Jump to content

blue723

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Posts posted by blue723

    SkyNet globalroot - SKYNET rootkit -SKYNETnoentmrr

    in Resolved Malware Removal Logs

    Posted

    Hi Maurice,

    Here is the log from ESET

    ESETSmartInstaller@High as downloader log:

    all ok

    # version=6

    # OnlineScannerApp.exe=1.0.0.1

    # OnlineScanner.ocx=1.0.0.6048

    # api_version=3.0.2

    # EOSSerial=bcd31db66f7f36419114e9d24dac7469

    # end=finished

    # remove_checked=true

    # archives_checked=false

    # unwanted_checked=true

    # unsafe_checked=false

    # antistealth_checked=true

    # utc_time=2009-08-19 03:42:41

    # local_time=2009-08-18 11:42:41 (-0500, Eastern Daylight Time)

    # country="United States"

    # lang=1033

    # osver=5.1.2600 NT Service Pack 3

    # compatibility_mode=5121 37 100 88 494781516250000

    # scanned=128181

    # found=4

    # cleaned=4

    # scan_time=4306

    D:\I386\APPS\APP17839\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

    D:\I386\APPS\APP17839\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

    D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP300\A0066984.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

    D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP300\A0066985.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

    So, what do i do now.....the comp seems ok.....but what about all of these programs and logs?? do i need them or should i delete??? Please let me know what you think i need to do....thanks again

    SkyNet globalroot - SKYNET rootkit -SKYNETnoentmrr

    in Resolved Malware Removal Logs

    Posted

    Hi Maurice,

    Unfortunately Kaspersky is not opening for me, what should i do? Here are the OTL and MBAM that you told me to run......

    OTL

    All processes killed

    ========== FILES ==========

    c:\windows\system32\drivers\.sys moved successfully.

    File\Folder C:\recycler not found.

    File\Folder D:\recycler not found.

    File\Folder e:\recycler not found.

    File\Folder f:\recycler not found.

    File\Folder g:\recycler not found.

    File\Folder h:\recycler not found.

    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Compaq_Administrator

    ->Temp folder emptied: 4877 bytes

    ->Temporary Internet Files folder emptied: 1544335 bytes

    ->Java cache emptied: 22035830 bytes

    ->Google Chrome cache emptied: 361163340 bytes

    ->Apple Safari cache emptied: 263404 bytes

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService

    ->Temp folder emptied: 0 bytes

    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService

    ->Temp folder emptied: 0 bytes

    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes

    C:\WINDOWS\msdownld.tmp folder deleted successfully.

    %systemroot% .tmp files removed: 19569 bytes

    %systemroot%\System32 .tmp files removed: 6871057 bytes

    Windows Temp folder emptied: 19096 bytes

    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 373.83 mb

    OTL by OldTimer - Version 3.0.10.7 log created on 08182009_213040

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    MBAM

    Malwarebytes' Anti-Malware 1.40

    Database version: 2651

    Windows 5.1.2600 Service Pack 3

    8/18/2009 9:48:46 PM

    mbam-log-2009-08-18 (21-48-46).txt

    Scan type: Quick Scan

    Objects scanned: 107890

    Time elapsed: 5 minute(s), 15 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    SkyNet globalroot - SKYNET rootkit -SKYNETnoentmrr

    in Resolved Malware Removal Logs

    Posted

    Hi Maurice,

    I used the combofix software, and before getting to the log, this is the rootkit window....

    Rootkit!!

    Combofix has detected the presence of rootkit activity and needs to reboot the machine. Kindly note down on paper, the name of each file. We may need it later.

    C:\Windows\system32\drivers\SKYNETttrsipxw.sys

    C:\Windows\system32\drivers\SKYNETwrqxoyoe.dll

    C:\Windows\system32\drivers\SKYNETxumlxyir.dat

    C:\Windows\system32\drivers\SKYNETwvogqdpo.dll

    C:\Windows\system32\drivers\SKYNETulkbibfh.dat

    Secondly, here is the Combofix log you needed:

    ComboFix 09-08-10.06 - Compaq_Administrator 08/18/2009 12:14.1.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.520 [GMT -4:00]

    Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe

    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    * Created a new restore point

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\documents and settings\Compaq_Administrator\Start Menu\Programs\AVI Codec Pack +

    c:\documents and settings\Compaq_Administrator\Start Menu\Programs\AVI Codec Pack +\Check For Updates.lnk

    c:\documents and settings\Compaq_Administrator\Start Menu\Programs\AVI Codec Pack +\Uninstall.lnk

    c:\program files\Altnet

    c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab

    c:\program files\AVI Codec Pack

    c:\program files\AVI Codec Pack\AC3\ac3filter.ax

    c:\program files\AVI Codec Pack\AC3\dialog_patch.exe

    c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM

    c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe

    c:\program files\AVI Codec Pack\uninstall.exe

    c:\recycler\S-1-5-21-527237240-179605362-725345543-500

    c:\windows\Installer\2afed6.msp

    c:\windows\kb913800.exe

    c:\windows\system32\bszip.dll

    c:\windows\system32\Drivers\nupcqjdw.sys

    c:\windows\system32\Drivers\qmgudv.sys

    c:\windows\system32\drivers\SKYNETttrsipxw.sys

    c:\windows\system32\SKYNETulkbibfh.dat

    c:\windows\system32\SKYNETwrqxoyoe.dll

    c:\windows\system32\SKYNETwvogqdpo.dll

    c:\windows\system32\SKYNETxumlxyir.dat

    c:\windows\system32\uniq.tll

    D:\Autorun.inf

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Service_SKYNETnoentmrr

    -------\Legacy_SKYNETnoentmrr

    ((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))

    .

    2009-08-16 22:50 . 2009-08-17 02:10 0 ----a-w- C:\backup.reg

    2009-08-16 21:37 . 2009-08-16 21:37 34816 ----a-w- c:\windows\system32\drivers\.sys

    2009-08-16 21:25 . 2009-08-16 21:25 -------- d-----w- c:\program files\ERUNT

    2009-08-16 20:10 . 2009-08-16 20:10 -------- d-----w- c:\program files\Trend Micro

    2009-08-16 20:03 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-08-16 20:03 . 2009-08-16 20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2009-08-16 20:03 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

    2009-08-16 03:51 . 2009-08-16 03:52 -------- d-----w- C:\DVDVideoSoft

    2009-08-16 02:52 . 2009-08-16 04:12 -------- d-----w- c:\program files\Total Video Converter

    2009-08-16 01:43 . 2009-08-16 01:43 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Temp

    2009-08-16 01:41 . 2009-08-16 01:41 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Deployment

    2009-08-14 00:42 . 2009-08-14 00:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

    2009-08-13 14:42 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

    2009-08-10 04:06 . 2009-08-10 04:06 74404 ---ha-w- c:\windows\system32\mlfcache.dat

    2009-08-10 03:58 . 2009-08-10 03:58 -------- d-----w- c:\program files\Safari

    2009-08-10 03:52 . 2009-08-10 03:52 -------- d-----w- c:\program files\iPod

    2009-08-10 03:52 . 2009-08-10 03:53 -------- d-----w- c:\program files\iTunes

    2009-08-10 03:43 . 2009-08-10 03:43 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

    2009-08-09 16:57 . 2009-08-09 16:57 -------- d-----w- c:\windows\system32\XPSViewer

    2009-08-09 16:57 . 2009-08-09 16:57 -------- d-----w- c:\program files\Reference Assemblies

    2009-08-09 16:56 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

    2009-08-09 16:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

    2009-08-09 16:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

    2009-08-09 16:56 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

    2009-08-09 16:56 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

    2009-08-09 16:56 . 2009-08-09 16:56 -------- d-----w- C:\9ca38af1aac035843874fb9365

    2009-08-09 16:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

    2009-08-09 16:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

    2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

    2009-07-31 04:43 . 2009-07-31 04:43 1685856 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\MoveMediaPlayerWinSilent_071503000010.exe

    2009-07-26 18:23 . 2009-07-26 18:23 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications

    2009-07-22 02:20 . 2009-07-22 02:21 -------- dc-h--w- c:\windows\ie8

    2009-07-22 02:20 . 2009-07-22 02:24 -------- d--h--w- c:\windows\msdownld.tmp

    2009-07-22 02:11 . 2009-07-22 02:11 -------- d--h--r- c:\documents and settings\Compaq_Administrator\Application Data\SecuROM

    2009-07-22 02:11 . 2009-07-22 02:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

    2009-07-21 19:11 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

    2009-07-21 19:11 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

    2009-07-21 19:11 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

    2009-07-21 19:11 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

    2009-07-21 19:10 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll

    2009-07-21 19:10 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

    2009-07-21 19:10 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

    2009-07-21 19:10 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-08-14 04:02 . 2006-02-14 19:37 -------- d-----w- c:\program files\WildTangent

    2009-08-14 04:00 . 2006-02-14 19:10 -------- d-----w- c:\program files\GemMaster

    2009-08-10 04:04 . 2007-01-16 05:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Apple Computer

    2009-08-10 03:52 . 2009-06-25 19:59 -------- d-----w- c:\program files\Common Files\Apple

    2009-08-09 17:40 . 2006-02-14 19:34 94136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    2009-08-09 16:57 . 2007-09-21 03:53 -------- d-----w- c:\program files\MSBuild

    2009-08-08 18:22 . 2008-03-12 02:41 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\U3

    2009-08-05 09:01 . 2004-08-09 21:00 204800 ------w- c:\windows\system32\mswebdvd.dll

    2009-07-31 04:44 . 2009-04-23 16:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks

    2009-07-31 04:44 . 2009-05-09 20:28 127872 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\uninstall.exe

    2009-07-31 04:44 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll

    2009-07-17 19:01 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\atl.dll

    2009-07-14 03:43 . 2004-08-09 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

    2009-07-12 15:48 . 2009-07-12 15:48 -------- d-----w- c:\program files\Microsoft Silverlight

    2009-07-03 17:09 . 2004-08-09 21:00 915456 ----a-w- c:\windows\system32\wininet.dll

    2009-07-02 20:10 . 2006-02-14 19:47 -------- d-----w- c:\program files\Quicken

    2009-07-02 18:44 . 2009-07-02 18:44 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HP

    2009-06-26 04:51 . 2009-06-25 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

    2009-06-25 20:08 . 2009-06-25 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

    2009-06-25 20:07 . 2007-01-16 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

    2009-06-25 20:06 . 2008-02-14 03:24 -------- d-----w- c:\program files\Bonjour

    2009-06-25 20:05 . 2006-08-01 01:38 -------- d-----w- c:\program files\QuickTime

    2009-06-25 20:00 . 2009-06-25 20:00 -------- d-----w- c:\program files\Apple Software Update

    2009-06-25 08:25 . 2004-08-09 21:00 730112 ------w- c:\windows\system32\lsasrv.dll

    2009-06-25 08:25 . 2004-08-09 21:00 56832 ----a-w- c:\windows\system32\secur32.dll

    2009-06-25 08:25 . 2004-08-09 21:00 54272 ----a-w- c:\windows\system32\wdigest.dll

    2009-06-25 08:25 . 2004-08-09 21:00 301568 ----a-w- c:\windows\system32\kerberos.dll

    2009-06-25 08:25 . 2004-08-09 21:00 147456 ----a-w- c:\windows\system32\schannel.dll

    2009-06-25 08:25 . 2004-08-09 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

    2009-06-24 11:18 . 2004-08-10 04:00 92928 ------w- c:\windows\system32\drivers\ksecdd.sys

    2009-06-18 15:07 . 2009-06-18 15:07 390664 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\RealPlayer\Update\realplayer11gold.exe

    2009-06-16 14:36 . 2004-08-09 21:00 81920 ------w- c:\windows\system32\fontsub.dll

    2009-06-16 14:36 . 2004-08-09 21:00 119808 ------w- c:\windows\system32\t2embed.dll

    2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

    2009-06-12 12:31 . 2004-08-09 21:00 80896 ------w- c:\windows\system32\tlntsess.exe

    2009-06-12 12:31 . 2004-08-10 04:00 76288 ------w- c:\windows\system32\telnet.exe

    2009-06-10 14:13 . 2004-08-09 21:00 84992 ------w- c:\windows\system32\avifil32.dll

    2009-06-10 13:19 . 2004-08-09 21:00 2066432 ------w- c:\windows\system32\mstscax.dll

    2009-06-10 06:14 . 2004-08-09 21:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

    2009-06-05 15:42 . 2009-06-25 20:00 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

    2009-06-05 15:42 . 2009-06-25 20:00 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

    2009-06-03 19:09 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll

    2006-06-07 03:04 . 2006-06-07 03:04 22 --sha-w- c:\windows\SMINST\HPCD.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]

    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]

    "Google Update"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-16 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

    "DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-11 1064960]

    "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-11 61440]

    "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]

    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]

    "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]

    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

    "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]

    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-28 198160]

    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]

    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 136600]

    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

    AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-8-29 217088]

    hp psc 1000 series.lnk - c:\program files\HP\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]

    hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-10-26 811008]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\DISC\\DISCover.exe"=

    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=

    "c:\\Program Files\\DISC\\myFTP.exe"=

    "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=

    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/12/2009 11:21 AM 203280]

    S2 crdlhpw;crdlhpw;c:\windows\system32\drivers\vqccsi.sys --> c:\windows\system32\drivers\vqccsi.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

    c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

    .

    Contents of the 'Scheduled Tasks' folder

    2009-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2009-07-20 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4239159537.job

    - c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]

    2009-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052595425-2314618747-4199647411-1008Core.job

    - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-16 01:42]

    2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052595425-2314618747-4199647411-1008UA.job

    - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-16 01:42]

    2009-07-15 c:\windows\Tasks\McDefragTask.job

    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-12 17:32]

    2009-07-01 c:\windows\Tasks\McQcTask.job

    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-12 17:32]

    .

    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-PCDrProfiler - (no file)

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://att.net/

    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop

    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

    uInternet Settings,ProxyOverride = 127.0.0.1;*.local

    uInternet Settings,ProxyServer = proxy.wayne.edu:8080

    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

    Trusted Zone: trymedia.com

    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

    DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB

    DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-08-18 12:20

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1052595425-2314618747-4199647411-1008\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]

    "Name"="ActiveSync"

    "DisplayName"="Microsoft ActiveSync"

    "Param1"="ActiveSync"

    "Param2"=""

    "Type"="wellknown"

    "Order"=dword:00000000

    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1052595425-2314618747-4199647411-1008\Software\SecuROM\License information*]

    "datasecu"=hex:9e,55,32,b4,7f,d9,32,ca,45,70,cb,e2,38,f4,d8,dc,81,30,24,fd,ca,

    35,ba,eb,c3,83,ff,61,a4,19,0f,c6,e6,17,20,95,5e,61,04,8e,44,42,25,af,9c,a8,\

    "rkeysecu"=hex:7e,d5,2a,0a,ff,d3,f5,a4,83,8e,2a,10,60,d7,eb,39

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(816)

    c:\windows\system32\Ati2evxx.dll

    .

    Completion time: 2009-08-18 12:24

    ComboFix-quarantined-files.txt 2009-08-18 16:23

    Pre-Run: 157,168,668,672 bytes free

    Post-Run: 157,132,963,840 bytes free

    Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=,1,2,3,4,5

    277 --- E O F --- 2009-08-17 02:00

    Thanks again for your time Maurice, let me know what to do next.........

    SkyNet globalroot - SKYNET rootkit -SKYNETnoentmrr

    in Resolved Malware Removal Logs

    Posted · Edited by Maurice Naggar
    Edited title for rootkit detail

    Hello,

    I have recently received the SKYNET trojan in which messages such as "DLL globalroot/systemroot/system32/SKYNETwvogqdpo.dll is not a valid Windows image" I receive this error message for nearly every process started, even during startup of the computer.

    Besides knowing that Malwarebytes has helped in the past, I am not quite sure what to do with this virus this time.

    Please Help!!!

    Below are the suggested HiJack This and Malwarebytes logs....Please let me know what I can do to resolve this problem.

    Malwarebytes Log

    Malwarebytes' Anti-Malware 1.40

    Database version: 2636

    Windows 5.1.2600 Service Pack 3

    8/16/2009 4:14:23 PM

    mbam-log-2009-08-16 (16-14-23).txt

    Scan type: Quick Scan

    Objects scanned: 115980

    Time elapsed: 9 minute(s), 44 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    HiJack This Log

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 4:10:35 PM, on 8/16/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\DISC\DISCover.exe

    C:\Program Files\DISC\DiscUpdateMgr.exe

    C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

    C:\HP\KBD\KBD.EXE

    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\McAfee.com\Agent\mcagent.exe

    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

    C:\Program Files\DISC\DiscGui.exe

    C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

    C:\PROGRA~1\Yahoo!\browser\ycommon.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\WINDOWS\arservice.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\McAfee\MPF\MPFSrv.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\DISC\DiscStreamHub.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\ALCXMNTR.EXE

    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.wayne.edu:8080

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

    O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe

    O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe

    O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

    O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

    O4 - Global Startup: hp psc 1000 series.lnk = ?

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O15 - Trusted Zone: http://*.trymedia.com (HKLM)

    O16 - DPF: Web-Based Email Tools - http://email03.secureserver.net/Download.CAB

    O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab

    O16 - DPF: Yahoo! Euchre - http://download2.games.yahoo.com/games/clients/y/et3_x.cab

    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab

    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://proxy.lib.wayne.edu:2052/lib/wayne/...s/ebraryRdr.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --

    End of file - 15614 bytes

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.