Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacklog/combofix


  • This topic is locked This topic is locked
3 replies to this topic

#1 hyp3rk1d

hyp3rk1d

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 28 December 2007 - 12:49 PM

My computer has been running rather slow and I can't find the cause of it. Here are the logs. Any help is appreciated.

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:00 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe,
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ryan\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 4963 bytes


ComboFix:

ComboFix 07-12-28.1 - Ryan 2007-12-28 12:35:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.365 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-26 20:02 . 2007-12-26 20:03 <DIR> d-------- C:\Program Files\DivX
2007-12-26 20:01 . 2007-12-26 20:02 684 --a------ C:\WINDOWS\mozver.dat
2007-12-25 22:06 . 2007-12-25 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-25 22:06 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2007-12-25 22:05 . 2007-12-25 22:06 <DIR> d-------- C:\Program Files\McAfee
2007-12-25 22:05 . 2007-12-25 22:05 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-25 22:05 . 2007-02-22 20:50 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-25 22:05 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-25 22:05 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-12-25 22:05 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-12-25 22:05 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-25 11:36 . 2007-12-25 11:36 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Apple Computer
2007-12-25 11:35 . 2007-12-27 00:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 11:35 . 2007-12-25 11:35 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 11:32 . 2007-12-25 11:33 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 11:32 . 2007-12-25 11:32 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 11:32 . 2007-12-25 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 11:32 . 2007-12-25 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-24 15:02 . 2007-12-24 15:02 <DIR> d-------- C:\Program Files\NCH Software
2007-12-24 14:59 . 2007-12-24 14:59 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-12-24 14:59 . 2007-12-24 14:59 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\NCH Swift Sound
2007-12-24 14:50 . 2007-12-24 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-12-24 14:47 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2007-12-24 14:47 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2007-12-24 14:47 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-12-24 14:47 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2007-12-24 14:47 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-12-24 14:47 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2007-12-24 14:47 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-12-24 14:47 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2007-12-24 14:45 . 2007-12-24 14:45 <DIR> d-------- C:\Program Files\IVT Corporation
2007-12-24 14:45 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2007-12-20 17:56 . 2007-12-23 11:20 <DIR> d-------- C:\Documents and Settings\Ryan\.housecall6.6
2007-12-20 12:36 . 2007-12-23 11:20 <DIR> d-------- C:\Program Files\RegSupreme
2007-12-20 12:11 . 2007-12-23 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-16 18:58 . 2007-12-16 18:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-16 18:58 . 2007-12-16 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-11 19:14 . 2007-12-23 11:21 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-01 03:42 . 2007-12-23 11:22 <DIR> d-------- C:\Program Files\Alarm
2007-11-29 18:53 . 2007-11-29 18:53 <DIR> d-------- C:\Program Files\directx
2007-11-29 18:48 . 2007-11-29 18:54 <DIR> d-------- C:\Program Files\Commandos II
2007-11-29 17:30 . 2007-11-29 17:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 17:30 . 2007-11-29 17:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-28 20:32 . 2007-11-28 20:32 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 21:26 --------- d-----w C:\Program Files\Azureus
2007-12-24 21:25 --------- d-----w C:\Documents and Settings\Ryan\Application Data\Azureus
2007-12-24 19:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 06:33 --------- d-----w C:\Program Files\Dell
2007-11-28 16:59 --------- d-----w C:\Documents and Settings\Ryan\Application Data\Vso
2007-11-26 23:14 --------- d-----w C:\Program Files\MSECache
2007-11-26 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-26 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-11-20 03:41 --------- d-----w C:\Documents and Settings\Ryan\Application Data\vlc
2007-11-19 23:50 --------- d-----w C:\Documents and Settings\Ryan\Application Data\HorizonWimba
2007-11-19 23:33 --------- d-----w C:\Program Files\Canon
2007-11-19 23:30 --------- d--h--w C:\Program Files\CanonBJ
2007-11-19 23:30 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-11-19 23:00 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-19 06:22 --------- d-----w C:\Program Files\Broadcom
2007-11-19 06:14 --------- d-----w C:\Program Files\CONEXANT
2007-11-18 17:52 --------- d-----w C:\Program Files\Sun
2007-11-18 17:52 --------- d-----w C:\Program Files\Java
2007-11-18 17:42 --------- d-----w C:\Program Files\Common Files\Java
2007-11-18 08:47 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-18 08:45 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-17 20:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-17 20:16 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-17 20:16 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-17 19:10 87,608 ----a-w C:\Documents and Settings\Ryan\Application Data\ezpinst.exe
2007-11-17 19:10 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-17 19:10 47,360 ----a-w C:\Documents and Settings\Ryan\Application Data\pcouffin.sys
2007-11-17 19:10 --------- d-----w C:\Program Files\vso
2007-11-17 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-17 18:54 --------- d-----w C:\Program Files\CCleaner
2007-11-17 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-17 18:50 --------- d-----w C:\Program Files\VideoLAN
2007-11-17 18:50 --------- d-----w C:\Program Files\AIM6
2007-11-17 18:50 --------- d-----w C:\Documents and Settings\Ryan\Application Data\acccore
2007-11-17 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-17 18:49 --------- d-----w C:\Program Files\Viewpoint
2007-11-17 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-17 18:47 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-17 18:46 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-11-17 18:30 --------- d-----w C:\Program Files\Apoint
2007-11-17 18:29 --------- d-----w C:\Program Files\Intel
2007-11-17 18:26 21,425 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-17 18:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-11-17 18:26 --------- d-----w C:\Documents and Settings\Ryan\Application Data\Intel
2007-11-17 18:26 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-17 18:26 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-17 18:26 --------- d-----w C:\Documents and Settings\Default User\Application Data\Intel
2007-11-17 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-11-17 18:10 --------- d-----w C:\Program Files\Synaptics
2007-11-17 18:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-17 18:09 --------- d-----w C:\Program Files\SigmaTel
2007-11-17 17:57 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-05 03:44 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-05 03:44 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-05 03:44 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-05 03:44 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-05 03:44 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-05 03:44 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-05 03:44 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-05 03:44 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-05 03:44 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-05 03:44 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-05 03:44 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-05 03:44 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-05 03:44 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-05 03:44 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-05 03:44 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-05 03:44 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-05 03:44 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-05 03:44 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-05 03:44 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-05 03:44 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-05 03:44 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-05 03:44 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-05 03:44 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-05 03:44 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-05 03:44 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-05 03:44 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-05 03:44 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-05 03:44 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-05 03:44 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-05 03:44 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-05 03:44 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-05 03:44 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-05 03:44 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-05 03:44 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-05 03:44 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-05 03:44 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-05 03:44 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-05 03:44 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-05 03:44 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-05 03:44 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-05 03:44 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-05 03:44 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-05 03:44 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-05 03:44 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-05 03:44 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 18:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 22:44 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-03-22 23:32 C:\WINDOWS\system32\nvhotkey.dll]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 18:56 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 20:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a6afc3-9508-11dc-b0ac-b3b2913a7385}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 16:32:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 12:39:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-28 12:40:23
.
2007-12-27 16:33:20 --- E O F ---

Edited by hyp3rk1d, 28 December 2007 - 02:48 PM.


BC AdBot (Login to Remove)

 


#2 hyp3rk1d

hyp3rk1d
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 30 December 2007 - 05:23 PM

bump?

#3 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:52 PM

Posted 13 January 2008 - 06:52 PM

Hello hyp3rk1d

Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please post a fresh HijackThis log and we can begin the cleaning process.

Regards,
SNOWHITE
Posted Image

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:52 PM

Posted 21 January 2008 - 05:57 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users