|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
January 19th, 2008, 11:28 PM
|
||||
|
||||
|
Error during booting
Whenever i boot up my pc i keep getting this message.
Windows cannot find C:\Windows\system32\awtqr.exe make sure typed correctly and then try again. To search for file click the start button and then click search.[/ Can you help me, plz and ty. 
|
|
#2
January 21st, 2008, 01:08 PM
|
|||
|
|||
|
Hello junlee,
This is a malware file that it is supposed to load on startup, but it probably doesn't exist anymore and this is the reason you see this message every time you boot. Usually infections install more files in a system, let's see what's running in your system. Please download HijackThis from here. Click on the downloaded file to run it and select "Do a system scan and save a logfile". Use copy/paste and post back here the log it creates for review. ~~~~~~~~~~~ I would also like to see another kind of scan, go here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here. Please post back the HijackThis log and the Silent Runners log.
|
|
#3
January 21st, 2008, 03:43 PM
|
||||
|
||||
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:50 AM, on 1/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jun Lee\Desktop\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F3 - REG:win.ini: load=C:\WINDOWS\system32\awtqr.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196301569458 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SphtBot Profile Launcher (SBProfileLauncher) - Unknown owner - C:\Documents and Settings\Jun Lee\Desktop\New Folder (3)\ProfileLauncher.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11430 bytes
|
|
#4
January 21st, 2008, 03:44 PM
|
||||
|
||||
|
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++} "Aim6" = (empty string) [file not found] "NVIDIA nTune" = ""C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear" ["NVIDIA"] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" ["Google Inc."] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Steam" = ""C:\Program Files\Steam\Steam.exe" -silent" ["Valve Corporation"] "Router" = "C:\Program Files\Router\Router.exe" [file not found] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Words" = "C:\Program Files\Words\Words.exe" [file not found] "DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" ["Intel Corporation"] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "Symantec PIF AlertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"] "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask .exe" -atboottime" ["Apple Inc."] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll" ["Symantec Corporation"] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll" ["BitComet"] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "My Sharing Folders" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.d ll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.d ll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "load" = "C:\WINDOWS\system32\awtqr.exe" [file not found] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.D LL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\ "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Jun Lee\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Startup items in "Jun Lee" & "All Users" startup folders: --------------------------------------------------------- C:\Documents and Settings\Jun Lee\Start Menu\Programs\Startup "Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
|
|
#5
January 21st, 2008, 03:44 PM
|
||||
|
||||
|
Toolbars, Explorer Bars, Extensions:
------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar" -> {HKLM...CLSID} = "Show Norton Toolbar" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll" ["Symantec Corporation"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Send to OneNote" "MenuText" = "S&end to OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {77BF5300-1474-4EC7-9980-D32B190E9B07}\ "ButtonText" = "Skype" "CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\ "ButtonText" = "BitComet" "Script" = "res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206" ["BitComet"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."] Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"] Intel(R) Matrix Storage Event Monitor, IAANTMon, "C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe" ["Intel Corporation"] iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"] NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"] nTune Service, nTuneService, "C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService" ["NVIDIA"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data] Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Viewpoint Manager Service, Viewpoint Manager Service, ""C:\Program Files\Viewpoint\Common\ViewpointService.exe"" ["Viewpoint Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\ Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2008-01-21 09:41:27) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 74 seconds, including 21 seconds for message boxes)
|
|
#6
January 21st, 2008, 07:20 PM
|
|||
|
|||
|
Yes, that file was supposed to load early on startup.
Download Combofix.exe and save it to your desktop. Disable your Antivirus (Important!). Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please copy/paste that log back here together with a new HijackThis log. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. ~~~~~~~~~~~~~~ I have limited information on an entry. Do you know what this is? O23 - Service: SphtBot Profile Launcher (SBProfileLauncher) - Unknown owner - C:\Documents and Settings\Jun Lee\Desktop\New Folder (3)\ProfileLauncher.exe (file missing) If you don't, please make sure you can View Hidden Files and Folders first and go here or here and upload the following file(s) for a scan, after the scan is completed please copy and paste the results back here: C:\Documents and Settings\Jun Lee\Desktop\New Folder (3)\ProfileLauncher.exe Post back the Combofix report along with a new HijackThis log and a new Silent Runners report. Also any information you can provide on the entry I asked you or the results from VirusTotal or Jotti please.
|
|
#7
January 21st, 2008, 10:58 PM
|
||||
|
||||
|
Combofix part1
ComboFix 08-01-20.1 - Jun Lee 2008-01-21 16:54:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1344 [GMT -5:00] Running from: C:\Documents and Settings\Jun Lee\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Common Files\Yazzle1848OinUninstaller.exe C:\Program Files\inetget2 C:\Program Files\Router C:\Program Files\Temporary C:\Program Files\Words C:\Program Files\Words\list.txt C:\Program Files\Words\script.txt C:\WINDOWS\b143.exe C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\rqtwa.ini C:\WINDOWS\system32\rqtwa.ini2 . ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-21 16:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-20 18:08 . 2008-01-20 22:32 <DIR> d---s---- C:\Program Files\Xfire 2008-01-20 18:08 . 2008-01-20 22:33 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\Xfire 2008-01-20 18:05 . 2008-01-20 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-01-20 18:00 . 2008-01-20 18:00 <DIR> d-------- C:\Program Files\GALA-NET 2008-01-20 18:00 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl 2008-01-19 12:32 . 2008-01-19 12:35 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-01-19 12:32 . 2008-01-19 12:32 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\DAEMON Tools 2008-01-19 10:57 . 2008-01-19 10:57 <DIR> d-------- C:\Program Files\uTorrent 2008-01-19 10:57 . 2008-01-21 16:53 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\uTorrent 2008-01-19 10:07 . 2008-01-19 10:07 <DIR> d-------- C:\Program Files\Eidos 2008-01-13 19:49 . 2007-11-06 20:30 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-01-12 10:04 . 2008-01-12 10:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-01-12 10:04 . 2008-01-12 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-12 09:33 . 2008-01-17 08:21 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-12 00:37 . 2008-01-20 13:33 <DIR> d-------- C:\Program Files\Dot1XCfg 2008-01-11 16:05 . 2008-01-11 16:05 <DIR> d-------- C:\Program Files\DivX 2008-01-09 16:55 . 2003-10-27 14:06 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-01-09 16:55 . 2003-10-27 14:06 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-01-09 16:55 . 2003-10-27 14:06 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-01-09 16:55 . 2003-10-27 14:06 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2008-01-09 16:55 . 2003-10-27 14:06 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2008-01-09 16:55 . 2003-10-27 14:06 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca 2008-01-09 16:55 . 2003-10-27 14:06 29,184 --a------ C:\WINDOWS\system32\MSINET.oca 2008-01-09 16:55 . 2003-10-27 14:06 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe 2008-01-09 16:55 . 2003-10-27 14:06 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-01-09 16:50 . 2008-01-19 11:50 <DIR> d-------- C:\Program Files\UBISOFT 2008-01-05 18:59 . 2008-01-05 19:00 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\DAEMON Tools Pro 2008-01-05 18:53 . 2008-01-19 12:29 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2008-01-05 18:50 . 2008-01-06 11:18 <DIR> d-------- C:\WINDOWS\svchost 2008-01-05 18:50 . 2004-08-03 20:07 72,192 --a------ C:\WINDOWS\system32\data2.set 2008-01-05 18:50 . 2004-08-03 20:07 72,192 --a------ C:\WINDOWS\system32\data1.set 2008-01-05 18:50 . 2006-09-05 00:51 2,074 --a------ C:\WINDOWS\regedit.exe.reg 2008-01-05 18:35 . 2008-01-05 19:04 <DIR> d-------- C:\Program Files\The Witcher 2008-01-04 09:42 . 2008-01-05 09:50 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\Move Networks 2008-01-02 20:41 . 2008-01-02 20:41 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2008-01-02 20:41 . 2008-01-02 20:41 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2008-01-02 06:39 . 2008-01-02 06:39 244 --ah----- C:\sqmnoopt06.sqm 2008-01-02 06:39 . 2008-01-02 06:39 232 --ah----- C:\sqmdata06.sqm 2008-01-01 21:21 . 2008-01-01 21:21 244 --ah----- C:\sqmnoopt05.sqm 2008-01-01 21:21 . 2008-01-01 21:21 232 --ah----- C:\sqmdata05.sqm 2008-01-01 15:43 . 2008-01-01 15:43 244 --ah----- C:\sqmnoopt04.sqm 2008-01-01 15:43 . 2008-01-01 15:43 232 --ah----- C:\sqmdata04.sqm 2008-01-01 09:18 . 2008-01-01 09:18 244 --ah----- C:\sqmnoopt03.sqm 2008-01-01 09:18 . 2008-01-01 09:18 232 --ah----- C:\sqmdata03.sqm 2007-12-31 10:59 . 2007-12-31 10:59 <DIR> dr-h----- C:\Documents and Settings\Jun Lee\Application Data\SecuROM 2007-12-31 10:59 . 2008-01-19 12:26 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-12-31 10:44 . 2007-12-31 10:44 <DIR> d-------- C:\Program Files\Flagship Studios 2007-12-29 11:14 . 2007-12-29 11:14 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\InstallShield Installation Information 2007-12-29 10:57 . 2007-12-29 10:57 <DIR> d-------- C:\Program Files\Unreal Tournament 3 2007-12-29 09:50 . 2007-12-29 09:50 268 --ah----- C:\sqmdata02.sqm 2007-12-29 09:50 . 2007-12-29 09:50 244 --ah----- C:\sqmnoopt02.sqm 2007-12-29 09:31 . 2007-12-29 09:31 244 --ah----- C:\sqmnoopt01.sqm 2007-12-29 09:31 . 2007-12-29 09:31 232 --ah----- C:\sqmdata01.sqm 2007-12-24 10:04 . 2007-12-24 11:05 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll 2007-12-24 09:23 . 2007-12-24 09:23 319 --a------ C:\WINDOWS\game.ini 2007-12-24 09:10 . 2007-12-24 09:10 <DIR> d-------- C:\Program Files\Activision 2007-12-24 09:08 . 2007-12-24 09:08 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-12-23 08:40 . 2008-01-21 07:32 <DIR> d-------- C:\Program Files\Steam . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-01-20 23:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-20 23:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-20 21:56 --------- d-----w C:\Program Files\Warcraft III 2008-01-20 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-01-20 21:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-20 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-19 17:30 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-19 16:33 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Skype 2008-01-19 15:15 --------- d-----w C:\Program Files\Azureus 2008-01-19 15:12 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\skypePM 2008-01-19 15:07 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Azureus 2008-01-19 00:32 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2008-01-19 00:31 --------- d-----w C:\Program Files\QuickTime 2008-01-19 00:31 --------- d-----w C:\Program Files\Norton 360 2008-01-19 00:31 --------- d-----w C:\Program Files\iTunes 2008-01-12 15:05 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-11 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-06 14:27 --------- d-----w C:\Program Files\Final Fantasy VII 2007-12-29 15:56 --------- d-----w C:\Program Files\AGEIA Technologies 2007-12-29 15:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-27 15:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-27 15:58 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-24 14:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-24 14:24 22,328 ----a-w C:\Documents and Settings\Jun Lee\Application Data\PnkBstrK.sys 2007-12-20 16:51 --------- d-----w C:\Program Files\TriChlor 2007-12-16 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-16 18:42 --------- d-----w C:\Program Files\BitComet 2007-12-15 15:52 --------- d-----w C:\Program Files\Google 2007-12-15 01:09 --------- d-----w C:\Program Files\Square Soft, Inc 2007-12-14 23:40 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Ventrilo 2007-12-14 19:08 --------- d-----w C:\Program Files\Pcsx2 2007-12-12 00:23 --------- d-----w C:\Program Files\Ares 2007-12-11 04:04 --------- d-----w C:\Program Files\The Rosetta Stone 2007-12-11 02:06 --------- d-----w C:\Program Files\Java 2007-12-11 02:04 --------- d-----w C:\Program Files\Common Files\Java 2007-12-10 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-09 23:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-08 14:57 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Talkback 2007-12-08 14:52 --------- d-----w C:\Program Files\Picasa2 2007-12-08 14:51 --------- d-----w C:\Program Files\Norton Security Scan 2007-12-05 21:51 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Grisoft 2007-12-05 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-05 21:05 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-05 21:05 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-05 21:05 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-05 21:05 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-05 21:05 --------- d-----w C:\Program Files\Symantec 2007-12-05 03:56 --------- d-----w C:\Program Files\Jasc Software Inc 2007-12-05 03:56 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Jasc Software Inc 2007-12-05 03:55 --------- d-----w C:\Program Files\Dell Computer 2007-12-05 03:54 --------- d-----w C:\Program Files\Dell 720 2007-12-04 03:43 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2007-12-04 00:10 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2007-12-04 00:00 --------- d-----w C:\Program Files\Electronic Arts 2007-12-03 14:06 --------- d-----w C:\Program Files\MSXML 4.0 2007-12-02 16:56 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Nero 2007-12-02 16:55 --------- d-----w C:\Program Files\Common Files\Nero 2007-12-02 16:53 --------- d-----w C:\Program Files\Nero 2007-12-02 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2007-12-02 16:10 --------- d-----w C:\Program Files\MSBuild 2007-12-02 16:10 --------- d-----w C:\Program Files\Microsoft Works 2007-12-01 15:05 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-01 15:05 --------- d-----w C:\Program Files\Skype 2007-12-01 15:05 --------- d-----w C:\Program Files\Common Files\Skype 2007-12-01 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-01 06:40 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\vlc 2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-30 17:47 --------- d-----w C:\Program Files\Ventrilo 2007-11-30 17:41 --------- d-----w C:\Program Files\VideoLAN 2007-11-30 13:35 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Symantec 2007-11-29 23:29 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Viewpoint 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 20:35 --------- d-----w C:\Documents and Settings\Default User\Application Data\Apple Computer 2007-11-29 03:45 --------- d-----w C:\Program Files\NVIDIA Corporation 2007-11-29 03:18 --------- d-----w C:\Program Files\NVIDIA nTune Performance Application 2007-11-29 02:57 --------- d-----w C:\Program Files\iPod 2007-11-29 02:57 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Apple Computer 2007-11-29 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-29 02:56 --------- d-----w C:\Program Files\Common Files\Apple 2007-11-29 02:56 --------- d-----w C:\Program Files\Apple Software Update 2007-11-29 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-11-29 02:41 --------- d-----w C:\Program Files\Windows Live 2007-11-29 02:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2007-11-29 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-29 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-11-29 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-11-29 02:36 --------- d-----w C:\Program Files\Viewpoint 2007-11-29 02:36 --------- d-----w C:\Program Files\Common Files\AOL 2007-11-29 02:36 --------- d-----w C:\Program Files\AIM6 2007-11-29 02:36 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\acccore 2007-11-29 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint . Code:
<pre>
----a-w 970,752 2008-01-18 22:18:52 C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe
----a-w 202,024 2008-01-18 22:18:38 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor .exe
