:\WINDOWS\system32\xadpfujy.dll
C:\WINDOWS\system32\xnntxhif.dll
C:\WINDOWS\system32\xwuhupyj.dll
C:\WINDOWS\system32\awtromn.dll
C:\WINDOWS\system32\jkkiggd.dll
C:\WINDOWS\system32\woymubyb.ini
C:\WINDOWS\system32\tbvgjfie.ini
C:\WINDOWS\system32\kbkgijoh.ini
C:\WINDOWS\system32\cabwrqkj.ini
C:\WINDOWS\system32\pfxfxgrj.ini
C:\WINDOWS\system32\ylblbgtl.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\yghknkgq.ini
C:\WINDOWS\system32\xmnwiawr.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\khfcyax.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\khfcyax.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images9E42CE0.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images9E5B8DF.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images9E5E128.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images9E5EA9E.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images9E5F23F.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images9E5F684.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images9E605E6.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images9E61056.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images9E61BFE.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images9E62739.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images9E634B6.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\Messenger\lafune.dll
C:\Program Files\Messenger\lafune121.dll
C:\Program Files\Messenger\lafune939.dll
C:\Program Files\Messenger\lafune947.dll
C:\Program Files\Messenger\lafune950.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\Windows Media Player\hose83122.dll
C:\temp\tn3
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\system32\asskadhq.exe
C:\WINDOWS\system32\bqahpwbn.exe
C:\WINDOWS\system32\bsbbpirs.exe
C:\WINDOWS\system32\chprqnir.exe
C:\WINDOWS\system32\cpuujiht.exe
C:\WINDOWS\system32\critpvyk.exe
C:\WINDOWS\system32\crvrymxa.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\dvavatqu.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\egtdqtwb.exe
C:\WINDOWS\system32\fhoatsdb.exe
C:\WINDOWS\system32\flodmkhj.exe
C:\WINDOWS\system32\fmotqegq.exe
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\fydtdhjl.exe
C:\WINDOWS\system32\gpruichl.exe
C:\WINDOWS\system32\hrccfmls.exe
C:\WINDOWS\system32\icmjxmyu.exe
C:\WINDOWS\system32\isdxypwu.exe
C:\WINDOWS\system32\iuakgsrc.exe
C:\WINDOWS\system32\jkpksmbx.exe
C:\WINDOWS\system32\krviryem.exe
C:\WINDOWS\system32\kupirgby.exe
C:\WINDOWS\system32\kybeiivy.exe
C:\WINDOWS\system32\lhgquayw.exe
C:\WINDOWS\system32\ltmcqihu.exe
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mgmuleys.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\musiumim.exe
C:\WINDOWS\system32\nkdsregl.exe
C:\WINDOWS\system32\ntrnybnp.exe
C:\WINDOWS\system32\ojqrnnyc.exe
C:\WINDOWS\system32\owratamv.exe
C:\WINDOWS\system32\phfbqedb.exe
C:\WINDOWS\system32\ppybatfo.exe
C:\WINDOWS\system32\qbbvlwwk.exe
C:\WINDOWS\system32\qgwoblki.exe
C:\WINDOWS\system32\rwihsvrq.exe
C:\WINDOWS\system32\spxfkidu.exe
C:\WINDOWS\system32\ssdsbpej.exe
C:\WINDOWS\system32\tdiyaspa.exe
C:\WINDOWS\system32\tleddhjy.exe
C:\WINDOWS\system32\tnrdnypk.exe
C:\WINDOWS\system32\uappcupn.exe
C:\WINDOWS\system32\ufdjfpgv.exe
C:\WINDOWS\system32\veajdbrg.exe
C:\WINDOWS\system32\vebspdim.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\xmidfdqa.exe
C:\WINDOWS\system32\ydyslqha.exe
C:\WINDOWS\system32\yflhmnov.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE
-------\LEGACY_NWSAPAGENT
-------\core
-------\NwSapAgent

((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))

2007-07-18 16:03 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-16 21:33 192,622 --a------ C:\WINDOWS\system32\qwinlodt.exe
2007-07-16 20:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
2007-07-16 20:46 <DIR> d-------- C:\Program Files\eBay
2007-07-16 20:46 <DIR> d-------- C:\DOCUME~1\Mark\APPLIC~1\InstallShield
2007-07-16 19:51 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-15 14:12 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-15 12:13 5,258 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-15 09:15 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-14 20:18 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-07-14 19:45 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-07-14 16:13 636,352 -r-hs---- C:\WINDOWS\jxiashdA.exe
2007-07-14 16:12 <DIR> d-------- C:\WINDOWS\system32\B5
2007-07-14 16:12 <DIR> d-------- C:\WINDOWS\system32\B4
2007-07-14 16:12 <DIR> d-------- C:\WINDOWS\system32\B2
2007-07-14 16:12 <DIR> d-------- C:\WINDOWS\system32\B1
2007-07-14 16:12 <DIR> d-------- C:\WINDOWS\system32\B0
2007-07-14 16:12 <DIR> d-------- C:\TEMPc2
2007-07-14 16:11 <DIR> d-------- C:\WINDOWS\system32\b02FdUe
2007-07-14 16:11 <DIR> d-------- C:\TEMP\brr
2007-07-05 16:31 <DIR> d-------- C:\Program Files\iPod
2007-07-05 16:30 <DIR> d-------- C:\Program Files\iTunes
2007-07-05 16:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-05 16:25 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-05 16:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-27 18:14 <DIR> d-------- C:\Program Files\Error Expert
2007-06-23 08:03 <DIR> d-------- C:\Program Files\Instant Buzz
2007-06-22 14:27 <DIR> d-------- C:\Program Files\Common Files\Bcgsoft
2007-06-22 14:26 <DIR> d-------- C:\Program Files\Awasu

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 21:17:40 -------- d-----w C:\Program Files\Messenger
2007-07-17 01:46:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-16 23:33:29 -------- d-----w C:\Program Files\Common Files\aolshare
2007-07-16 01:19:34 -------- d-----w C:\Program Files\InterBay Marketing Guide
2007-07-14 22:29:32 -------- d-----w C:\Program Files\ebooklibrarian
2007-07-14 22:07:24 -------- d-----w C:\Program Files\Badder Adder
2007-06-17 21:02:45 278,448 ----a-w C:\WINDOWS\ilib31ht.dll
2007-06-16 19:09:21 -------- d-----w C:\Program Files\Apense Express
2007-06-08 07:03:34 -------- d-----w C:\Program Files\Article Submitter
2007-06-06 16:36:48 0 ----a-w C:\WINDOWS\brdfxspd.dat
2007-05-29 21:36:52 7,842 ----a-w C:\WINDOWS\extend.dat
2007-05-29 12:46:04 -------- d-----w C:\Program Files\Cosmi
2007-05-29 12:40:26 -------- d-----w C:\Program Files\SendBlaster
2007-05-23 11:33:23 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-19 17:02:53 -------- d-----w C:\Program Files\QuickTime
2007-05-19 16:59:20 -------- d-----w C:\Program Files\Apple Software Update
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2005-04-25 22:10:58 1,717 ----a-w C:\Program Files\INSTALL.LOG
2001-09-28 23:00:28 164,864 ----a-w C:\Program Files\UNWISE.EXE

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 20:14]
"@"="" []
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 17:43]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 18:46]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-07-07 18:25]
"NDSTray.exe"="NDSTray.exe" []
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 17:14]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 16:47]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 15:45]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 18:23]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 23:10]
"Pinger"="C:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 16:35]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 12:16]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 12:34]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-21 14:26]
"madeSafe ControlPad"="C:\Program Files\solarSoft\Madesafe\ControlPad.exe" [2004-08-27 13:45]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"D2C"="C:\Documents and Settings\Mark\My Documents\JMAlert.exe" [2006-06-11 20:12]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 19:45]

C:\DOCUME~1\Mark\STARTM~1\Programs\Startup
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 03:00:00]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-17 03:00:00]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-19 18:18:56]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2004-12-19 20:57:39]

Contents of the 'Scheduled Tasks' folder
2007-07-05 21:13:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 16:29:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000014b

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 16:32:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-18 16:31

--- E O F ---

#4 Trevuren

Teacher Emeritus

Authentic Member
8,632 posts

Interests:Woodworking

Posted 18 July 2007 - 06:00 PM

Anyway, he said he doesn't know how to rename the hijackthis.exe so I'll just have to pass on that one.

I provided directions in my first post, did you not relay them? This is important as it is hiding malware related registry entries.

Edited by Trevuren, 18 July 2007 - 06:01 PM.

Microsoft MVP Consumer Security 2008 - 2009

Proud graduate of TC/WTT Classroom

#5 Trevuren

Teacher Emeritus

Authentic Member
8,632 posts

Interests:Woodworking

Posted 24 July 2007 - 09:18 PM

I hope you are well and not experiencing any difficulties carrying out my last set of instructions. If you are, do not hesitate to ask for further explanations. If however, your problem has been solved or you no longer require our assistance, please advise us accordingly and we will archive your topic.

Trevuren

Microsoft MVP Consumer Security 2008 - 2009

Proud graduate of TC/WTT Classroom

#6 Trevuren

Teacher Emeritus

Authentic Member
8,632 posts

Interests:Woodworking

Posted 02 August 2007 - 07:20 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Microsoft MVP Consumer Security 2008 - 2009

Proud graduate of TC/WTT Classroom

Body Background

skin color theme