Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » My laptop acting funny, HJT Log attached

[Fixed] Hijackthis! Logs - My laptop acting funny, HJT Log attached posted in the Security & Safety forums; My laptop started acting funny wjile using it and also gives some errors after startup. This all started when i inserted a friends flash in my PC, I have avast ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 03-05-2008
faraz_k86's Avatar
Gold Member
  
Join Date: Jan 2006
Posts: 255
PC Experience: Experienced
faraz_k86 - See this Members User comments on their Profile page
Exclamation My laptop acting funny, HJT Log attached
My laptop started acting funny wjile using it and also gives some errors after startup.

This all started when i inserted a friends flash in my PC, I have avast antivirus wjich i keep updated always, it detected a couple of viruses and cleaned em.


anyways here is my hjt log, im attaching it.

thanks
Attached Files
File Type: log hijackthis.log (5.9 KB, 2 views)


  #2  
Old 03-05-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,534
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: My laptop acting funny, HJT Log attached
Please copy and paste logs rather than attatch them...thanks



Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.
=================================

Ok.We also need to download ComboFix.exe.
Please visit this webpage for download links, and instructions for running the tool

When the tool is finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a security analyst.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 03-06-2008
faraz_k86's Avatar
Gold Member
  
Join Date: Jan 2006
Posts: 255
PC Experience: Experienced
faraz_k86 - See this Members User comments on their Profile page
Default Re: My laptop acting funny, HJT Log attached
thanks pancake, here is the report,

SDFix: Version 1.153

Run by Faraz Ahmed on Thu 03/06/2008 at 03:47 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 15:52:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbi t"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orb it"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 4 Mar 2008 107,057 ..SHR --- "C:\uisvkqr.exe"
Wed 5 Mar 2008 107,146 ..SHR --- "C:\i.exe"
Fri 22 Feb 2008 107,309 ..SHR --- "C:\oufddh.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Wed 5 Mar 2008 107,146 ..SHR --- "C:\WINDOWS\system32\amvo.exe"
Thu 6 Mar 2008 71,680 ..SHR --- "C:\WINDOWS\system32\amvo0.dll"
Wed 5 Mar 2008 71,680 ..SHR --- "C:\WINDOWS\system32\amvo1.dll"
Thu 2 Mar 2006 23,040 A..H. --- "C:\Faraz Ahmed\Ordinary Files\~WRL1296.tmp"
Tue 24 Apr 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Wed 22 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Mon 16 Jul 2001 400 A..H. --- "C:\Faraz Ahmed\Ordinary Files\Programs or .exe files\Real Player collection\Real One Player 2.0 GOld\sminfo.sys"

Finished!
  #4  
Old 03-06-2008
faraz_k86's Avatar
Gold Member
  
Join Date: Jan 2006
Posts: 255
PC Experience: Experienced
faraz_k86 - See this Members User comments on their Profile page
Default Re: My laptop acting funny, HJT Log attached
but every drive still opens in a new window????
  #5  
Old 03-06-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,534
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: My laptop acting funny, HJT Log attached
I need that Combofix log before I can carry on with the fix..


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #6  
Old 03-07-2008
faraz_k86's Avatar
Gold Member
  
Join Date: Jan 2006
Posts: 255
PC Experience: Experienced
faraz_k86 - See this Members User comments on their Profile page
Default Re: My laptop acting funny, HJT Log attached
here is the combofix log:

ComboFix 08-03-05.3 - Faraz Ahmed 2008-03-07 8:03:51.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.261 [GMT 5:00]
Running from: C:\Documents and Settings\Faraz Ahmed\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\i.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
X:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-07 07:13 . 2004-08-04 00:56 388,608 --a------ C:\CF633.exe
2008-03-06 15:55 . 2008-03-06 15:55 106,068 -r-hs---- C:\xpbkh.com
2008-03-06 15:46 . 2004-08-04 00:56 577,024 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-03-06 15:44 . 2008-03-06 15:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-06 15:41 . 2008-03-05 02:37 <DIR> d-------- C:\SDFix
2008-03-05 15:30 . 2008-03-05 15:30 <DIR> d-------- C:\HijackThis
2008-03-05 00:44 . 2008-03-05 00:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 22:48 . 2008-03-04 22:48 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-04 22:04 . 2008-03-04 22:04 107,057 -r-hs---- C:\uisvkqr.exe
2008-03-04 19:21 . 2008-02-22 08:07 107,309 -r-hs---- C:\oufddh.exe
2008-03-04 19:18 . 2008-03-04 19:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2008-03-03 22:25 . 2008-03-03 22:25 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-02 11:49 . 2005-10-18 10:36 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-03-02 11:49 . 1999-12-14 01:57 41,008 --a------ C:\WINDOWS\system32\DCSysTray.ocx
2008-02-25 09:20 . 2008-02-25 09:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2008-02-25 08:56 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-25 08:55 . 2008-02-25 08:55 <DIR> d-------- C:\Program Files\Ad Word Analyzer
2008-02-24 15:42 . 2008-02-24 15:42 <DIR> d-------- C:\Program Files\Bonjour
2008-02-24 15:36 . 2008-02-24 15:36 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-24 12:34 . 2008-03-07 08:02 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{53D6F619-E891-4E2F-84E9-735E2C2C1EA2}
2008-02-22 19:11 . 2008-02-22 19:11 <DIR> d-------- C:\Westwood
2008-02-22 19:11 . 2008-02-22 19:11 <DIR> d-------- C:\Documents and Settings\Faraz Ahmed\WINDOWS
2008-02-22 19:11 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-02-17 16:11 . 2008-02-17 16:11 <DIR> d-------- C:\Program Files\Force5
2008-02-17 16:11 . 2004-02-10 23:32 491,520 --a------ C:\WINDOWS\system32\vbalSGrid6.ocx
2008-02-17 16:11 . 2005-09-10 15:57 143,360 --a------ C:\WINDOWS\system32\vbMHWB.dll
2008-02-17 16:11 . 2000-05-22 15:58 140,488 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-02-17 16:11 . 2003-04-01 06:36 94,208 --a------ C:\WINDOWS\system32\vbalIml6.ocx
2008-02-17 16:11 . 2006-01-11 04:13 69,632 --a------ C:\WINDOWS\system32\sfFrameControl.ocx
2008-02-17 16:11 . 2003-01-26 12:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-02-16 08:48 . 2008-02-16 08:48 <DIR> d-------- C:\Program Files\Comical
2008-02-15 08:14 . 2008-02-15 08:14 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-02-15 08:14 . 2008-02-15 08:14 <DIR> d-------- C:\Program Files\Tablet
2008-02-15 08:14 . 2005-01-10 16:10 1,425,408 --------- C:\WINDOWS\system32\PenTablet.cpl
2008-02-15 08:14 . 2005-01-10 15:49 1,343,424 --------- C:\WINDOWS\system32\PenTablet.znc
2008-02-15 08:14 . 2005-01-10 16:10 729,088 --------- C:\WINDOWS\system32\Tablet.exe
2008-02-15 08:14 . 2005-01-10 16:04 102,400 --------- C:\WINDOWS\system32\Wintab32.dll
2008-02-15 08:14 . 2005-01-10 16:02 44,544 --------- C:\WINDOWS\system32\TabHook.dll
2008-02-15 08:14 . 1999-05-07 13:12 15,744 --------- C:\WINDOWS\system32\Wintab.dll
2008-02-15 08:14 . 2008-03-06 15:51 12,398 --a------ C:\WINDOWS\system32\tablet.dat
2008-02-15 08:14 . 2001-04-09 17:45 8,138 --------- C:\WINDOWS\system32\drivers\PenClass.sys
2008-02-11 18:58 . 2008-02-11 18:58 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-11 18:58 . 2008-02-11 18:59 <DIR> d-------- C:\Documents and Settings\Faraz Ahmed\Application Data\DiVision Studios XAvenger Demo
2008-02-10 17:13 . 1997-04-02 07:04 482,576 --a------ C:\WINDOWS\system\Comctl32.dll
2008-02-10 17:11 . 2008-02-10 17:11 <DIR> d-------- C:\StarCraft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-06 16:49 --------- d-----w C:\Program Files\eRightSoft
2008-02-04 05:09 --------- d-----w C:\Program Files\DiskInternals
2008-02-01 13:34 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-01 13:34 --------- d-----w C:\Documents and Settings\Faraz Ahmed\Application Data\Thunderbird
2008-01-28 10:54 --------- d-----w C:\Documents and Settings\Faraz Ahmed\Application Data\vlc
2008-01-28 10:52 --------- d-----w C:\Program Files\VideoLAN
2008-01-26 02:04 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-01-26 02:03 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-23 20:16 --------- d-----w C:\Program Files\uTorrent
2008-01-23 20:16 --------- d-----w C:\Documents and Settings\Faraz Ahmed\Application Data\uTorrent
2008-01-17 17:11 --------- d-----w C:\Program Files\MSIDVD
2008-01-17 17:11 --------- d-----w C:\Program Files\CyberLink
2008-01-17 17:11 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2008-01-16 04:58 --------- d-----w C:\Program Files\Paint.NET
2008-01-16 03:10 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_6750.exe
2008-01-16 03:10 14,290 ----a-w C:\Program Files\settings.dat
2008-01-16 03:10 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-01-16 03:10 --------- d-----w C:\Program Files\PDFCreator
2008-01-15 13:24 --------- d-----w C:\Documents and Settings\Faraz Ahmed\Application Data\AdobeUM
2008-01-15 13:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-15 03:26 --------- d-----w C:\Program Files\FLVPlayer
2008-01-14 03:50 --------- d-----w C:\Program Files\FileZilla
2008-01-13 17:44 --------- d-----w C:\Program Files\Orbitdownloader
2008-01-13 17:44 --------- d-----w C:\Documents and Settings\Faraz Ahmed\Application Data\Orbit
2007-12-21 06:45 558,142 ----a-w C:\WINDOWS\java\Packages\39FVTVDJ.ZIP
2007-12-21 06:45 155,995 ----a-w C:\WINDOWS\java\Packages\CUSYI7FD.ZIP
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 14:17 192512]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 15:29 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-06-06 14:18 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-06-21 11:51 81920]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-23 10:31 126976]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 18:00 79224]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-02-15 08:14:19 106496]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-01-13 22:44:40 1674432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.s ys [2006-10-23 18:20]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.s ys [2003-04-28 11:27]
R1 IfsDrives;IfsDrives;C:\WINDOWS\system32\DRIVERS\If sDrives.sys [2004-09-25 00:28]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\System32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\System32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.s ys [2005-01-14 15:57]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutto n.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\X]
\Shell\AutoRun\command - X:\xpbkh.com
\Shell\explore\Command - X:\xpbkh.com
\Shell\open\Command - X:\xpbkh.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{11809950-b70a-11dc-8f3c-000ae4f38616}]
\Shell\AutoRun\command - E:\oufddh.exe
\Shell\explore\Command - E:\oufddh.exe
\Shell\open\Command - E:\oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2cd41e1f-af8a-11dc-b91e-806d6172696f}]
\Shell\AutoRun\command - C:\xpbkh.com
\Shell\explore\Command - C:\xpbkh.com
\Shell\open\Command - C:\xpbkh.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{efe54874-e9f5-11dc-8f7f-000ae4f38616}]
\Shell\AutoRun\command - E:\i.exe
\Shell\explore\Command - E:\i.exe
\Shell\open\Command - E:\i.exe

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 08:05:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-03-07 8:05:27
ComboFix-quarantined-files.txt 2008-03-07 03:05:26

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 1 of 2 1 2 >

Bookmarks

« Spybot found me some Spyware | [Resolved] Windows cannot find C:\Windows\Winlogon.exe »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
hjt log bluR [Fixed] Hijackthis! Logs 9 11-16-2007 04:57 AM
HELP ME PLEASE, spyware, HJT log amazing_race [Fixed] Hijackthis! Logs 16 10-31-2007 10:03 PM
[Pending] Slow PC - HJT log attached Jim0203 [Fixed] Hijackthis! Logs 3 08-22-2007 01:45 PM
[Resolved] Computer Worries - HJT log - Help please? heather2055 [Fixed] Hijackthis! Logs 2 12-22-2006 12:25 AM
[Pending] new hjt user needs advise on log file kalderz [Fixed] Hijackthis! Logs 4 09-06-2005 08:26 PM

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 11:12 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top