Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Icons Flashing On And Off


  • This topic is locked This topic is locked
2 replies to this topic

#1 Blackcat1

Blackcat1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 11 May 2008 - 09:08 PM

icons flashinf on and off
hijack log
Deckard's System Scanner v20071014.68
Run by Carla on 2008-05-11 21:39:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2008-05-12 01:39:43 UTC - RP114 - Deckard's System Scanner Restore Point
24: 2008-05-10 03:11:43 UTC - RP113 - DoctorRegCleaner5/9/200811:11:35 PM
23: 2008-05-10 03:05:04 UTC - RP112 - DoctorWinOptimizer5/9/2008 11:04:57 PM
22: 2008-05-10 02:55:25 UTC - RP111 - Installed MsiXray
21: 2008-05-09 23:26:48 UTC - RP110 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-08 01:15:46 UTC - RP90 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-11 21:43:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Carla\Local Settings\Temporary Internet Files\Content.IE5\E2J2YO86\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace.com/index.cfm?fuseacti...DD8E51639244256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3418A0B6-175A-45C6-A1FF-3ACD1DC2D798} - C:\WINDOWS\system32\qoMfeBrq.dll
O2 - BHO: (no name) - {36C4C99C-4FDB-4DA0-BC3D-F70184856B9F} - C:\WINDOWS\system32\fccbXPGa.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\qoMghfCT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: (no name) - {B04CAF6E-BF56-4FDF-B8FF-3191B1FDB95F} - C:\WINDOWS\system32\byXoonNe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE" /FU "C:\WINDOWS\TEMP\E_S65F.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: qoMghfCT - C:\WINDOWS\system32\qoMghfCT.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe


--
End of file - 11108 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SAMFILT - c:\windows\system32\drivers\samfilt.sys <Not Verified; Dolphin, Inc.; Dolphin Keyboard Filter>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S2 aswFsBlk - c:\windows\system32\drivers\aswfsblk.sys (file missing)
S3 SVRPEDRV - c:\sysprep\pedrv.sys (file missing)
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>

S4 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
S4 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-11 21:33:03 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-09 09:00:00 280 --a------ C:\WINDOWS\Tasks\My Google Gadgets.job


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 21:36:31 320 --ahs---- C:\WINDOWS\system32\aGPXbccf.ini2
2008-05-11 21:36:28 316112 --a------ C:\WINDOWS\system32\fccbXPGa.dll
2008-05-10 23:55:59 7562 --ahs---- C:\WINDOWS\system32\eNnooXyb.ini2
2008-05-10 23:55:57 316128 --a------ C:\WINDOWS\system32\byXoonNe.dll
2008-05-10 23:49:32 0 d-------- C:\WINDOWS\CSC
2008-05-09 23:57:20 0 d-------- C:\Program Files\Piolet
2008-05-09 23:54:05 316096 --a------ C:\WINDOWS\system32\mlJYqPgg.dll
2008-05-09 23:11:44 0 d-------- C:\Documents and Settings\Carla\Application Data\RetinaX
2008-05-09 22:59:58 0 d-------- C:\Documents and Settings\Carla\Application DataRetinax
2008-05-09 22:57:25 0 d-------- C:\Program Files\PC Health Optimizer2
2008-05-09 22:55:53 0 d-------- C:\Program Files\Common Files\MSI Tools
2008-05-09 22:55:52 0 d-------- C:\Program Files\Winok
2008-05-09 22:47:53 0 d-------- C:\Program Files\Mgtweak
2008-05-09 22:47:36 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-09 22:11:59 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-05-09 19:48:19 0 d-------- C:\nVidia Display.temp
2008-05-08 22:31:20 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-08 21:36:25 0 d-------- C:\Program Files\PC Tune-Up
2008-05-08 19:32:45 0 d-------- C:\Program Files\Lavasoft
2008-05-08 19:32:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 19:31:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 19:26:34 0 d-------- C:\Program Files\Windows Defender
2008-05-08 11:16:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 10:09:49 14250 --ahs---- C:\WINDOWS\system32\qrBefMoq.ini2
2008-05-08 10:09:42 316128 --a------ C:\WINDOWS\system32\qoMfeBrq.dll
2008-05-07 21:10:21 27264 --a------ C:\WINDOWS\system32\qoMghfCT.dll
2008-05-07 11:55:08 0 d-------- C:\Program Files\Alwil Software


-- Find3M Report ---------------------------------------------------------------

2008-05-09 23:49:00 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-09 23:05:25 0 d-------- C:\Program Files\SpyDawn(2)
2008-05-09 23:05:23 0 d-------- C:\Program Files\Digital Photo Navigator 1.5
2008-05-09 23:05:14 0 d-------- C:\Documents and Settings\Carla\Application Data\Skype
2008-05-09 22:55:53 0 d-------- C:\Program Files\Common Files
2008-05-09 02:20:47 0 d-------- C:\Program Files\ShoppingReport
2008-05-07 13:19:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-16 09:35:00 40960 --a------ C:\WINDOWS\system32\WinokBmk.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3418A0B6-175A-45C6-A1FF-3ACD1DC2D798}]
05/08/2008 10:09 AM 316128 --a------ C:\WINDOWS\system32\qoMfeBrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36C4C99C-4FDB-4DA0-BC3D-F70184856B9F}]
05/11/2008 09:36 PM 316112 --a------ C:\WINDOWS\system32\fccbXPGa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
05/07/2008 09:10 PM 27264 --a------ C:\WINDOWS\system32\qoMghfCT.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B04CAF6E-BF56-4FDF-B8FF-3191B1FDB95F}]
05/10/2008 11:55 PM 316128 --a------ C:\WINDOWS\system32\byXoonNe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/16/2005 04:32 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 01:55 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 01:52 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 01:55 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 05:56 PM]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 06:02 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/16/2005 04:34 AM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [08/18/2004 07:37 AM]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [11/30/2005 04:25 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/05/2005 04:37 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [11/28/2005 03:41 PM]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 08:13 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/12/2004 01:38 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 03:18 PM]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [11/22/2006 10:10 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"EPSON PictureMate PM 240"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.exe" [05/19/2006 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/28/2004 10:31:38 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/28/2004 11:06:36 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/18/1999 12:05:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\qoMghfCT.dll [05/07/2008 09:10 PM 27264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMghfCT]
qoMghfCT.dll 05/07/2008 09:10 PM 27264 C:\WINDOWS\system32\qoMghfCT.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccbXPGa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\DLACTRLW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DVD-RAM_Service"=2 (0x2)
"CFSvcs"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-05-11 21:44:37 ------------

BC AdBot (Login to Remove)

 


m

#2 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 20 May 2008 - 08:10 PM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

Sorry for the wait, more infected computers than we can handle on a timely basis. You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
This can be a tough infection to remove so do not expect fast or easy. If you still need help I will do all I can if you will do this:

The directions to download DSS where not followed resulting in it being located in a unsafe Temporary Internet Files folder, we may need to download it again later. I need a new HJT log, follow these directions:

Download Trend Micro Hijack This™
http://download.bleepingcomputer.com/hijac.../HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply using Add Reply

If you no longer need help, post to let me know so I can close your topic.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 27 May 2008 - 05:29 PM

There has been no response to this topic in a week
This topic is closed
Thanks...pskelley
BleepingComputer
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users