1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help Me --> Computer Has A Serious Malfunction

Discussion in 'Virus & Other Malware Removal' started by ransomhawley, Jan 9, 2008.

Thread Status:
Not open for further replies.
  1. ransomhawley

    ransomhawley Thread Starter

    Joined:
    Dec 7, 2007
    Messages:
    2
    Ok, this is kinda complicated. It started this morning. I was on the web when Trend Micro popped up a message that wanted me to allow or delete a change to my system. The file name was called geede.dll..so I googled it and came across a couple posts. Well they started of by saying running Vundofix.exe...which I did and it came back clean. Then the user was told to download Combofix.exe to the desktop and disconnect the internet and disable any antivirus software (Trend in my case)...so far so good..then the computer restarted..this is where I get into serious problems.

    First, the computer won't reboot getting stuck on the "Windows is Starting UP" screen for 10 minutes.So I manually restarted the computer. Once my desktop finally loaded, the task bar looked weird, and no longer showed any thing besides the start menu, the quick launch icons, and the clock, the time format is still changed to 24h time even though combofix said it would change that back... even though programs can still be opened they do not display on the taskbar.

    I restarted and the same thing happened. So, I tried to perform a system restore by going to c:\\Windows\erdnt\Hiv-backup\erdnt.exe...it restarted the computer but nothing changed...i'm still stuck with the same problem...so at this point I am kinda worried and decide that I should probably back up everything just in case...but I can't copy/cut (ctrl v) files or drag and copy files to the desktop or anywhere on the computer or to my external hard drive either.

    So all i have is the internet...things like WMplayer, Itunes won't open.
    I'm posting my hijack log which I did right now, plus my combofix.exe log that run before my computer went bizerk
    I really just need to copy some files, and i don't really care if i have to reinstall windows after that.

    Here's my hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:46, on 2008-01-09
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ISP Monitor\isp.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\My Downloads\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {6E9A7065-6459-46DF-AC71-79F65A1C80BF} - C:\WINDOWS\system32\geede.dll (file missing)
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-21-1321103666-3546552626-3781340954-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1321103666-3546552626-3781340954-1006\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe (User '?')
    O4 - HKUS\S-1-5-21-1321103666-3546552626-3781340954-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189821750468
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C4DC2DA-D914-4A7F-B431-D645A14E96AA}: NameServer = 129.100.74.79,129.100.2.51
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 6895 bytes

    Here's my combofix log:

    ComboFix 08-01-09.2 - Arora 2008-01-09 18:20:17.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.444 [GMT -5:00]
    Running from: C:\Documents and Settings\Arora\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Temp\bkR11
    C:\Temp\bkR11\ftCa.log
    C:\WINDOWS\b122.exe
    C:\WINDOWS\mrofinu572.exe
    C:\WINDOWS\system32\edeeg.ini
    C:\WINDOWS\system32\edeeg.ini2
    C:\WINDOWS\system32\geede.dll
    C:\WINDOWS\system32\inrjukou.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\qjopgbdt.dll
    C:\WINDOWS\system32\tdbgpojq.ini
    C:\WINDOWS\system32\tuvwtut.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
    .

