Tech Support Forum banner
Cancel

hijackthis log and combofix log

709 Views 2 Replies 2 Participants Last post by  Ried
A
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:30 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BM1725a549] Rundll32.exe "C:\WINDOWS\system32\gfvuqqes.dll",s
O4 - HKLM\..\Run: [141696d5] rundll32.exe "C:\WINDOWS\system32\hxckwbnd.dll",b
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 6585 bytes
See less See more
Save
Like
Status
Not open for further replies.
1 - 3 of 3 Posts
A
Start Time= Tue 05/27/2008 20:13:06.45

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-05-27 15:08:18 2624 ( A.... ) "C:\WINDOWS\system32\hbhqrdth.exe"
2008-05-27 15:02:26 95808 ( A.... ) "C:\WINDOWS\system32\hxckwbnd.dll"
2008-05-27 15:02:18 102976 ( A.... ) "C:\WINDOWS\system32\gfvuqqes.dll"
2008-05-27 15:00:22 102976 ( A.... ) "C:\WINDOWS\system32\xykebrbd.dll"
2008-05-27 14:59:24 100928 ( A.... ) "C:\WINDOWS\system32\ppnjxwsi.dll"
2008-05-22 21:31:54 3648 ( A.... ) "C:\WINDOWS\system32\ibnbcvjs.dll"
2008-05-22 21:29:06 100928 ( A.... ) "C:\WINDOWS\system32\fapyncly.dll"
2008-05-19 22:19:00 92224 ( ..... ) "C:\WINDOWS\system32\emlkahvo.dll"
2008-05-19 22:16:00 2112 ( A.... ) "C:\WINDOWS\system32\udshgett.exe"
2008-05-19 22:13:06 100928 ( A.... ) "C:\WINDOWS\system32\jyumthlq.dll"
2008-05-19 22:13:00 100928 ( A.... ) "C:\WINDOWS\system32\fhjsolgb.dll"
2008-05-17 22:30:36 ( .D... ) "C:\Program Files\MSBuild"
2008-05-17 22:30:04 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2008-05-17 22:30:02 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2008-05-17 22:28:42 ( .D... ) "C:\Program Files\Microsoft.NET"
2008-05-17 15:29:20 ( .D... ) "C:\Program Files\Trend Micro"
2008-05-17 15:15:52 ( .D... ) "C:\Program Files\WinRAR"
2008-05-17 15:10:20 100928 ( A.... ) "C:\WINDOWS\system32\aalqgjfc.dll"
2008-05-17 15:10:16 2112 ( A.... ) "C:\WINDOWS\system32\bgnlyfrj.exe"
2008-05-17 15:08:26 100928 ( A.... ) "C:\WINDOWS\system32\vqdornol.dll"
2008-05-17 15:08:20 3648 ( A.... ) "C:\WINDOWS\system32\cxeacgrd.dll"
2008-05-15 01:39:48 106560 ( A.... ) "C:\WINDOWS\system32\xsfpaing.dll"
2008-05-15 01:36:48 105024 ( A.... ) "C:\WINDOWS\system32\qjkpnuup.dll"
2008-05-15 01:33:50 105024 ( A.... ) "C:\WINDOWS\system32\cusoeeja.dll"
2008-05-15 00:42:48 2112 ( A.... ) "C:\WINDOWS\system32\hvkwetdi.exe"
2008-05-15 00:39:48 106560 ( A.... ) "C:\WINDOWS\system32\yipdmwja.dll"
2008-05-15 00:33:48 105024 ( A.... ) "C:\WINDOWS\system32\wwtluaxr.dll"
2008-05-15 00:30:48 105024 ( A.... ) "C:\WINDOWS\system32\dsywijvx.dll"
2008-05-14 23:39:48 106560 ( A.... ) "C:\WINDOWS\system32\nhqylkyw.dll"
2008-05-14 23:36:48 2112 ( A.... ) "C:\WINDOWS\system32\bqpcvnrt.exe"
2008-05-14 23:30:48 105024 ( A.... ) "C:\WINDOWS\system32\vxqtaeyt.dll"
2008-05-14 23:27:48 105024 ( A.... ) "C:\WINDOWS\system32\kjtnxkmx.dll"
2008-05-14 22:38:28 106560 ( A.... ) "C:\WINDOWS\system32\lvnpjixl.dll"
2008-05-14 22:29:18 2112 ( A.... ) "C:\WINDOWS\system32\msyyusju.exe"
2008-05-14 22:26:40 105024 ( A.... ) "C:\WINDOWS\system32\tmqytnjx.dll"
2008-05-14 22:23:40 105024 ( A.... ) "C:\WINDOWS\system32\ligodtmu.dll"
2008-05-14 21:29:40 2112 ( A.... ) "C:\WINDOWS\system32\xwgngyyc.exe"
2008-05-14 21:26:50 106560 ( A.... ) "C:\WINDOWS\system32\peoqmovy.dll"
2008-05-14 21:25:36 96832 ( A.... ) "C:\WINDOWS\system32\apnjibtj.dll"
2008-05-14 21:25:30 105024 ( A.... ) "C:\WINDOWS\system32\svnvywob.dll"
2008-05-14 21:22:36 106560 ( A.... ) "C:\WINDOWS\system32\irqpktak.dll"
2008-05-14 21:22:36 2112 ( A.... ) "C:\WINDOWS\system32\mtlqytoh.exe"
2008-05-14 21:22:30 105024 ( A.... ) "C:\WINDOWS\system32\ivgslbnv.dll"
2008-05-14 21:12:12 ( .D... ) "C:\Program Files\office 2007"
2008-05-14 20:31:30 106560 ( A.... ) "C:\WINDOWS\system32\djqmtkvg.dll"
2008-05-14 20:25:30 2112 ( A.... ) "C:\WINDOWS\system32\ubkiirmn.exe"
2008-05-14 20:22:30 105024 ( A.... ) "C:\WINDOWS\system32\vwukfybh.dll"
2008-05-14 20:19:30 105024 ( A.... ) "C:\WINDOWS\system32\tuuuakpw.dll"
2008-05-14 20:17:50 105024 ( A.... ) "C:\WINDOWS\system32\sdaftcvf.dll"
2008-05-14 19:31:30 2112 ( A.... ) "C:\WINDOWS\system32\brqaoody.exe"
2008-05-14 19:28:42 106560 ( A.... ) "C:\WINDOWS\system32\nwsglcxo.dll"
2008-05-14 19:28:24 106560 ( A.... ) "C:\WINDOWS\system32\ukuhgccx.dll"
2008-05-14 19:25:24 2112 ( A.... ) "C:\WINDOWS\system32\uxtomvsb.exe"
2008-05-14 19:22:24 2112 ( A.... ) "C:\WINDOWS\system32\sajhsomc.exe"
2008-05-14 19:19:24 2112 ( A.... ) "C:\WINDOWS\system32\ttaspvep.exe"
2008-05-14 19:16:24 96832 ( A.... ) "C:\WINDOWS\system32\dlfvupao.dll"
2008-05-14 19:13:24 105024 ( A.... ) "C:\WINDOWS\system32\pkkcbtno.dll"
2008-05-14 19:10:24 105024 ( A.... ) "C:\WINDOWS\system32\jqfgqgrh.dll"
2008-05-14 16:48:46 ( .D... ) "C:\Program Files\DiskTrix"
2008-05-14 13:00:54 ( .D... ) "C:\Program Files\Registry Mechanic"
2008-05-14 12:54:54 ( .D... ) "C:\Documents and Settings\Kasey Bennett1\Application Data\WinRAR"
2008-05-14 03:50:14 106560 ( A.... ) "C:\WINDOWS\system32\rpsqkmge.dll"
2008-05-07 19:10:48 2112 ( A.... ) "C:\WINDOWS\system32\bfuesken.exe"
2008-05-07 19:07:50 106560 ( A.... ) "C:\WINDOWS\system32\iobmntgg.dll"
2008-05-07 19:01:50 105024 ( A.... ) "C:\WINDOWS\system32\hfitubsb.dll"
2008-05-06 19:02:28 2112 ( A.... ) "C:\WINDOWS\system32\sstprjdl.exe"
2008-05-06 18:59:40 108608 ( A.... ) "C:\WINDOWS\system32\ircyandq.dll"
2008-05-06 18:59:28 104512 ( A.... ) "C:\WINDOWS\system32\tiywbcsb.dll"
2008-05-05 19:01:42 107584 ( A.... ) "C:\WINDOWS\system32\hrchnqwy.dll"
2008-05-05 18:59:02 96832 ( A.... ) "C:\WINDOWS\system32\bntxurgq.dll"
2008-05-05 18:58:54 104000 ( A.... ) "C:\WINDOWS\system32\gftaworw.dll"
2008-05-04 19:04:18 108096 ( A.... ) "C:\WINDOWS\system32\vsudsxvl.dll"
2008-05-04 18:58:08 104512 ( A.... ) "C:\WINDOWS\system32\sgbcwwxl.dll"
2008-05-04 18:56:42 104512 ( A.... ) "C:\WINDOWS\system32\mgujffjy.dll"
2008-05-02 00:44:32 107072 ( A.... ) "C:\WINDOWS\system32\txlscink.dll"
2008-05-02 00:38:32 107072 ( A.... ) "C:\WINDOWS\system32\yktnlkpu.dll"
2008-05-01 00:37:28 105536 ( A.... ) "C:\WINDOWS\system32\gbwkuayi.dll"
2008-05-01 00:37:04 104512 ( A.... ) "C:\WINDOWS\system32\eeueaeep.dll"
2008-04-29 20:50:42 107072 ( A.... ) "C:\WINDOWS\system32\arbarnni.dll"
2008-04-29 20:45:10 104512 ( A.... ) "C:\WINDOWS\system32\bagncdpq.dll"
2008-04-29 20:44:02 104512 ( A.... ) "C:\WINDOWS\system32\ocyixowp.dll"
2008-04-28 14:05:16 108608 ( A.... ) "C:\WINDOWS\system32\mbnwqdux.dll"
2008-04-28 14:05:02 104000 ( A.... ) "C:\WINDOWS\system32\udjnognc.dll"
2008-04-28 11:44:30 100416 ( A.... ) "C:\WINDOWS\system32\usvjigbc.dll"
2008-04-27 21:23:14 106048 ( A.... ) "C:\WINDOWS\system32\ojljigfw.dll"
2008-04-26 19:55:24 106048 ( A.... ) "C:\WINDOWS\system32\mkkijkvb.dll"
2008-04-25 09:21:26 2560 ( A.... ) "C:\WINDOWS\system32\bitcometres.dll"
2008-04-25 08:46:46 ( .D... ) "C:\Program Files\Stardock"
2008-04-25 03:14:32 ( .D... ) "C:\Documents and Settings\Kasey Bennett1\Application Data\Talkback"
2008-04-24 17:21:24 100416 ( A.... ) "C:\WINDOWS\system32\vslanudt.dll"
2008-04-24 17:15:24 96320 ( A.... ) "C:\WINDOWS\system32\tsetvwvu.dll"
2008-04-23 15:02:40 93248 ( A.... ) "C:\WINDOWS\system32\ubpthait.dll"
2008-04-23 14:56:48 95808 ( A.... ) "C:\WINDOWS\system32\vtquvsfu.dll"
2008-04-23 01:03:32 ( .D... ) "C:\Documents and Settings\Kasey Bennett1\Application Data\Nero"
2008-04-23 00:50:34 272384 ( A.... ) "C:\WINDOWS\system32\jkkKcBrq.dll"
2008-04-23 00:36:16 38400 ( A.... ) "C:\WINDOWS\system32\urqOEuTM.dll"
2008-04-23 00:36:16 38400 ( A.... ) "C:\WINDOWS\system32\ddcawxYQ.dll"
2008-04-09 00:14:16 ( .D... ) "C:\Program Files\iPod"
2008-04-06 18:52:42 ( .D... ) "C:\Documents and Settings\Kasey Bennett1\Application Data\skypePM"
2008-04-06 18:44:40 ( .D... ) "C:\Documents and Settings\Kasey Bennett1\Application Data\Skype"
2008-04-06 18:42:36 ( .D... ) "C:\Program Files\Skype"
2008-04-06 18:42:34 ( .D... ) "C:\Program Files\Common Files\Skype"
2008-03-19 02:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"
2008-03-01 18:36:30 3591680 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2008-03-01 06:06:32 826368 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2008-03-01 06:06:30 1159680 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2008-03-01 06:06:30 671232 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2008-03-01 06:06:30 233472 ( A.... ) "C:\WINDOWS\system32\webcheck.dll"
2008-03-01 06:06:30 105984 ( A.... ) "C:\WINDOWS\system32\url.dll"
2008-03-01 06:06:30 102912 ( A.... ) "C:\WINDOWS\system32\occache.dll"
2008-03-01 06:06:30 44544 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2008-03-01 06:06:28 478208 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2008-03-01 06:06:28 193024 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2008-03-01 06:06:26 459264 ( A.... ) "C:\WINDOWS\system32\msfeeds.dll"
2008-03-01 06:06:26 267776 ( A.... ) "C:\WINDOWS\system32\iertutil.dll"
2008-03-01 06:06:26 52224 ( A.... ) "C:\WINDOWS\system32\msfeedsbs.dll"
2008-03-01 06:06:26 27648 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2008-03-01 06:06:24 6066176 ( A.... ) "C:\WINDOWS\system32\ieframe.dll"
2008-03-01 06:06:24 44544 ( A.... ) "C:\WINDOWS\system32\iernonce.dll"
2008-03-01 06:06:22 384512 ( A.... ) "C:\WINDOWS\system32\iedkcs32.dll"
2008-03-01 06:06:22 383488 ( A.... ) "C:\WINDOWS\system32\ieapfltr.dll"
2008-03-01 06:06:22 347136 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2008-03-01 06:06:22 230400 ( A.... ) "C:\WINDOWS\system32\ieaksie.dll"
2008-03-01 06:06:22 214528 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2008-03-01 06:06:22 153088 ( A.... ) "C:\WINDOWS\system32\ieakeng.dll"
2008-03-01 06:06:22 133120 ( A.... ) "C:\WINDOWS\system32\extmgr.dll"
2008-03-01 06:06:22 63488 ( A.... ) "C:\WINDOWS\system32\icardie.dll"
2008-03-01 06:06:20 124928 ( A.... ) "C:\WINDOWS\system32\advpack.dll"
2008-02-29 01:55:24 70656 ( A.... ) "C:\WINDOWS\system32\ie4uinit.exe"
2008-02-28 13:26:06 1414440 ( A.... ) "C:\WINDOWS\system32\ShellManager310E2D762.dll"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"RegistryMechanic"=""
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"BM1725a549"="Rundll32.exe \"C:\\WINDOWS\\system32\\gfvuqqes.dll\",s"
"141696d5"="rundll32.exe \"C:\\WINDOWS\\system32\\hxckwbnd.dll\",b"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\" /tray"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9c.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Photosmart Premier Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Photosmart Premier Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\141696d5]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ciftxhoq"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\ciftxhoq.dll\",b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitComet"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitComet\\BitComet.exe\" /tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM1725a549]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hfitubsb"
"hkey"="HKLM"
"command"="Rundll32.exe \"C:\\WINDOWS\\system32\\hfitubsb.dll\",s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cpqset"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeleteLog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DeleteLog"
"hkey"="HKLM"
"command"="c:\\windows\\system32\\oobe\\DeleteLog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DetectorApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sonic\\DigitalMedia Plus v7\\MyDVD Plus\\DetectorApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EabServr"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcescomm"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CHDAudPropShortcut"
"hkey"="HKLM"
"command"="CHDAudPropShortcut.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Wireless Assistant"
"hkey"="HKLM"
"command"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxpers"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxpers.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMIndexStoreSvr"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBKeyScan"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QPService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QTTask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RecGuard"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remind_XP"
"hkey"="HKLM"
"command"="C:\\Windows\\CREATOR\\Remind_XP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"


Contents of the 'Scheduled Tasks' folder

Completion time: Tue 05/27/2008 20:14:45.89
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
See less See more
Save
Like
Ried
Hello ajmart9,

That is a log from a terribly outdated version of ComboFix. Please delete your existing ComboFix.exe immediately.

Before we do anything, I'd like to see the following:


As noted in the final step (Step 5) of our sticky topic IMPORTANT - Read This Before Posting For Malware Removal Help....

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt
See less See more
Save
Like
1 - 3 of 3 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top