----a-w 115,816 2008-01-18 22:18:28 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 517,768 2008-01-19 00:31:33 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w 136,136 2008-01-17 20:43:59 C:\Program Files\DAEMON Tools Pro\DTProAgent .exe
----a-w 68,856 2008-01-18 22:18:41 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 139,264 2008-01-18 22:18:25 C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
----a-w 267,048 2008-01-18 22:18:25 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-18 22:18:28 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-18 22:19:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 31,016 2008-01-18 22:18:28 C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
----a-w 81,920 2008-01-18 22:18:34 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd .exe
----a-w 286,720 2008-01-19 00:33:21 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:07 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:08 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:08 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:09 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:10 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:11 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:12 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:12 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:13 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:13 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:14 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:16 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:18 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:19 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:20 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:22 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:23 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:24 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:25 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:25 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:26 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:27 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:28 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:28 C:\Program Files\QuickTime\qttask .exe
----a-w 1,266,936 2008-01-18 22:18:52 C:\Program Files\Steam\Steam .exe
----a-w 5,724,184 2008-01-16 18:52:21 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:45:46 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:45:55 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:03 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:12 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:21 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:31 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:41 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:50 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:59 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:47:07 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:47:17 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:47:26 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:47:43 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:47:53 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:48:01 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 01:12:19 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 15,360 2008-01-17 13:21:10 C:\WINDOWS\system32\ctfmon .exe
</pre>
|
|
#8
January 21st, 2008, 10:59 PM
|
||||
|
||||
|
combofix part2
-- Snapshot reset to current date --
. ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Aim6"="" [] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-01-18 19:33 81920] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-01-18 19:32 202024] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-18 19:32 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-18 19:32 15360] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-01-18 19:33 1266936] "Router"="C:\Program Files\Router\Router.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-18 19:33 1694208] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 11:51 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 20:30 8523776] "nwiz"="nwiz.exe" [2007-11-06 20:30 1626112 C:\WINDOWS\system32\nwiz.exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-01-18 19:32 139264] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-18 19:32 267048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-18 19:32 115816] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-18 19:32 517768] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-01-18 19:33 31016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-18 19:33 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-18 19:33 286720] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-11-06 20:30 81920] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-28 20:36:30 24576] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-01-18 19:32 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2005-11-07 05:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-01-18 19:33 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-20 13:42 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2005-03-22 17:20 339968 C:\WINDOWS\stsystra.exe R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38] S2 SBProfileLauncher;SphtBot Profile Launcher;C:\Documents and Settings\Jun Lee\Desktop\New Folder (3)\ProfileLauncher.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{55a3c243-a1e1-11dc-8555-00123f75d0fd}] \Shell\AutoRun\command - K:\Autorun.exe *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-21 13:24:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-21 16:57:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-01-21 16:57:48 ComboFix-quarantined-files.txt 2008-01-21 21:57:46 . 2008-01-09 14:13:35 --- E O F ---
|
|
#9
January 21st, 2008, 11:00 PM
|
||||
|
||||
|
Hijacklog
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:49 PM, on 1/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Jun Lee\Desktop\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196301569458 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SphtBot Profile Launcher (SBProfileLauncher) - Unknown owner - C:\Documents and Settings\Jun Lee\Desktop\New Folder (3)\ProfileLauncher.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11382 bytes
|
|
#10
January 21st, 2008, 11:01 PM
|
||||
|
||||
|
Silent runner part 1
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++} "Aim6" = (empty string) [file not found] "NVIDIA nTune" = ""C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear" ["NVIDIA"] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"" ["Nero AG"] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" ["Google Inc."] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Steam" = ""C:\Program Files\Steam\Steam.exe" -silent" ["Valve Corporation"] "Router" = "C:\Program Files\Router\Router.exe" [file not found] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" ["Intel Corporation"] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "Symantec PIF AlertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"] "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask .exe" -atboottime" ["Apple Inc."] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll" ["Symantec Corporation"] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll" ["BitComet"] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "My Sharing Folders" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.d ll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.d ll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.D LL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on}
|
|
#11
January 21st, 2008, 11:02 PM
|
||||
|
||||
|
Silent runner part 2
Active Desktop and Wallpaper:
----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Jun Lee\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Startup items in "Jun Lee" & "All Users" startup folders: --------------------------------------------------------- C:\Documents and Settings\Jun Lee\Start Menu\Programs\Startup "Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Send to OneNote" "MenuText" = "S&end to OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {77BF5300-1474-4EC7-9980-D32B190E9B07}\ "ButtonText" = "Skype" "CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\ "ButtonText" = "BitComet" "Script" = "res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206" ["BitComet"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."] Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"] Intel(R) Matrix Storage Event Monitor, IAANTMon, "C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe" ["Intel Corporation"] iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"] NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"] nTune Service, nTuneService, "C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService" ["NVIDIA"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data] Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"] Viewpoint Manager Service, Viewpoint Manager Service, ""C:\Program Files\Viewpoint\Common\ViewpointService.exe"" ["Viewpoint Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\ Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2008-01-21 17:00:16) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 48 seconds, including 10 seconds for message boxes)
|
|
#12
January 21st, 2008, 11:04 PM
|
||||
|
||||
|
Oh and about that file, i couldnt find it, i have already the show all hidden files set up but i dont see the new foler. However i remember making that folder jsut not sure waht was in it. It was probally somehting that i unzip, i didn want it to be all over my desktop.
|
|
#13
January 22nd, 2008, 02:29 PM
|
|||
|
|||
|
That's alright,
Run HijackThis and place a checkmark next to the following item in bold, close all open windows and click Fix Checked: O23 - Service: SphtBot Profile Launcher (SBProfileLauncher) - Unknown owner - C:\Documents and Settings\Jun Lee\Desktop\New Folder (3)\ProfileLauncher.exe (file missing) And close HijackThis. ~~~~~~~~~~~~~~~~ Code:
KillAll::
File::
C:\WINDOWS\regedit.exe.reg
C:\WINDOWS\system32\data1.set
C:\WINDOWS\system32\data2.set
Folder::
C:\WINDOWS\svchost
RenV::
----a-w 970,752 2008-01-18 22:18:52 C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe
----a-w 202,024 2008-01-18 22:18:38 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor .exe
----a-w 115,816 2008-01-18 22:18:28 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 517,768 2008-01-19 00:31:33 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w 136,136 2008-01-17 20:43:59 C:\Program Files\DAEMON Tools Pro\DTProAgent .exe
----a-w 68,856 2008-01-18 22:18:41 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 139,264 2008-01-18 22:18:25 C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
----a-w 267,048 2008-01-18 22:18:25 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-18 22:18:28 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-18 22:19:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 31,016 2008-01-18 22:18:28 C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
----a-w 81,920 2008-01-18 22:18:34 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd .exe
----a-w 286,720 2008-01-19 00:33:21 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:07 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:08 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:08 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:09 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:10 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:11 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:12 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:12 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:13 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:13 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:14 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:16 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:18 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:19 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:20 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:22 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:23 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:24 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:25 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:25 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:26 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:27 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:28 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-20 18:42:28 C:\Program Files\QuickTime\qttask .exe
----a-w 1,266,936 2008-01-18 22:18:52 C:\Program Files\Steam\Steam .exe
----a-w 5,724,184 2008-01-16 18:52:21 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:45:46 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:45:55 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:03 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:12 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:21 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:31 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:41 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:50 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:46:59 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-20 18:47:07 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:47:17 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:47:26 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:47:43 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:47:53 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 18:48:01 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 01:12:19 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 15,360 2008-01-17 13:21:10 C:\WINDOWS\system32\ctfmon .exe
[IMG]http://users.*******.be/bluepatchy/miekiemoes/images/CFScript.gif[/IMG] Referring to the picture above, drag CFScript.txt into ComboFix.exe ComboFix will now run as it did before. When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
|
|
#14
January 23rd, 2008, 11:15 PM
|
||||
|
||||
|
ComboFix 08-01-20.1 - Jun Lee 2008-01-23 17:07:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1588 [GMT -5:00] Running from: C:\Documents and Settings\Jun Lee\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jun Lee\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\regedit.exe.reg C:\WINDOWS\system32\data1.set C:\WINDOWS\system32\data2.set . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\regedit.exe.reg C:\WINDOWS\svchost C:\WINDOWS\svchost\add.txt C:\WINDOWS\svchost\aliases.ini C:\WINDOWS\svchost\away.txt C:\WINDOWS\svchost\channels.txt C:\WINDOWS\svchost\conn.ini C:\WINDOWS\svchost\engine.ini C:\WINDOWS\svchost\flood.txt C:\WINDOWS\svchost\fullname.txt C:\WINDOWS\svchost\greet.ini C:\WINDOWS\svchost\injuraturi.txt C:\WINDOWS\svchost\IRC.ICO C:\WINDOWS\svchost\kick.txt C:\WINDOWS\svchost\mirc.ini C:\WINDOWS\svchost\notify.ini C:\WINDOWS\svchost\operator.ini C:\WINDOWS\svchost\partmsg.ini C:\WINDOWS\svchost\perform.ini C:\WINDOWS\svchost\reg.reg C:\WINDOWS\svchost\remote.ini C:\WINDOWS\svchost\servers.ini C:\WINDOWS\system32\data1.set C:\WINDOWS\system32\data2.set . ((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))) . 2008-01-21 16:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-20 18:08 . 2008-01-20 22:32 <DIR> d---s---- C:\Program Files\Xfire 2008-01-20 18:08 . 2008-01-20 22:33 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\Xfire 2008-01-20 18:05 . 2008-01-20 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-01-20 18:00 . 2008-01-20 18:00 <DIR> d-------- C:\Program Files\GALA-NET 2008-01-20 18:00 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl 2008-01-19 12:32 . 2008-01-19 12:35 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-01-19 12:32 . 2008-01-19 12:32 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\DAEMON Tools 2008-01-19 10:57 . 2008-01-19 10:57 <DIR> d-------- C:\Program Files\uTorrent 2008-01-19 10:57 . 2008-01-21 22:43 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\uTorrent 2008-01-19 10:07 . 2008-01-19 10:07 <DIR> d-------- C:\Program Files\Eidos 2008-01-13 19:49 . 2007-11-06 20:30 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-01-12 10:04 . 2008-01-12 10:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-01-12 10:04 . 2008-01-12 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-12 09:33 . 2008-01-17 08:21 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe 2008-01-12 09:33 . 2008-01-17 08:21 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe 2008-01-12 00:37 . 2008-01-20 13:33 <DIR> d-------- C:\Program Files\Dot1XCfg 2008-01-11 16:05 . 2008-01-11 16:05 <DIR> d-------- C:\Program Files\DivX 2008-01-09 16:55 . 2003-10-27 14:06 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-01-09 16:55 . 2003-10-27 14:06 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-01-09 16:55 . 2003-10-27 14:06 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-01-09 16:55 . 2003-10-27 14:06 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2008-01-09 16:55 . 2003-10-27 14:06 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2008-01-09 16:55 . 2003-10-27 14:06 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca 2008-01-09 16:55 . 2003-10-27 14:06 29,184 --a------ C:\WINDOWS\system32\MSINET.oca 2008-01-09 16:55 . 2003-10-27 14:06 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe 2008-01-09 16:55 . 2003-10-27 14:06 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-01-09 16:50 . 2008-01-19 11:50 <DIR> d-------- C:\Program Files\UBISOFT 2008-01-05 18:59 . 2008-01-05 19:00 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\DAEMON Tools Pro 2008-01-05 18:53 . 2008-01-23 17:07 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2008-01-05 18:35 . 2008-01-05 19:04 <DIR> d-------- C:\Program Files\The Witcher 2008-01-04 09:42 . 2008-01-05 09:50 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\Move Networks 2008-01-02 20:41 . 2008-01-02 20:41 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2008-01-02 20:41 . 2008-01-02 20:41 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2008-01-02 06:39 . 2008-01-02 06:39 244 --ah----- C:\sqmnoopt06.sqm 2008-01-02 06:39 . 2008-01-02 06:39 232 --ah----- C:\sqmdata06.sqm 2008-01-01 21:21 . 2008-01-01 21:21 244 --ah----- C:\sqmnoopt05.sqm 2008-01-01 21:21 . 2008-01-01 21:21 232 --ah----- C:\sqmdata05.sqm 2008-01-01 15:43 . 2008-01-01 15:43 244 --ah----- C:\sqmnoopt04.sqm 2008-01-01 15:43 . 2008-01-01 15:43 232 --ah----- C:\sqmdata04.sqm 2008-01-01 09:18 . 2008-01-01 09:18 244 --ah----- C:\sqmnoopt03.sqm 2008-01-01 09:18 . 2008-01-01 09:18 232 --ah----- C:\sqmdata03.sqm 2007-12-31 10:59 . 2007-12-31 10:59 <DIR> dr-h----- C:\Documents and Settings\Jun Lee\Application Data\SecuROM 2007-12-31 10:59 . 2008-01-19 12:26 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-12-31 10:44 . 2007-12-31 10:44 <DIR> d-------- C:\Program Files\Flagship Studios 2007-12-29 11:14 . 2007-12-29 11:14 <DIR> d-------- C:\Documents and Settings\Jun Lee\Application Data\InstallShield Installation Information 2007-12-29 10:57 . 2007-12-29 10:57 <DIR> d-------- C:\Program Files\Unreal Tournament 3 2007-12-29 09:50 . 2007-12-29 09:50 268 --ah----- C:\sqmdata02.sqm 2007-12-29 09:50 . 2007-12-29 09:50 244 --ah----- C:\sqmnoopt02.sqm 2007-12-29 09:31 . 2007-12-29 09:31 244 --ah----- C:\sqmnoopt01.sqm 2007-12-29 09:31 . 2007-12-29 09:31 232 --ah----- C:\sqmdata01.sqm 2007-12-24 10:04 . 2007-12-24 11:05 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll 2007-12-24 09:23 . 2007-12-24 09:23 319 --a------ C:\WINDOWS\game.ini 2007-12-24 09:10 . 2007-12-24 09:10 <DIR> d-------- C:\Program Files\Activision 2007-12-24 09:08 . 2007-12-24 09:08 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-12-23 08:40 . 2008-01-23 17:07 <DIR> d-------- C:\Program Files\Steam . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-01-23 22:07 --------- d-----w C:\Program Files\QuickTime 2008-01-23 22:07 --------- d-----w C:\Program Files\iTunes 2008-01-23 22:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-23 02:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-01-20 23:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-20 23:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-20 21:56 --------- d-----w C:\Program Files\Warcraft III 2008-01-20 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-19 17:30 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-19 16:33 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Skype 2008-01-19 15:15 --------- d-----w C:\Program Files\Azureus 2008-01-19 15:12 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\skypePM 2008-01-19 15:07 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Azureus 2008-01-19 00:31 --------- d-----w C:\Program Files\Norton 360 2008-01-12 15:05 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-11 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-06 14:27 --------- d-----w C:\Program Files\Final Fantasy VII 2007-12-29 15:56 --------- d-----w C:\Program Files\AGEIA Technologies 2007-12-29 15:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-27 15:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-27 15:58 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-24 14:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-24 14:24 22,328 ----a-w C:\Documents and Settings\Jun Lee\Application Data\PnkBstrK.sys 2007-12-20 16:51 --------- d-----w C:\Program Files\TriChlor 2007-12-16 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-16 18:42 --------- d-----w C:\Program Files\BitComet 2007-12-15 15:52 --------- d-----w C:\Program Files\Google 2007-12-15 01:09 --------- d-----w C:\Program Files\Square Soft, Inc 2007-12-14 23:40 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Ventrilo 2007-12-14 19:08 --------- d-----w C:\Program Files\Pcsx2 2007-12-12 00:23 --------- d-----w C:\Program Files\Ares 2007-12-11 04:04 --------- d-----w C:\Program Files\The Rosetta Stone 2007-12-11 02:06 --------- d-----w C:\Program Files\Java 2007-12-11 02:04 --------- d-----w C:\Program Files\Common Files\Java 2007-12-10 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-09 23:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-08 14:57 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Talkback 2007-12-08 14:52 --------- d-----w C:\Program Files\Picasa2 2007-12-08 14:51 --------- d-----w C:\Program Files\Norton Security Scan 2007-12-05 21:51 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Grisoft 2007-12-05 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-05 21:05 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-05 21:05 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-05 21:05 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-05 21:05 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-05 21:05 --------- d-----w C:\Program Files\Symantec 2007-12-05 03:56 --------- d-----w C:\Program Files\Jasc Software Inc 2007-12-05 03:56 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Jasc Software Inc 2007-12-05 03:55 --------- d-----w C:\Program Files\Dell Computer 2007-12-05 03:54 --------- d-----w C:\Program Files\Dell 720 2007-12-04 03:43 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2007-12-04 00:10 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2007-12-04 00:00 --------- d-----w C:\Program Files\Electronic Arts 2007-12-03 14:06 --------- d-----w C:\Program Files\MSXML 4.0 2007-12-02 16:56 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Nero 2007-12-02 16:55 --------- d-----w C:\Program Files\Common Files\Nero 2007-12-02 16:53 --------- d-----w C:\Program Files\Nero 2007-12-02 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2007-12-02 16:10 --------- d-----w C:\Program Files\MSBuild 2007-12-02 16:10 --------- d-----w C:\Program Files\Microsoft Works 2007-12-01 15:05 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-01 15:05 --------- d-----w C:\Program Files\Skype 2007-12-01 15:05 --------- d-----w C:\Program Files\Common Files\Skype 2007-12-01 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-01 06:40 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\vlc 2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-30 17:47 --------- d-----w C:\Program Files\Ventrilo 2007-11-30 17:41 --------- d-----w C:\Program Files\VideoLAN 2007-11-30 13:35 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Symantec 2007-11-29 23:29 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Viewpoint 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 20:35 --------- d-----w C:\Documents and Settings\Default User\Application Data\Apple Computer 2007-11-29 03:45 --------- d-----w C:\Program Files\NVIDIA Corporation 2007-11-29 03:18 --------- d-----w C:\Program Files\NVIDIA nTune Performance Application 2007-11-29 02:57 --------- d-----w C:\Program Files\iPod 2007-11-29 02:57 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\Apple Computer 2007-11-29 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-11-29 02:56 --------- d-----w C:\Program Files\Common Files\Apple 2007-11-29 02:56 --------- d-----w C:\Program Files\Apple Software Update 2007-11-29 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-11-29 02:41 --------- d-----w C:\Program Files\Windows Live 2007-11-29 02:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2007-11-29 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-29 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-11-29 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-11-29 02:36 --------- d-----w C:\Program Files\Viewpoint 2007-11-29 02:36 --------- d-----w C:\Program Files\Common Files\AOL 2007-11-29 02:36 --------- d-----w C:\Program Files\AIM6 2007-11-29 02:36 --------- d-----w C:\Documents and Settings\Jun Lee\Application Data\acccore 2007-11-29 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-11-29 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Aim6"="" [] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-01-18 17:18 81920] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-18 17:18 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-17 08:21 15360] "Router"="C:\Program Files\Router\Router.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-18 17:19 1694208] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 11:51 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 20:30 8523776] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-01-18 17:18 139264] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-18 17:18 267048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-18 17:18 115816] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-18 19:31 517768] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-01-18 17:18 31016] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-11-06 20:30 81920] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-28 20:36:30 24576] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-01-18 17:18 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-01-17 08:21 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2005-11-07 05:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-01-18 17:19 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-11-06 20:30 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2005-03-22 17:20 339968 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-01-18 17:18 1266936 C:\Program Files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-01-18 17:18 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38] S2 SBProfileLauncher;SphtBot Profile Launcher;C:\Documents and Settings\Jun Lee\Desktop\New Folder (3)\ProfileLauncher.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{55a3c243-a1e1-11dc-8555-00123f75d0fd}] \Shell\AutoRun\command - K:\Autorun.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-01-21 13:24:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-23 17:12:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-01-23 17:14:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-23 22:14:36 ComboFix2.txt 2008-01-21 21:57:49 . 2008-01-09 14:13:35 --- E O F ---
|
|
#15
January 24th, 2008, 10:08 AM
|
|||
|
|||
|
Your logs look much better. I see I missed one malware entry, which is now only a registry remnant.
Go to Start> Run, type msconfig and hit Enter. In the window that opens click the Startup tan and locate the entry for "QuickTime Task" . Place a checkmark in the box and click Apply> OK> Reboot afterwards. ~~~~~~~~~~~~ Go here and run the Kaspersky online scan, and post back the log it creates (it requires IE). To use the scan, once the download has completed click Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click My Computer to begin the scan. Save the Report as a text file and post that back here. Please post back the report from Kaspersky along with a fresh HijackThis log.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| What is the Com A error when booting PC | OldBit2K15 | Windows 95 | 5 | May 7th, 2015 07:40 PM |
| error during booting up | johnfoster | Windows XP | 0 | May 9th, 2011 02:47 AM |
| Booting up error | stk37626 | Windows XP | 4 | November 7th, 2007 02:38 PM |
| Booting Error | Sovetcki | Windows Vista | 12 | October 24th, 2007 09:35 PM |
| Error While Booting Computer, | LowLikeWhoaF150 | Windows 98 | 6 | August 29th, 2001 09:26 AM |
All times are GMT +1. The time now is 10:12 PM.