Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help With Rootkit, Hijack This

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help With Rootkit, Hijack This

Unread postby laurae » April 19th, 2009, 10:51 am

I'm a member of a very helpful forum and the moderator determined through a lot of hard work on her part that I have a rootkit installed on my computer and that I would need to reformat in order for my computer to ever be 'trustworthy' again. I want to avoid this at all costs, but of course I will if I have to. My husband directed me here and said that ya'll have been successful with removing rootkits and I figured I'd give it a try. I'm including the last Hijack I did, as well as the last Combofix that J. had me run, which included some scripts. Thanks for any help you can give me.

Logfile of HijackThis v1.99.1
Scan saved at 10:06:23 AM, on 4/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Documents and Settings\Laura\My Documents\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate Page - http://www.geocities.com/mockba80/translate1.0.txt
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=27986
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.phreik.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


ComboFix 09-04-19.05 - Laura 04/19/2009 9:20.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.599 [GMT -4:00]
Running from: c:\documents and settings\Laura\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Laura\Desktop\CFScript.txt
AV: Trend Micro PC-cillin Internet Security 2007 *On-access scanning disabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled*
* Created a new restore point

FILE ::
C:\32788R22FWJFW.0.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\32788R22FWJFW.0.tmp
c:\32788r22fwjfw.0.tmp\License\Curl - license.txt
c:\32788r22fwjfw.0.tmp\License\dumphive-license.txt
c:\32788r22fwjfw.0.tmp\License\EXTRACT.TXT
c:\32788r22fwjfw.0.tmp\License\FI - license.txt
c:\32788r22fwjfw.0.tmp\License\mtee.txt.txt
c:\32788r22fwjfw.0.tmp\License\pv_5_2_2.zip
c:\32788r22fwjfw.0.tmp\License\streamtools.zip
c:\32788r22fwjfw.0.tmp\License\UnxUtilsDist.html
c:\32788r22fwjfw.0.tmp\License\Zip - license.txt
c:\32788r22fwjfw.0.tmp\N_\11100
c:\32788r22fwjfw.0.tmp\N_\11749
c:\32788r22fwjfw.0.tmp\N_\18578
c:\32788r22fwjfw.0.tmp\N_\32343
c:\32788r22fwjfw.0.tmp\N_\32631
c:\32788r22fwjfw.0.tmp\N_\N
c:\32788r22fwjfw.0.tmp\pev.cfexe
c:\32788r22fwjfw.0.tmp\pev.exe
c:\32788r22fwjfw.0.tmp\Policies.dat
c:\32788r22fwjfw.0.tmp\Prep.cmd
c:\32788r22fwjfw.0.tmp\Prep.inf
c:\32788r22fwjfw.0.tmp\psexec.cfexe
c:\32788r22fwjfw.0.tmp\Purity.dat
c:\32788r22fwjfw.0.tmp\pv.cfexe
c:\32788r22fwjfw.0.tmp\RCLink
c:\32788r22fwjfw.0.tmp\REGDACL.sed
c:\32788r22fwjfw.0.tmp\RegDo.sed
c:\32788r22fwjfw.0.tmp\region.dat
c:\32788r22fwjfw.0.tmp\RegScan.cmd
c:\32788r22fwjfw.0.tmp\Resident.txt
c:\32788r22fwjfw.0.tmp\restore_pt.vbs
c:\32788r22fwjfw.0.tmp\RestoreO4.bat
c:\32788r22fwjfw.0.tmp\Rkey.cmd
c:\32788r22fwjfw.0.tmp\rogues.dat
c:\32788r22fwjfw.0.tmp\run2.sed
c:\32788r22fwjfw.0.tmp\safeboot.dat
c:\32788r22fwjfw.0.tmp\safeboot.def.dat
c:\32788r22fwjfw.0.tmp\safeboot.def.vista.dat
c:\32788r22fwjfw.0.tmp\SafeBootRepair.bat
c:\32788r22fwjfw.0.tmp\sed.cfexe
c:\32788r22fwjfw.0.tmp\SetEnvmt.bat
c:\32788r22fwjfw.0.tmp\setpath.cfexe
c:\32788r22fwjfw.0.tmp\SF.exe
c:\32788r22fwjfw.0.tmp\sfx.cmd
c:\32788r22fwjfw.0.tmp\SnapShot.cmd
c:\32788r22fwjfw.0.tmp\SRestore.cmd
c:\32788r22fwjfw.0.tmp\srizbi.md5
c:\32788r22fwjfw.0.tmp\SuppScan.cmd
c:\32788r22fwjfw.0.tmp\svc_wht.dat
c:\32788r22fwjfw.0.tmp\SvcDrv.vbs
c:\32788r22fwjfw.0.tmp\svchost.dat
c:\32788r22fwjfw.0.tmp\svchost.vista.dat
c:\32788r22fwjfw.0.tmp\swreg.exe
c:\32788r22fwjfw.0.tmp\swsc.cfexe
c:\32788r22fwjfw.0.tmp\swxcacls.cfexe
c:\32788r22fwjfw.0.tmp\system_ini.dat
c:\32788r22fwjfw.0.tmp\tail.cfexe
c:\32788r22fwjfw.0.tmp\toolbar.sed
c:\32788r22fwjfw.0.tmp\unzip.cfexe
c:\32788r22fwjfw.0.tmp\Update-CF.cmd
c:\32788r22fwjfw.0.tmp\vistareg.dat
c:\32788r22fwjfw.0.tmp\w2kreg.dat
c:\32788r22fwjfw.0.tmp\xpreg.dat
c:\32788r22fwjfw.0.tmp\zDomain.dat
c:\32788r22fwjfw.0.tmp\zhsvc.dat
c:\32788r22fwjfw.0.tmp\zip.cfexe
c:\windows\system32\drivers\nicsk32.sys

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 13:19 . 2007-06-15 01:19 -------- d-----w c:\documents and settings\Laura\Application Data\MSN6
2009-03-06 14:00 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-01 17:46 . 2009-03-01 17:47 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-01 17:46 . 2009-03-01 17:46 -------- d-----w c:\program files\Java
2009-03-01 15:31 . 2009-03-01 15:31 -------- d-----w c:\documents and settings\Laura\Application Data\Malwarebytes
2009-03-01 15:31 . 2009-03-01 15:31 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-01 15:31 . 2009-03-01 15:31 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 08:30 . 2006-03-04 03:33 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2004-08-04 10:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2004-08-04 10:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2004-08-04 10:00 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-04 10:00 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-04 10:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2004-08-04 10:00 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:32 . 2005-03-30 01:23 2186112 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2004-08-04 10:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2004-08-04 10:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2005-03-30 01:01 2062976 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-04 10:00 55808 ----a-w c:\windows\system32\secur32.dll
2007-06-16 16:42 . 2007-06-15 03:42 66072 ----a-w c:\documents and settings\Laura\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-30 19:22 . 2007-06-30 19:22 8 --sh--r c:\windows\system32\BCF08896D3.sys
2007-06-30 19:23 . 2007-06-30 19:18 2828 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 3429904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=
"c:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 nicsk32;nicsk32; [x]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-12-29 480784]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-12-29 943696]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-12-29 566872]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2006-12-29 288848]

.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Translate Page - http://www.geocities.com/mockba80/translate1.0.txt
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 09:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1296)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\SmartFTP Client\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Apoint\hidfind.exe
c:\progra~1\TRENDM~1\INTERN~1\PcScnSrv.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-19 9:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 13:31
ComboFix2.txt 2009-04-19 12:34
ComboFix3.txt 2009-04-19 01:39

Pre-Run: 47,373,778,944 bytes free
Post-Run: 47,370,600,448 bytes free

197 --- E O F --- 2009-04-17 07:06
laurae
Active Member
 
Posts: 1
Joined: April 19th, 2009, 10:32 am
Advertisement
Register to Remove

Re: Help With Rootkit, Hijack This

Unread postby MWR 3 day Mod » April 28th, 2009, 3:55 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Help With Rootkit, Hijack This

Unread postby Shaba » May 1st, 2009, 4:00 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware