Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Slow Computer


  • Please log in to reply
1 reply to this topic

#1 tom-b

tom-b

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 01 February 2008 - 05:14 PM

Hi All can you help me.

My computer is running really slowly and odly. My virus scanner picked up a virus inside a archive Win32:Banload-CWA

It deleted the file but ever since then my computer freezes, hangs and switche the wireless adapter off all by iteself. I've ran combofix and here is my log fil results.

help is greatly apprecaited!!
Thanks in advance

Tom




ComboFix 08-02.01.6 - Tom 2008-02-01 21:58:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1394 [GMT 0:00]
Running from: C:\Documents and Settings\Tom\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\down

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-02-01 19:54 . 2008-02-01 19:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-01 19:54 . 2008-02-01 19:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-01 18:51 . 2008-02-01 18:51 268 --ah----- C:\sqmdata18.sqm
2008-02-01 18:51 . 2008-02-01 18:51 244 --ah----- C:\sqmnoopt19.sqm
2008-02-01 18:51 . 2008-02-01 18:51 232 --ah----- C:\sqmdata19.sqm
2008-02-01 18:50 . 2008-02-01 18:50 244 --ah----- C:\sqmnoopt18.sqm
2008-02-01 17:10 . 2008-02-01 17:10 268 --ah----- C:\sqmdata16.sqm
2008-02-01 17:10 . 2008-02-01 17:10 244 --ah----- C:\sqmnoopt17.sqm
2008-02-01 17:10 . 2008-02-01 17:10 232 --ah----- C:\sqmdata17.sqm
2008-02-01 17:09 . 2008-02-01 17:09 244 --ah----- C:\sqmnoopt16.sqm
2008-01-30 09:16 . 2008-01-30 09:16 244 --ah----- C:\sqmnoopt15.sqm
2008-01-30 09:16 . 2008-01-30 09:16 232 --ah----- C:\sqmdata15.sqm
2008-01-29 22:53 . 2008-01-29 22:53 244 --ah----- C:\sqmnoopt14.sqm
2008-01-29 22:53 . 2008-01-29 22:53 232 --ah----- C:\sqmdata14.sqm
2008-01-29 22:49 . 2008-01-29 22:49 268 --ah----- C:\sqmdata12.sqm
2008-01-29 22:49 . 2008-01-29 22:49 244 --ah----- C:\sqmnoopt13.sqm
2008-01-29 22:49 . 2008-01-29 22:49 244 --ah----- C:\sqmnoopt12.sqm
2008-01-29 22:49 . 2008-01-29 22:49 232 --ah----- C:\sqmdata13.sqm
2008-01-28 10:42 . 2008-01-28 10:42 244 --ah----- C:\sqmnoopt11.sqm
2008-01-28 10:42 . 2008-01-28 10:42 232 --ah----- C:\sqmdata11.sqm
2008-01-27 11:32 . 2008-01-27 11:32 244 --ah----- C:\sqmnoopt10.sqm
2008-01-27 11:32 . 2008-01-27 11:32 232 --ah----- C:\sqmdata10.sqm
2008-01-26 13:48 . 2008-01-26 13:48 244 --ah----- C:\sqmnoopt09.sqm
2008-01-26 13:48 . 2008-01-26 13:48 232 --ah----- C:\sqmdata09.sqm
2008-01-26 12:00 . 2008-01-26 12:00 244 --ah----- C:\sqmnoopt08.sqm
2008-01-26 12:00 . 2008-01-26 12:00 232 --ah----- C:\sqmdata08.sqm
2008-01-25 20:15 . 2008-01-25 20:15 0 --a------ C:\WINDOWS\iPlayer.INI
2008-01-25 16:40 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-25 16:40 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-25 16:40 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-25 16:40 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-01-25 16:40 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-25 16:38 . 2008-01-25 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-01-25 15:58 . 2008-01-25 15:58 244 --ah----- C:\sqmnoopt07.sqm
2008-01-25 15:58 . 2008-01-25 15:58 232 --ah----- C:\sqmdata07.sqm
2008-01-25 15:53 . 2008-01-25 15:53 244 --ah----- C:\sqmnoopt06.sqm
2008-01-25 15:53 . 2008-01-25 15:53 232 --ah----- C:\sqmdata06.sqm
2008-01-25 15:50 . 2008-01-25 15:50 268 --ah----- C:\sqmdata05.sqm
2008-01-25 15:50 . 2008-01-25 15:50 244 --ah----- C:\sqmnoopt05.sqm
2008-01-25 15:17 . 2007-07-04 16:03 479,232 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-01-25 15:11 . 2008-01-25 15:11 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\EPSON
2008-01-25 15:10 . 2008-01-25 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-01-25 15:06 . 2008-01-25 15:55 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-01-25 14:39 . 2008-01-25 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-25 14:39 . 2006-12-08 02:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCKE.DLL
2008-01-25 14:39 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCKE.DLL
2008-01-25 14:39 . 2004-09-10 20:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-01-25 12:22 . 2008-01-25 12:22 244 --ah----- C:\sqmnoopt04.sqm
2008-01-25 12:22 . 2008-01-25 12:22 232 --ah----- C:\sqmdata04.sqm
2008-01-25 12:07 . 2008-01-25 12:07 244 --ah----- C:\sqmnoopt03.sqm
2008-01-25 12:07 . 2008-01-25 12:07 232 --ah----- C:\sqmdata03.sqm
2008-01-25 12:04 . 2008-01-25 12:04 268 --ah----- C:\sqmdata01.sqm
2008-01-25 12:04 . 2008-01-25 12:04 244 --ah----- C:\sqmnoopt02.sqm
2008-01-25 12:04 . 2008-01-25 12:04 244 --ah----- C:\sqmnoopt01.sqm
2008-01-25 12:04 . 2008-01-25 12:04 232 --ah----- C:\sqmdata02.sqm
2008-01-25 10:53 . 2008-02-01 18:52 244 --ah----- C:\sqmnoopt00.sqm
2008-01-25 10:53 . 2008-02-01 18:52 232 --ah----- C:\sqmdata00.sqm
2008-01-22 23:05 . 2008-01-22 23:05 4,128 --a------ C:\INFCACHE.1
2008-01-18 00:24 . 2000-10-24 03:12 24,576 --a------ C:\WINDOWS\KeyHH.exe
2008-01-18 00:24 . 2005-11-14 14:53 873 --a------ C:\WINDOWS\.scUserPreferences43
2008-01-18 00:22 . 2008-01-18 00:24 <DIR> d-------- C:\Program Files\M359
2008-01-17 19:19 . 2008-01-17 19:19 81 --a------ C:\easy.sdo
2008-01-14 17:25 . 2008-01-14 17:25 <DIR> d-------- C:\Program Files\MagicDVDRipper
2008-01-09 11:18 . 2008-01-09 11:18 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:18 . 2008-01-09 11:18 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18 . 2008-01-09 11:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-01-09 11:16 . 2008-01-09 11:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-01-09 11:16 . 2008-01-09 11:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-01-09 11:16 . 2008-01-09 11:16 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-01-09 11:16 . 2008-01-09 11:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-01-07 23:51 . 2008-01-07 23:51 <DIR> d-------- C:\Microsoft
2008-01-04 12:45 . 2008-01-04 12:45 <DIR> d-------- C:\Program Files\MultipleIEs
2008-01-01 21:24 . 2008-01-01 21:24 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\VirtuaWin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 17:52 --------- d-----w C:\Program Files\eMule
2008-02-01 10:11 --------- d-----w C:\Documents and Settings\Tom\Application Data\FileZilla
2008-01-31 14:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-30 12:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 12:33 --------- d-----w C:\Program Files\Macromedia
2008-01-27 00:03 --------- d-----w C:\Program Files\SpeedFan
2008-01-26 12:17 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-26 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 16:40 --------- d-----w C:\Program Files\Nokia
2008-01-25 16:39 --------- d-----w C:\Program Files\Common Files\Nokia
2008-01-25 14:42 --------- d-----w C:\Program Files\EPSON
2008-01-25 10:50 --------- d-----w C:\Program Files\PHP
2008-01-21 16:38 --------- d-----w C:\Program Files\Creative
2008-01-21 14:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-20 12:50 --------- d-----w C:\Program Files\Mozy
2008-01-14 17:24 --------- d-----w C:\Documents and Settings\Tom\Application Data\Vso
2008-01-13 13:17 --------- d-----w C:\Program Files\DivX
2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-09 11:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 23:47 52,728 ----a-w C:\WINDOWS\system32\drivers\mozy.sys
2008-01-01 21:22 --------- d-----w C:\Program Files\Intuit
2007-12-13 00:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-13 00:11 --------- d-----w C:\Program Files\UseNeXT
2007-12-13 00:11 --------- d-----w C:\Program Files\tunebite
2007-12-13 00:11 --------- d-----w C:\Program Files\The Logo Creator v4
2007-12-13 00:11 --------- d-----w C:\Program Files\IBP 9
2007-12-13 00:11 --------- d-----w C:\Program Files\EnglishOtto
2007-12-13 00:11 --------- d-----w C:\Program Files\DAP
2007-12-13 00:11 --------- d-----w C:\Program Files\Crimson Editor
2007-12-12 23:57 118,888 ----a-w C:\WINDOWS\Integrated Mailing Labels for Microsoft Word Uninstaller.exe
2007-12-12 23:57 --------- d-----w C:\Program Files\MoleEnd
2007-12-11 23:36 --------- d-----w C:\Program Files\SiteMapBuilder.NET
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\nsi2E7.tmp
2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\nsx2E6.tmp
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-09 00:45 --------- d-----w C:\Documents and Settings\Tom\Application Data\IBP
2007-12-07 00:12 --------- d-----w C:\Documents and Settings\Tom\Application Data\Electrum
2007-12-06 22:39 66 ----a-w C:\Documents and Settings\Tom\Application Data\C3183940-D6EC-42C5-B742-88F8E4EE41DE.DAT
2007-12-06 22:39 118,100 ----a-w C:\WINDOWS\HTML for Integrated Mailing Labels Uninstaller.exe
2007-12-06 22:39 --------- d-----w C:\Program Files\Common Files\Thraex Software
2007-12-06 22:39 --------- d-----w C:\Documents and Settings\Tom\Application Data\AceBIT
2007-12-06 22:38 --------- d-----w C:\Program Files\AceBIT
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-12 19:19 73,728 ----atw C:\WINDOWS\system32\DRWEBSP.DLL
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-09-23 17:57 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-02 14:34 81,920 ----a-w C:\Documents and Settings\Tom\Application Data\ezpinst.exe
2006-11-02 14:34 47,360 ----a-w C:\Documents and Settings\Tom\Application Data\pcouffin.sys
2006-10-23 19:22 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@={747E722C-CB46-4A9D-BDFE-192AAD5099B1}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@={EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]
2008-01-04 23:47 2389296 --a------ C:\Program Files\Mozy\mozyshell1.dll

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]
2008-01-04 23:47 2389296 --a------ C:\Program Files\Mozy\mozyshell1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34 5354792]
"IBP"="" []
"EPSON Stylus Photo R285 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKE.exe" [2007-04-13 06:00 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 22:30 282624 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 17:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 08:28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 08:28 602182]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 14:57 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-03 16:53 185632]
"RegistryMechanic"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 04:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\Tom\Start Menu\Programs\Startup\
Start M359 Server.lnk - C:\Program Files\M359\Sybase\SQL Anywhere 9\win32\dbeng9.exe [2008-01-18 00:24:11 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 17:28:28 622653]
Mozy Status.lnk - C:\Program Files\Mozy\mozystat.exe [2007-05-15 21:40:50 1877296]
MozyHome Status.lnk - C:\Program Files\Mozy\mozystat.exe [2007-05-15 21:40:50 1877296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
backup=C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tom^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-07-16 20:29 389120 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a------ 2005-12-09 19:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 09:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 09:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-02 15:24 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 19:34 5354792 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonDemo]
--a------ 2005-08-17 19:10 24576 C:\dell\utilities\dsr\demo\Demo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-11-08 13:27 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-10-03 16:53 214296 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-03 16:53 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NICCONFIGSVC"=2 (0x2)
"Norton Ghost"=2 (0x2)

R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2006-03-04 12:00]
R1 mozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-01-04 23:47]
R2 aksfridge;aksfridge;C:\WINDOWS\system32\drivers\aksfridge.sys [2007-05-28 09:02]
R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe [2007-08-09 13:58]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-10 04:00]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S2 MSSQL$SQL2005;SQL Server (SQL2005);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 13:29]
S2 OODefrag;O&O Defrag;C:\WINDOWS\system32\oodag.exe [2002-02-08 12:15]
S2 Virtual Server;Virtual Server;"C:\Program Files\Microsoft Virtual Server\vssrvc.exe" []
S3 dev5_ap1;dev5_ap1;"C:\phpdev5\apache\Apache.exe" []
S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2003-07-01 09:19]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2006-12-02 06:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-07-27 06:28:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 22:03:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-01 22:03:38
ComboFix-quarantined-files.txt 2008-02-01 22:03:31
.
2008-01-30 09:21:32 --- E O F ---

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:14 AM

Posted 12 February 2008 - 07:40 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users