Jump to content

marshall04

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. marshall04
    ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2009-02-14 12:58:04 PROTECTIONS: 1 MALWARE: 40 SUSPECTS: 1 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Symantec AntiVirus Corporate Edition 10.1.5.5000 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@trafficmp[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@casalemedia[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@atdmt[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@247realmedia[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@fastclick[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@tribalfusion[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@mediaplex[1].txt 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@anm.co[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@com[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@yadro[2].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@xiti[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@statcounter[2].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@perf.overture[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@ad.yieldmanager[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@apmebf[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@burstnet[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@serving-sys[3].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@bs.serving-sys[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@www.burstbeacon[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@adtech[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@server.iad.liveperson[1].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@stat.onestat[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@advertising[1].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@media.adrevolver[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@statse.webtrendslive[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@ads.pointroll[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@overture[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@realmedia[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@questionmarket[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@zedo[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@bluestreak[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@adrevolver[2].txt 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@bravenet[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@go[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@target[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@atwola[1].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\safe_1admin@ads.addynamix[2].txt 00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\Documents and Settings\USAF\DoctorWeb\Quarantine\ComboFix.exe[32788R22FWJFW\List.bat] 00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\Documents and Settings\USAF\DoctorWeb\Quarantine\ComboFix.exe[32788R22FWJFW\List.bat] 00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\Documents and Settings\USAF\DoctorWeb\Quarantine\ComboFix.exe[32788R22FWJFW\List.bat] 03378620 Generic Trojan Virus/Trojan No 0 Yes No D:\Programs\AdobeCS3\KG\Keygen.EXE ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location =5 ;=============================================================================== ================================================================================ = =================== No C:\Documents and Settings\USAF\DoctorWeb\Quarantine\ComboFix.exe =5 ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description =5 ;=============================================================================== ================================================================================ = =================== 184379 MEDIUM MS08-001 =5 182048 HIGH MS07-069 =5 182043 HIGH MS07-064 =5 176382 HIGH MS07-057 =5 170907 HIGH MS07-046 =5 170906 HIGH MS07-045 =5 170904 HIGH MS07-043 =5 164913 HIGH MS07-033 =5 160623 HIGH MS07-027 =5 150253 HIGH MS07-016 =5 133386 MEDIUM MS06-064 =5 129976 MEDIUM MS06-052 =5 120825 MEDIUM MS06-032 =5 108743 MEDIUM MS06-007 =5 93394 HIGH MS05-050 =5 ;=============================================================================== ================================================================================ = ===================
  2. marshall04
    it seems to be running fine. the systeminit.exe went away after combofix, but i wasnt sure what the hell was going on. I still dont know if im clean. I ran my anti-spyware and found this: CA Anti-Spyware Log Report This report was generated on: 2/13/2009-9:06:16 PM 2/13/2009-9:01:47 PM , Detected , KaZaA , P2P , Key "hkey_users \S-1-5-21-1220945662-790525478-839522115-1003\software\kazaa" , -1 2/13/2009-9:02:03 PM , Detected , WinSpywareProtect , Rogue Security Software , Key "hkey_users \S-1-5-21-1220945662-790525478-839522115-1003\software\microsoft\windows\currentversion\drivers" , -1 2/13/2009-9:02:05 PM , Detected , Bifrost , Backdoor , Key "hkey_users \S-1-5-21-1220945662-790525478-839522115-1003\software\wget" , -1 2/13/2009-9:02:18 PM , Detected , DoubleClick , Tracking Cookie , Cookie "usaf@doubleclick[1].txt" File "C:\Documents and Settings\USAF\cookies\usaf@doubleclick[1].txt" , 34512242 ***End Report*** but to answer your question.... i havent noticed anything out of the ordinary. I dont know what im looking for anymore.
  3. marshall04
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:22:59 PM, on 2/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\stsystra.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} (IOBIVMUtil.VMDecoder) - https://www36.verizon.com/CallAssistant/MyA...l/VCAVMUtil.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 13981 bytes
  4. marshall04
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:20:50 AM, on 2/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Documents and Settings\USAF\Desktop\drweb-cureit.exe C:\DOCUME~1\USAF\LOCALS~1\Temp\RarSFX1\_start.exe C:\DOCUME~1\USAF\LOCALS~1\Temp\RarSFX1\setup.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} (IOBIVMUtil.VMDecoder) - https://www36.verizon.com/CallAssistant/MyA...l/VCAVMUtil.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 14216 bytes
  5. marshall04
    4F8F5AF2.VBN;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E040;Trojan.DownLoad.28638;Deleted.; 4F8F5AFC.VBN;C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E040;Trojan.DownLoad.28638;Deleted.; ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\USAF\Desktop\ComboFix.exe/data002;Program.PsExec.171;; data002;C:\Documents and Settings\USAF\Desktop;Archive contains infected objects;; ComboFix.exe;C:\Documents and Settings\USAF\Desktop;Container contains infected objects;Moved.;
  6. marshall04
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:39:29 PM, on 2/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} (IOBIVMUtil.VMDecoder) - https://www36.verizon.com/CallAssistant/MyA...l/VCAVMUtil.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 14070 bytes
  7. marshall04
    Malwarebytes' Anti-Malware 1.34 Database version: 1749 Windows 5.1.2600 Service Pack 2 2/12/2009 7:17:05 PM mbam-log-2009-02-12 (19-17-05).txt Scan type: Quick Scan Objects scanned: 83271 Time elapsed: 4 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. marshall04
    Malwarebytes' Anti-Malware 1.33 Database version: 1654 Windows 5.1.2600 Service Pack 2 2/8/2009 8:42:32 PM mbam-log-2009-02-08 (20-42-32).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 252734 Time elapsed: 2 hour(s), 0 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. marshall04
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:10:36 PM, on 2/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [systeminit.exe] C:\DOCUME~1\USAF\LOCALS~1\Temp\systeminit.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} (IOBIVMUtil.VMDecoder) - https://www36.verizon.com/CallAssistant/MyA...l/VCAVMUtil.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 13510 bytes
  10. marshall04
    First off I did some forum research regarding my problem and found a member with a similar issue. http://www.malwarebytes.org/forums/index.p...1&hl=anykuy I accomplished the following: Malwarebytes, Hijack, and Combo Fix. I have all the logs for those scans. The problem started after a rogue double clicking on an internet video that prompted me to run a plug-in or something. Almost immedieately a security warning bubble and a red circle with an X through it popped up in the task bar. I removed the computer from the good ol'interweb and noticed Norton found two files with auto protect, but the windows security warning kept popping up, along with internet explorer continually trying to open the site www.anykuy.com. After running Malewarebytes and Hijack it appeared that nothing was found quick and full scan. The computer was rebooted, no security warning, just a request to run an application by the name of "systeminit.exe" which brought me to the combo fix part of all of this. ComboFix did its thing and produced the log that i posted. I only posted the log due to the other member with the same issues being instructed to. I thought id save everyone some time and troubleshooting. I appologize if that was not the appropriate thing to do. Let me know what you need. Thanks
  11. marshall04
    ComboFix 09-02-10.01 - USAF 02/10/2009 21:42:17.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.288 [GMT -5:00] Running from: c:\documents and settings\USAF\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) FW: Symantec Client Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\USAF\Application Data\inst.exe c:\windows\Readme.txt . ((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-11 02:09 --------- d-----w c:\program files\Trend Micro 2009-02-11 02:06 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater 2009-02-08 22:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-08 22:58 --------- d-----w c:\documents and settings\USAF\Application Data\Malwarebytes 2009-02-08 22:58 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-02-08 01:53 --------- d-----w c:\documents and settings\USAF\Application Data\Move Networks 2009-01-31 01:23 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-30 15:06 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\1Click DVD Copy Pro 2009-01-29 00:22 --------- d-----w c:\documents and settings\USAF\Application Data\Research In Motion 2009-01-29 00:21 --------- d-----w c:\program files\Common Files\Research In Motion 2009-01-29 00:21 --------- d-----w c:\documents and settings\USAF\Application Data\Blackberry Desktop 2009-01-29 00:20 --------- d-----w c:\program files\Research In Motion 2009-01-18 20:14 --------- d-----w c:\program files\DVD Decrypter 2009-01-17 18:31 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-01-17 18:27 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-11 03:24 --------- d-----w c:\program files\GetData 2009-01-11 02:53 --------- d-----w c:\program files\Common Files\Adobe AIR 2009-01-07 00:10 --------- d-----w c:\documents and settings\USAF\Application Data\GARMIN 2009-01-06 03:40 --------- d-----w c:\documents and settings\USAF\Application Data\Apple Computer 2009-01-06 02:49 --------- d-----w c:\program files\Bonjour 2009-01-06 02:48 --------- d-----w c:\program files\iTunes 2009-01-06 02:48 --------- d-----w c:\program files\iPod 2009-01-06 02:48 --------- d-----w c:\program files\Common Files\Apple 2009-01-06 02:48 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-06 02:45 --------- d-----w c:\program files\QuickTime 2009-01-06 02:32 --------- d-----w c:\program files\Safari 2009-01-04 01:26 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-04 01:25 --------- d-----w c:\program files\CyberLink 2009-01-03 23:40 --------- d-----w c:\documents and settings\USAF\Application Data\CyberLink 2009-01-03 23:34 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\CyberLink 2008-12-16 20:08 --------- d-----w c:\program files\Microsoft Silverlight 2008-12-15 03:19 --------- d-----w c:\program files\Common Files\Ulead Systems 2008-12-15 03:18 --------- d-----w c:\program files\Windows Media Components 2008-12-15 03:15 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Ulead Systems 2008-12-15 03:14 --------- d-----w c:\program files\Ulead Systems 2008-12-15 03:14 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-14 01:54 --------- d-----w c:\documents and settings\USAF\Application Data\Xilisoft Corporation 2008-12-14 01:53 --------- d-----w c:\program files\Xilisoft 2008-12-13 21:37 --------- d-----w c:\program files\AC3Filter 2008-12-13 17:36 --------- d-----w c:\program files\DivX 2008-12-13 16:20 3,532 ----a-w C:\drmHeader.bin 2008-12-12 16:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-12-12 16:11 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-10-23 02:15 47,360 -c--a-w c:\documents and settings\USAF\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 07:00 AM 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [06/24/2008 03:06 PM 1840424] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [11/11/2005 07:40 PM 1236992] "igfxtray"="c:\windows\system32\igfxtray.exe" [11/28/2005 12:55 PM 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [11/28/2005 12:52 PM 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [11/28/2005 12:55 PM 118784] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 06:26 PM 52896] "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [09/27/2006 07:33 PM 125168] "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [01/23/2009 02:17 PM 177392] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [06/19/2008 08:53 AM 570664] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [06/08/2008 08:31 AM 2221352] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [06/13/2006 04:20 AM 127036] "Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/14/2008 09:38 PM 623992] "Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 03:40 PM 1884160] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [04/09/2008 09:00 AM 826880] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/15/2008 01:04 AM 39792] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [05/23/2005 09:57 AM 90112] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [11/16/2007 07:20 PM 91432] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [11/07/2008 02:16 PM 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [11/04/2008 10:30 AM 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [11/20/2008 01:20 PM 290088] "SigmatelSysTrayApp"="stsystra.exe" [05/08/2006 01:12 PM 282624 c:\windows\stsystra.exe] c:\documents and settings\USAF\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-12-14 344064] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 09:19 PM 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a--c--- 09/29/2006 11:39 AM 151552 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 10/13/2004 11:24 AM 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a--c--- 08/06/2007 07:05 PM 200704 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 08/30/2008 09:38 PM 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Downloads\\Music\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-12 99376] S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\Autoplay.exe -auto [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0a015a0-764f-11dd-b150-aac3f44e1b54}] \Shell\AutoRun\command - F:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [07/30/2008 11:34 AM] 2009-01-28 c:\windows\Tasks\CAAntiSpywareScan_Daily as USAF at 9 20 PM.job - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [08/30/2008 08:25 PM] 2009-01-28 c:\windows\Tasks\CAAntiSpywareScan_Daily as USAF at 9 20 PM.job - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\ [02/08/2009 05:25 PM] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-10 21:45:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'lsass.exe'(812) c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll - - - - - - - > 'csrss.exe'(728) c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll . Completion time: 02/10/2009 21:49:51 ComboFix-quarantined-files.txt 2009-02-11 02:49:45 Pre-Run: 2,149,625,856 bytes free Post-Run: 4,638,388,224 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 209 --- E O F --- 2009-01-17 18:31:44
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.