ComboFix Log And Hijack This Log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

GaaraOfSand

Thread Starter
Joined
Oct 27, 2007
Messages
5
ComboFix 07-10-29.1 - Bear 2007-10-30 15:24:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.231 [GMT 8:00]Running from: C:\Documents and Settings\Bear\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bear\My Documents\internet.lnk
C:\Program Files\meex.exe
C:\temp\svchost.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-30 15:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 15:23 32 ---hs---- C:\Program Files\DLD.DAT
2007-10-29 17:11 42,496 --a------ C:\WINDOWS\system32\sexit.dat
2007-10-29 16:33 <DIR> d-------- C:\temp
2007-10-29 16:29 28,601 ---hs---- C:\Program Files\meex.exe
2007-10-29 16:11 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-28 14:28 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-28 12:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-27 18:45 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\CyberLink
2007-10-27 15:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-17 01:16 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Leadertech
2007-10-02 22:44 <DIR> d-------- C:\Program Files\EA GAMES
2007-10-02 20:18 <DIR> d-------- C:\Program Files\Valve
2007-10-02 05:52 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Sports Interactive
2007-10-02 05:49 <DIR> d-------- C:\Program Files\Zero G Registry
2007-10-02 05:49 <DIR> d-------- C:\Program Files\Sports Interactive
2007-10-01 02:14 1,060 --a------ C:\WINDOWS\unins000.dat
2007-09-30 22:40 <DIR> d-------- C:\Program Files\AuditionSEA
2007-09-30 21:02 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2007-09-30 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-09-26 06:55 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-09-25 13:45 <DIR> d-------- C:\Program Files\Take2 Interactive
2007-09-17 13:17 <DIR> d-------- C:\Documents and Settings\Bear\UserData
2007-09-16 16:36 <DIR> d-------- C:\Program Files\Ares
2007-09-13 21:47 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\HP
2007-09-13 17:14 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-09-13 17:14 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\NHN Corporation
2007-09-13 17:14 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-13 17:08 <DIR> d-------- C:\ijji
2007-09-13 17:07 <DIR> d--h----- C:\Documents and Settings\Bear\Application Data\ijjigame
2007-09-13 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-09-13 16:56 <DIR> d-------- C:\Program Files\DriftCity
2007-09-13 13:34 <DIR> d-------- C:\Documents and Settings\Bear\keel
2007-09-13 13:32 <DIR> d-------- C:\Documents and Settings\Bear\oni
2007-09-13 13:31 <DIR> d-------- C:\Program Files\AsiaSoft Online
2007-09-13 13:31 <DIR> d-------- C:\Documents and Settings\Bear\Contacts
2007-09-13 13:17 1,412 --a------ C:\WINDOWS\mozver.dat
2007-09-13 13:16 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-13 13:14 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-13 12:46 <DIR> d---s---- C:\Documents and Settings\Bear\Temporary Internet Files
2007-09-13 12:46 <DIR> d---s---- C:\Documents and Settings\Bear\History
2007-09-13 12:45 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Symantec
2007-09-13 12:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-09-13 12:41 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-09-13 12:41 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-09-13 12:41 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-09-13 12:41 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-09-13 12:41 5,632 --a------ C:\WINDOWS\system32\kbd103.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 07:29 --------- d-----w C:\Program Files\Google
2007-10-16 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-13 19:27 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-13 19:27 --------- d-----w C:\Program Files\Synaptics
2007-09-13 19:27 --------- d-----w C:\Program Files\Symantec
2007-09-13 19:27 --------- d-----w C:\Program Files\Sonic
2007-09-13 19:26 --------- d-----w C:\Program Files\Oberon Media
2007-09-13 19:25 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-13 19:25 --------- d-----w C:\Program Files\NetWaiting
2007-09-13 19:24 --------- d-----w C:\Program Files\muvee Technologies
2007-09-13 19:24 --------- d-----w C:\Program Files\Microsoft Works
2007-09-13 19:24 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-09-13 19:24 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-13 19:23 --------- d-----w C:\Program Files\Intel
2007-09-13 19:23 --------- d-----w C:\Program Files\HPQ
2007-09-13 19:23 --------- d-----w C:\Program Files\HP
2007-09-13 19:23 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-13 19:22 --------- d-----w C:\Program Files\DivX
2007-09-13 19:22 --------- d-----w C:\Program Files\CONEXANT
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Java
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-13 19:21 --------- d-----w C:\Program Files\Common Files\HP
2007-09-13 19:21 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-09-13 05:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-13 05:06 --------- d-----w C:\Program Files\Java
2007-09-13 04:46 1,787 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V3000 (RL376PA#UUF)_YN_0Pres_Q2CE7022BF6_E433343372_46_I30B2_SWistron_V61.44_BF.13_T061117_WXH2_L409_M503_J60_7Intel_8T2250_91.73_#070112_N14E44311_(RL376PA#UUF)_XMOBILE_CN10_Z_2F.13_G808627A2.MRK
2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 11:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-09 13:09 584,192 ----a-w C:\WINDOWS\system32\rpcrt4(2).dll
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 13:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-23 19:07 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 22:27]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2005-09-30 20:33]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 14:59]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 13:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 16:18]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 21:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 21:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 21:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"mvpgtdf"="C:\Program Files\Common Files\System\qnegbyv.exe" [2005-08-25 06:09]
"vqrycmb"="C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe" [2005-08-25 06:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-13 12:48]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-17 05:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-25 00:39:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQLiveUpdate.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQSC.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQUpdateCenter.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Timwp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

R2 Messager;Messager;c:\temp\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35d1a31-85f8-11dc-b7eb-0016d31c3b0a}]
Auto\command - F:\auto.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explore\Command - F:\vqrycmb.exe
open\Command - F:\vqrycmb.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35d1a32-85f8-11dc-b7eb-0016d31c3b0a}]
Auto\command - auto.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explore\Command - G:\vqrycmb.exe
open\Command - G:\vqrycmb.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - MESSAGER
.
Contents of the 'Scheduled Tasks' folder
"2007-01-12 12:17:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 15:27:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? [email protected][email protected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 15:27:21
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:44 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\System\qnegbyv.exe
C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\temp\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mvpgtdf] C:\Program Files\Common Files\System\qnegbyv.exe
O4 - HKLM\..\Run: [vqrycmb] C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Messager - Unknown owner - c:\temp\svchost.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8805 bytes

I'm Not Sure Why Everytime I Go To My Thread Firefox Automatically Closes. So I Decided To Start A New Thread. This Is Regarding Worms Virus
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top