    2008-01-09 18:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-09 08:58 . 2008-01-09 08:58 268 --ah----- C:\sqmdata07.sqm
    2008-01-09 08:58 . 2008-01-09 08:58 244 --ah----- C:\sqmnoopt07.sqm
    2008-01-08 18:29 . 2008-01-08 18:29 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2008-01-08 15:44 . 2008-01-08 15:48 <DIR> d-------- C:\Program Files\Dot1XCfg
    2008-01-08 15:40 . 2008-01-08 15:43 <DIR> d-------- C:\WINDOWS\system32\ardCo01
    2008-01-08 15:40 . 2008-01-08 15:40 <DIR> d-------- C:\temp\cEeer12
    2008-01-08 15:20 . 2008-01-08 15:20 268 --ah----- C:\sqmdata06.sqm
    2008-01-08 15:20 . 2008-01-08 15:20 244 --ah----- C:\sqmnoopt06.sqm
    2008-01-07 19:35 . 2008-01-07 19:35 268 --ah----- C:\sqmdata05.sqm
    2008-01-07 19:35 . 2008-01-07 19:35 244 --ah----- C:\sqmnoopt05.sqm
    2008-01-06 17:28 . 2008-01-06 17:28 268 --ah----- C:\sqmdata04.sqm
    2008-01-06 17:28 . 2008-01-06 17:28 244 --ah----- C:\sqmnoopt04.sqm
    2008-01-05 07:44 . 2008-01-05 07:44 268 --ah----- C:\sqmdata03.sqm
    2008-01-05 07:44 . 2008-01-05 07:44 244 --ah----- C:\sqmnoopt03.sqm
    2008-01-04 11:10 . 2008-01-04 11:10 268 --ah----- C:\sqmdata02.sqm
    2008-01-04 11:10 . 2008-01-04 11:10 244 --ah----- C:\sqmnoopt02.sqm
    2008-01-03 12:24 . 2008-01-03 12:24 268 --ah----- C:\sqmdata01.sqm
    2008-01-03 12:24 . 2008-01-03 12:24 244 --ah----- C:\sqmnoopt01.sqm
    2008-01-03 08:18 . 2008-01-03 08:18 268 --ah----- C:\sqmdata00.sqm
    2008-01-03 08:18 . 2008-01-03 08:18 244 --ah----- C:\sqmnoopt00.sqm
    2007-12-21 05:19 . 2008-01-09 09:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-21 05:19 . 2007-12-21 05:19 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-21 05:17 . 2007-12-21 05:18 <DIR> d-------- C:\Program Files\iTunes
    2007-12-21 05:07 . 2007-12-21 05:07 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-12-21 05:06 . 2007-12-21 05:06 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-12-21 05:06 . 2007-12-21 05:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-15 19:03 . 2007-12-15 19:03 <DIR> d-------- C:\Program Files\DIFX
    2007-12-15 19:00 . 2007-12-15 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
    2007-12-12 04:44 . 2005-06-15 03:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
    2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-09 23:14 --------- d-----w C:\Program Files\DC++
    2008-01-09 18:38 --------- d-----w C:\Program Files\system
    2008-01-09 15:18 --------- d-----w C:\Documents and Settings\Arora\Application Data\uTorrent
    2008-01-06 01:32 --------- d-----w C:\Program Files\uTorrent
    2008-01-03 16:52 --------- d-----w C:\Documents and Settings\Arora\Application Data\U3
    2008-01-02 22:49 --------- d-----w C:\Program Files\Quick Screen Recorder
    2007-12-23 05:31 --------- d-----w C:\Documents and Settings\Arora\Application Data\DivX
    2007-12-21 10:17 --------- d-----w C:\Program Files\iPod
    2007-12-21 10:10 --------- d-----w C:\Program Files\QuickTime
    2007-12-19 02:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-19 02:36 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
    2007-12-08 01:35 --------- d-----w C:\Documents and Settings\Arora\Application Data\Uniblue
    2007-12-01 20:26 73,088 ----a-w C:\Documents and Settings\Arora\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-30 00:23 --------- d-----w C:\Program Files\Broderbund
    2007-11-30 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-11-24 05:50 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-11-15 01:15 --------- d-----w C:\Documents and Settings\Arora\Application Data\dvdcss
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-13 00:55 675,328 ----a-w C:\WINDOWS\is-HVL4A.exe
    2007-11-13 00:55 --------- d-----w C:\Program Files\FreshDevices
    2007-11-10 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-11-10 17:35 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
    2006-08-28 18:35 56 --sh--r C:\WINDOWS\system32\955367307A.sys
    2006-08-28 18:35 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
    "ISPMonitor"="C:\Program Files\ISP Monitor\isp.exe" [2006-05-27 18:37 425472]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44 98304]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45 118784]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 13:51 774233]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-04-06 14:58 1032192]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48 479232]
    "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 01:52 3429904]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
    backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
    backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Digital Notes.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Digital Notes.lnk
    backup=C:\WINDOWS\pss\Post-it® Digital Notes.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    --------- 2005-12-09 20:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    --a------ 2005-08-12 15:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-09-08 22:23 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    --a------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    --a------ 2007-09-29 01:42 219952 C:\Program Files\uTorrent\uTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2006-06-21 12:14 35328 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
    --a------ 2007-09-29 01:42 219952 C:\Program Files\uTorrent\utorrent.exe


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b21242ba-ba05-11dc-a40f-0015c50cda81}]
    \Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba8c455d-92be-11dc-a3d5-0c0c0c0c0c01}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c92fb7f8-2d83-11db-a217-00038a000015}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a5c59d-7ea0-11db-a2b2-0015c50cda81}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2006-12-10 13:48:21 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1157714515.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    "2008-01-07 01:29:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    "2007-12-08 01:29:10 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-09 18:35:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-09 18:38:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-09 23:38:05
    .
    2008-01-09 22:00:37 --- E O F ---
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/670095

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice