1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ComboFix Log And Hijack This Log

Discussion in 'Virus & Other Malware Removal' started by GaaraOfSand, Oct 31, 2007.

Thread Status:
Not open for further replies.
  1. GaaraOfSand

    GaaraOfSand Thread Starter

    Joined:
    Oct 27, 2007
    Messages:
    5
    ComboFix 07-10-29.1 - Bear 2007-10-30 15:24:03.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.231 [GMT 8:00]Running from: C:\Documents and Settings\Bear\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Bear\My Documents\internet.lnk
    C:\Program Files\meex.exe
    C:\temp\svchost.exe
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
    .

    2007-10-30 15:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-30 15:23 32 ---hs---- C:\Program Files\DLD.DAT
    2007-10-29 17:11 42,496 --a------ C:\WINDOWS\system32\sexit.dat
    2007-10-29 16:33 <DIR> d-------- C:\temp
    2007-10-29 16:29 28,601 ---hs---- C:\Program Files\meex.exe
    2007-10-29 16:11 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-10-28 14:28 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
    2007-10-28 12:07 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-27 18:45 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\CyberLink
    2007-10-27 15:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-10-17 01:16 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Leadertech
    2007-10-02 22:44 <DIR> d-------- C:\Program Files\EA GAMES
    2007-10-02 20:18 <DIR> d-------- C:\Program Files\Valve
    2007-10-02 05:52 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Sports Interactive
    2007-10-02 05:49 <DIR> d-------- C:\Program Files\Zero G Registry
    2007-10-02 05:49 <DIR> d-------- C:\Program Files\Sports Interactive
    2007-10-01 02:14 1,060 --a------ C:\WINDOWS\unins000.dat
    2007-09-30 22:40 <DIR> d-------- C:\Program Files\AuditionSEA
    2007-09-30 21:02 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
    2007-09-30 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    2007-09-26 06:55 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
    2007-09-25 13:45 <DIR> d-------- C:\Program Files\Take2 Interactive
    2007-09-17 13:17 <DIR> d-------- C:\Documents and Settings\Bear\UserData
    2007-09-16 16:36 <DIR> d-------- C:\Program Files\Ares
    2007-09-13 21:47 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\HP
    2007-09-13 17:14 <DIR> d-------- C:\Program Files\Common Files\DirectX
    2007-09-13 17:14 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\NHN Corporation
    2007-09-13 17:14 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2007-09-13 17:08 <DIR> d-------- C:\ijji
    2007-09-13 17:07 <DIR> d--h----- C:\Documents and Settings\Bear\Application Data\ijjigame
    2007-09-13 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
    2007-09-13 16:56 <DIR> d-------- C:\Program Files\DriftCity
    2007-09-13 13:34 <DIR> d-------- C:\Documents and Settings\Bear\keel
    2007-09-13 13:32 <DIR> d-------- C:\Documents and Settings\Bear\oni
    2007-09-13 13:31 <DIR> d-------- C:\Program Files\AsiaSoft Online
    2007-09-13 13:31 <DIR> d-------- C:\Documents and Settings\Bear\Contacts
    2007-09-13 13:17 1,412 --a------ C:\WINDOWS\mozver.dat
    2007-09-13 13:16 0 --a------ C:\WINDOWS\nsreg.dat
    2007-09-13 13:14 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-09-13 12:46 <DIR> d---s---- C:\Documents and Settings\Bear\Temporary Internet Files
    2007-09-13 12:46 <DIR> d---s---- C:\Documents and Settings\Bear\History
    2007-09-13 12:45 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Symantec
    2007-09-13 12:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-09-13 12:41 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-09-13 12:41 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2007-09-13 12:41 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2007-09-13 12:41 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
    2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2007-09-13 12:41 5,632 --a------ C:\WINDOWS\system32\kbd103.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-27 07:29 --------- d-----w C:\Program Files\Google
    2007-10-16 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-13 19:27 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-09-13 19:27 --------- d-----w C:\Program Files\Synaptics
    2007-09-13 19:27 --------- d-----w C:\Program Files\Symantec
    2007-09-13 19:27 --------- d-----w C:\Program Files\Sonic
    2007-09-13 19:26 --------- d-----w C:\Program Files\Oberon Media
    2007-09-13 19:25 --------- d-----w C:\Program Files\Norton Internet Security
    2007-09-13 19:25 --------- d-----w C:\Program Files\NetWaiting
    2007-09-13 19:24 --------- d-----w C:\Program Files\muvee Technologies
    2007-09-13 19:24 --------- d-----w C:\Program Files\Microsoft Works
    2007-09-13 19:24 --------- d-----w C:\Program Files\Microsoft Money 2005
    2007-09-13 19:24 --------- d-----w C:\Program Files\microsoft frontpage
    2007-09-13 19:23 --------- d-----w C:\Program Files\Intel
    2007-09-13 19:23 --------- d-----w C:\Program Files\HPQ
    2007-09-13 19:23 --------- d-----w C:\Program Files\HP
    2007-09-13 19:23 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-09-13 19:22 --------- d-----w C:\Program Files\DivX
    2007-09-13 19:22 --------- d-----w C:\Program Files\CONEXANT
    2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\TiVo Shared
    2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\SureThing Shared
    2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Sonic Shared
    2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Oberon Media
    2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\muvee Technologies
    2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\LightScribe
    2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Java
    2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield
    2007-09-13 19:21 --------- d-----w C:\Program Files\Common Files\HP
    2007-09-13 19:21 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
    2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
    2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
    2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2007-09-13 05:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-09-13 05:06 --------- d-----w C:\Program Files\Java
    2007-09-13 04:46 1,787 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V3000 (RL376PA#UUF)_YN_0Pres_Q2CE7022BF6_E433343372_46_I30B2_SWistron_V61.44_BF.13_T061117_WXH2_L409_M503_J60_7Intel_8T2250_91.73_#070112_N14E44311_(RL376PA#UUF)_XMOBILE_CN10_Z_2F.13_G808627A2.MRK
    2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 11:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-09 13:09 584,192 ----a-w C:\WINDOWS\system32\rpcrt4(2).dll
    2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 13:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-23 19:07 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 22:27]
    "IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2005-09-30 20:33]
    "SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 14:59]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 13:22]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 16:18]
    "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 21:00]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 21:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 21:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
    "mvpgtdf"="C:\Program Files\Common Files\System\qnegbyv.exe" [2005-08-25 06:09]
    "vqrycmb"="C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe" [2005-08-25 06:09]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-13 12:48]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "ares"="C:\Program Files\Ares\Ares.exe" [2007-07-17 05:54]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-25 00:39:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQLiveUpdate.exe]
    Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQSC.exe]
    Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQUpdateCenter.exe]
    Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe]
    Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Timwp.exe]
    Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe

    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @="DiskDrive"

    R2 Messager;Messager;c:\temp\svchost.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35d1a31-85f8-11dc-b7eb-0016d31c3b0a}]
    Auto\command - F:\auto.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
    explore\Command - F:\vqrycmb.exe
    open\Command - F:\vqrycmb.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35d1a32-85f8-11dc-b7eb-0016d31c3b0a}]
    Auto\command - auto.exe
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
    explore\Command - G:\vqrycmb.exe
    open\Command - G:\vqrycmb.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    *Newly Created Service* - MESSAGER
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-01-12 12:17:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-30 15:27:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? [email protected][email protected]

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-30 15:27:21
    .
    --- E O F ---
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:30:44 PM, on 10/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\System\qnegbyv.exe
    C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    c:\temp\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [mvpgtdf] C:\Program Files\Common Files\System\qnegbyv.exe
    O4 - HKLM\..\Run: [vqrycmb] C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Messager - Unknown owner - c:\temp\svchost.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8805 bytes

    I'm Not Sure Why Everytime I Go To My Thread Firefox Automatically Closes. So I Decided To Start A New Thread. This Is Regarding Worms Virus
     
    GaaraOfSand, Oct 31, 2007
    #1
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - ComboFix Hijack
  1. genubi

    New Hijacked

    genubi, Nov 24, 2019, in forum: Virus & Other Malware Removal
    Replies:
    0
    Views:
    307
    genubi
    Nov 24, 2019
  2. bj nick

    New Laptop plagued by browser hijacker....help!

    bj nick, Nov 2, 2019, in forum: Virus & Other Malware Removal
    Replies:
    0
    Views:
    694
    bj nick
    Nov 2, 2019
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/645901

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice