Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi


  • This topic is locked This topic is locked
1 reply to this topic

#1 heavenzayngel

heavenzayngel

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 09 June 2008 - 11:39 PM

hi my name is summer I am 29 years old, I have Windows XP Home Edition...I have used HijackThis and Combo fix...I need to know what is wrong with my computer.

I dont have any kind of Antivirus on my computer, plus I am using Charter High Speed Internet.

My computer started being and acting slow after I did a system restore and tried to download tweak pack for my computer.

I had a really good program until I lost it. I hope that the red x on my task bar stays away.

I don't know what else to do for this stupid computer, its like it has a mind of its own.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:09 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Csvnro\Csvnro.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [XPTools] C:\Program Files\XP Tools\xptools.exe /min
O4 - HKCU\..\Run: [Csvnro] C:\Program Files\Csvnro\Csvnro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5183 bytes


ComboFix 08-06-09.7 - Compaq_Owner 2008-06-09 22:54:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.187 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\Combo-fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\dtsc
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\dtsc\11480.exe
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\dtsc\s
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\dtsc\Trend Micro PC-cillin Internet Security 2006 14.1.1051-keygen.torrent
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\dtsc\Trend Micro PC-cillin Internet Security 2006 14.1.1051-keygen.zip
C:\Documents and Settings\Compaq_Owner\Application Data\YSTEM3~1
C:\Documents and Settings\Compaq_Owner\Application Data\YSTEM3~1\?ystem32\
C:\Documents and Settings\Compaq_Owner\Application Data\YSTEM3~1\rundll.exe
C:\Documents and Settings\Compaq_Owner\cftmon.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\quha.dll
C:\Program Files\Common Files\quha241.dll
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\inetget2
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\123messenger.per
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\accesss.exe
C:\WINDOWS\adgpfoxs.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\avpcc.dll
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\boot.ini
C:\WINDOWS\braviax.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\cru629.dat
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\erpobmsw.dll
C:\WINDOWS\ewfv.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\homepage.html
C:\WINDOWS\index.html
C:\WINDOWS\inetinf.exe
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\mcroso~1.net
C:\WINDOWS\megavid.cdt
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\ntnut.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\searchword.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\bn.dll
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\brwrqfxe.dll
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\system32\exfqrwrb.ini
C:\WINDOWS\system32\geBststU.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\opnkjKCu.dll
C:\WINDOWS\system32\opnllKaW.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\uCKjknpo.ini
C:\WINDOWS\system32\uCKjknpo.ini2
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\time.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\users32.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\winsb.dll
C:\WINDOWS\x.exe
C:\WINDOWS\xbqmfsed.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE


((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-09 22:35 . 2008-06-09 22:35 <DIR> d-------- C:\Program Files\Csvnro
2008-06-09 22:31 . 2008-06-09 22:31 <DIR> d-------- C:\Program Files\CachemanXP
2008-06-09 22:05 . 2008-06-09 22:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 22:05 . 2008-06-09 22:05 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-06-09 22:05 . 2008-06-09 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 22:04 . 2008-06-09 22:04 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-09 20:15 . 2008-06-09 20:19 121 --a------ C:\WINDOWS\_vmtel.INI
2008-06-09 18:05 . 2008-06-09 18:10 8,192 --a------ C:\WINDOWS\system32\edb.chk
2008-06-09 17:19 . 2008-06-09 17:19 <DIR> d-------- C:\WINDOWS\system32\vntiho01
2008-06-09 16:24 . 2008-06-09 16:24 259,584 --a------ C:\WINDOWS\system32\xtbaksm.dll
2008-06-09 16:24 . 2008-06-09 16:24 259,584 --a------ C:\WINDOWS\system32\xtbaksm.dat
2008-06-09 16:24 . 2008-06-09 16:24 510 --a------ C:\WINDOWS\system32\xtupdate.zip
2008-06-09 16:24 . 2008-06-09 16:24 510 --a------ C:\WINDOWS\system32\xtupdate.dat
2008-06-09 16:04 . 2003-06-23 02:05 262,144 --a------ C:\WINDOWS\system32\lst_v.ocx
2008-06-09 16:04 . 1999-02-09 20:40 188,928 --a------ C:\WINDOWS\system32\vbuzip10.DLL
2008-06-09 16:04 . 1998-06-24 00:00 167,683 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-06-09 16:04 . 2003-04-23 14:03 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll
2008-06-09 16:04 . 2004-03-18 04:22 145,920 --a------ C:\WINDOWS\system32\tssTaskPane1a.ocx
2008-06-09 16:04 . 2003-04-01 08:36 94,208 --a------ C:\WINDOWS\system32\img_lst.ocx
2008-06-09 16:04 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-06-09 16:03 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-06-09 16:03 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-09 16:03 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-06-09 16:02 . 2004-08-03 23:20 2,180,992 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-09 16:00 . 2008-06-09 16:22 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-06-09 15:54 . 2008-06-09 15:55 103 --a------ C:\WINDOWS\_vmtxp.ini
2008-06-09 15:48 . 2008-06-09 15:48 491,768 --a------ C:\Documents and Settings\Compaq_Owner\ie6setup.exe
2008-06-09 14:59 . 2008-06-09 14:59 <DIR> d-------- C:\Program Files\Sun
2008-06-09 14:59 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 14:49 . 2008-06-09 14:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-09 14:34 . 2008-06-09 14:34 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-09 14:31 . 2008-06-09 14:31 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-06-09 14:13 . 2008-05-04 12:41 1,489 --a------ C:\Windows Explorer.lnk
2008-06-08 23:17 . 2008-06-08 23:17 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
2008-06-08 23:14 . 2008-06-08 23:14 <DIR> d-------- C:\softpaq
2008-06-08 23:11 . 2005-08-13 21:05 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-06-08 22:45 . 2004-08-04 00:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-08 22:45 . 2008-06-08 22:45 1,840 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EG733AA-ABA SR1620NX NA540_YC_0Pres_QCNN535_E54NAheRED2_48_IAMETHYST-M_SMSI_V1.0_B3.31_T050801_WXH2_L409_M447_J160_7AMD_8Sempron_91.99_#061017_N10EC8139_Z11C1048C_G10025954_OTSSTcorp CD DVDW TS-H552B.MRK
2008-06-08 22:43 . 2005-08-11 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\WINDOWS
2008-06-08 22:43 . 2005-08-11 02:19 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
2008-06-08 22:43 . 2005-08-11 02:17 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Intuit
2008-06-08 22:43 . 2005-08-11 02:14 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2008-06-08 22:43 . 2008-06-09 22:58 <DIR> d-------- C:\Documents and Settings\Compaq_Owner
2008-06-08 22:42 . 2005-08-11 02:15 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-08 22:05 . 2008-06-08 22:05 2 --ah----- C:\1692041595
2008-06-08 22:04 . 2008-06-08 22:05 93,696 --ah----- C:\jbdem.exe
2008-06-08 22:04 . 2008-06-08 22:04 7,680 --ah----- C:\vuqs.exe
2008-06-08 20:11 . 2008-06-08 20:11 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-06-08 16:36 . 2008-06-08 16:36 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
2008-06-08 14:27 . 2008-06-08 14:38 36,315 --a------ C:\WINDOWS\helloserv.config
2008-06-08 14:26 . 2008-06-08 14:26 118,784 --a------ C:\WINDOWS\helloserv.exe
2008-06-08 14:21 . 2008-06-09 22:55 <DIR> d-------- C:\Temp
2008-06-08 14:21 . 2008-06-08 14:23 135,168 --a------ C:\WINDOWS\TEK76.exe
2008-06-08 14:21 . 2008-06-08 14:21 49,158 --a------ C:\WINDOWS\444.0
2008-06-08 14:21 . 2008-06-08 14:21 30,728 --a------ C:\WINDOWS\444.470
2008-06-03 23:24 . 2008-06-04 07:23 <DIR> d--h----- C:\Program Files\TweakNow PowerPack Pro
2008-06-01 12:36 . 2008-06-01 12:36 <DIR> d--h----- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-05-23 18:04 . 2008-05-23 18:04 <DIR> d--h----- C:\Program Files\Winferno
2008-05-20 16:02 . 2008-05-20 16:02 32,768 --a------ C:\WINDOWS\system32\vntiho01\vntiho011065.exe
2008-05-20 07:41 . 2008-06-07 16:42 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Private Writings

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 21:36 --------- d-----w C:\Program Files\Microsoft Works
2008-06-09 21:16 --------- d-----w C:\Program Files\Google
2008-06-09 20:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 19:59 --------- d-----w C:\Program Files\Java
2008-06-09 19:14 --------- d-----w C:\Program Files\HP
2008-06-09 19:14 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-09 05:03 --------- d-----w C:\Program Files\Sonic
2008-06-09 05:03 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-09 04:39 --------- d-----w C:\Program Files\Microsoft
2008-06-09 04:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 04:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-09 03:45 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-08 19:34 269 ----a-w C:\Program Files\Common Files\quha241
2008-06-08 19:21 --------- d-----w C:\Program Files\Identities
2008-06-04 00:54 --------- d--h--w C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo! Messenger
2008-05-05 22:21 --------- d-----w C:\Program Files\LimeWire
2008-05-04 04:07 --------- d--h--w C:\Documents and Settings\Compaq_Owner\Application Data\HPQ
2008-04-26 09:41 142 ----a-w C:\Program Files\Common Files\rteqe.html
2008-04-21 20:24 --------- d--h--w C:\Documents and Settings\Compaq_Owner\Application Data\Template
2008-04-21 20:23 0 ---ha-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-04-21 16:26 --------- d--h--w C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2008-04-06 22:32 182,784 ----a-w C:\WINDOWS\vshshmzk.dll
2008-03-22 20:44 359 ----a-w C:\Documents and Settings\.limewire\library.dat
2008-03-10 11:19 38,547 ----a-w C:\WINDOWS\Fonts\macchiatopc.zip
2008-03-10 11:19 12,898 ----a-w C:\WINDOWS\Fonts\BradleyTTF.zip
2008-03-10 11:19 10,258 ----a-w C:\WINDOWS\Fonts\sevenswordsmenbb.zip
2008-03-10 11:18 80,415 ----a-w C:\WINDOWS\Fonts\underworld.zip
2008-03-10 11:18 71,750 ----a-w C:\WINDOWS\Fonts\Grafik_Text.zip
2008-03-10 11:18 49,065 ----a-w C:\WINDOWS\Fonts\gypsycursefont.zip
2008-03-10 11:17 27,509 ----a-w C:\WINDOWS\Fonts\teamspir.zip
2008-03-10 11:17 13,620 ----a-w C:\WINDOWS\Fonts\heartsweetheart.zip
2008-03-10 11:16 68,273 ----a-w C:\WINDOWS\Fonts\Sanctuary_Font.zip
2008-03-10 11:16 57,993 ----a-w C:\WINDOWS\Fonts\darkcrystal1.zip
2008-03-10 11:16 34,035 ----a-w C:\WINDOWS\Fonts\littlelo.zip
2008-03-10 11:16 30,275 ----a-w C:\WINDOWS\Fonts\AngloText.zip
2008-03-10 11:16 21,154 ----a-w C:\WINDOWS\Fonts\Spring.zip
2008-03-10 11:15 61,382 ----a-w C:\WINDOWS\Fonts\ExtraOrnamentalNo2.zip
2008-03-10 11:15 47,675 ----a-w C:\WINDOWS\Fonts\satan2000mg.zip
2008-03-10 11:15 25,300 ----a-w C:\WINDOWS\Fonts\duke.zip
2008-03-10 11:15 147,802 ----a-w C:\WINDOWS\Fonts\Carnevalee_Freakshow.zip
2008-03-10 11:14 37,588 ----a-w C:\WINDOWS\Fonts\ghastlypanicfont.zip
2008-03-10 11:14 29,900 ----a-w C:\WINDOWS\Fonts\a_dark_wedding__2007.zip
2008-03-10 11:14 28,137 ----a-w C:\WINDOWS\Fonts\CalliGravity.zip
2008-03-10 11:14 112,807 ----a-w C:\WINDOWS\Fonts\zombie_holocaust.zip
2008-03-10 11:13 34,161 ----a-w C:\WINDOWS\Fonts\LimeGloryCaps.zip
2008-03-10 11:11 95,889 ----a-w C:\WINDOWS\Fonts\NemoNightmares.zip
2008-03-10 11:10 34,931 ----a-w C:\WINDOWS\Fonts\black_chancery.zip
2008-03-10 11:10 26,080 ----a-w C:\WINDOWS\Fonts\ATheme.zip
2008-03-10 11:10 13,806 ----a-w C:\WINDOWS\Fonts\wordsoflove.zip
2008-03-10 11:10 105,800 ----a-w C:\WINDOWS\Fonts\Beyond_Wonderland.zip
2008-03-10 11:09 59,149 ----a-w C:\WINDOWS\Fonts\script_tt1.zip
2008-03-10 11:09 45,815 ----a-w C:\WINDOWS\Fonts\waltograph42ttf.zip
2008-03-10 11:09 26,796 ----a-w C:\WINDOWS\Fonts\LokiCola.zip
2008-03-10 01:02 47,580 ----a-w C:\WINDOWS\NTDETECT.COM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-09 14:30 68856]
"TransparentTaskBar"="" []
"XPTools"="C:\Program Files\XP Tools\xptools.exe" [ ]
"Csvnro"="C:\Program Files\Csvnro\Csvnro.exe" [2008-06-09 20:48 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [2008-04-30 19:54]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-09 14:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28e26798-02ad-11da-8aef-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-06-06 13:32:02 C:\WINDOWS\Tasks\HPCeeSchedule.job"
- C:\PROGRA~1\EASYIN~1\Ceement\HPCEE.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 23:03:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-09 23:06:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 04:06:02

Pre-Run: 146,665,271,296 bytes free
Post-Run: 146,617,708,544 bytes free

337

BC AdBot (Login to Remove)

 


#2 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:02:37 PM

Posted 10 June 2008 - 12:21 AM

Hello heavenzayngel,

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I infected? What do I do? forum, explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff/TMacK
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users