|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-24-2007, 07:37 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 9
OS: winXP
|
lo-key21 trojan(s)
Detected TROJ_VUNDO.AAH Quarantine Failed
File name: C:\Windows\System32\GKNMTIBE.EXE also TROJ_DROPPER.DCI Deckard's System Scanner v20071014.68 Run by Nic Carter on 2007-12-24 20:19:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Nic Carter.exe) ------------------------------------------ Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-24 20:20:05 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh .exe C:\DOCUME~1\NICCAR~1\LOCALS~1\Temp\clclean.0001 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol .exe C:\Program Files\Trend Micro\Internet Security 14\pccguide .exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dla\tfswctrl .exe C:\WINDOWS\system32\WLTRAY .exe C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\Program Files\Dell\MediaDirect\PCMService .exe C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon .exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe C:\WINDOWS\system32\ctfmon .exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Nic Carter\Desktop\dss.exe C:\Program Files\HijackThis\Nic Carter.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 F0 - win.ini: load=C:\WINDOWS\system32\geebc.exe F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: {da3eed17-b08b-e4db-1ee4-cefd9c249496} - {694942c9-dfec-4ee1-bd4e-b80b71dee3ad} - C:\WINDOWS\system32\qryurmex.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: (no name) - {DBA431A1-0191-4DBE-B5CD-3FBD998B7952} - C:\WINDOWS\system32\geebc.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [5c696a3b] rundll32.exe "C:\WINDOWS\system32\engyuonk.dll",b O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe" /SCB O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gknmtibe.exe /service O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE -- End of file - 11295 bytes -- Files created between 2007-11-24 and 2007-12-24 ----------------------------- 2007-12-24 19:49:38 0 d-------- C:\ie-spyad_zo 2007-12-24 03:25:43 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-23 20:58:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-23 20:58:10 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-12-23 20:58:10 0 d-------- C:\Documents and Settings\Nic Carter\Application Data\SUPERAntiSpyware.com 2007-12-23 19:29:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-23 19:15:52 0 d-------- C:\Program Files\SpywareBlaster 2007-12-23 13:27:06 1392640 --a------ C:\WINDOWS\system32\WLTRAY .exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet> 2007-12-23 04:39:29 341504 --a------ C:\WINDOWS\system32\geebc.exe 2007-12-23 04:39:03 19508 --ahs---- C:\WINDOWS\system32\cbeeg.ini2 2007-12-23 04:38:55 337920 -----n--- C:\WINDOWS\system32\geebc.dll 2007-12-23 04:33:43 0 d-------- C:\Program Files\QdrModule 2007-12-23 04:33:43 0 d-------- C:\Program Files\QdrDrive 2007-12-17 15:33:23 0 d-------- C:\Program Files\Activision 2007-12-03 23:22:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-12-03 23:22:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-12-03 23:22:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-03 23:22:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-12-03 23:22:43 1478656 --a------ C:\WINDOWS\system32\nview.dll 2007-12-03 23:22:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-12-03 23:22:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-12-03 23:22:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-12-03 23:20:07 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-03 23:19:50 0 d-------- C:\nVidia Forceware 2007-12-03 23:18:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-12-03 23:16:51 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-03 22:49:59 0 d-------- C:\Program Files\SystemRequirementsLab 2007-12-03 22:49:56 0 d-------- C:\Documents and Settings\Nic Carter\Application Data\SystemRequirementsLab 2007-11-27 13:56:00 0 d-------- C:\Documents and Settings\Nic Carter\Application Data\Bioshock 2007-11-27 13:24:06 0 d-------- C:\Program Files\2K Games -- Find3M Report --------------------------------------------------------------- 2007-12-24 19:10:14 0 d-------- C:\Program Files\Google 2007-12-24 19:04:42 0 d-------- C:\Program Files\Digital Line Detect 2007-12-24 18:59:04 0 d-------- C:\Program Files\BAE 2007-12-24 17:12:48 2095104 --a------ C:\WINDOWS\system32\WLTRAY.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet> 2007-12-24 17:12:47 0 d-------- C:\Program Files\Messenger 2007-12-23 20:57:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-23 19  02 0 d-------- C:\Program Files\Java2007-12-22 18:13:37 86517 --a------ C:\WINDOWS\system32\nvModes.dat 2007-12-20 22:07:01 3684 --a------ C:\Documents and Settings\Nic Carter\Application Data\wklnhst.dat 2007-12-20 17:48:24 2672 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-12-20 17:48:11 0 d-------- C:\Documents and Settings\Nic Carter\Application Data\Corel 2007-12-20 17:47:54 88 -r-hs---- C:\WINDOWS\system32\C452DD4D2C.sys 2007-12-17 16:50:14 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-03 23:36:53 0 d-------- C:\Program Files\Steam 2007-11-01 20:32:12 0 d-------- C:\Program Files\Dell Support Center 2007-11-01 20:31:56 0 d-------- C:\Program Files\Common Files\supportsoft 2007-11-01 20:31:55 0 d-------- C:\Program Files\Common Files -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{694942c9-dfec-4ee1-bd4e-b80b71dee3ad}] C:\WINDOWS\system32\qryurmex.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBA431A1-0191-4DBE-B5CD-3FBD998B7952}] 12/23/2007 04:38 AM 337920 --------- C:\WINDOWS\system32\geebc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVHotkey"="nvHotkey.dll" [03/21/2006 12:03 PM C:\WINDOWS\system32\nvhotkey.dll] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/24/2007 05:12 PM] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/24/2007 05:12 PM] "SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 11:30 PM C:\WINDOWS\stsystra.exe] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [12/24/2007 05:12 PM] "MBMon"="CTMBHA.DLL" [06/29/2006 06:12 AM C:\WINDOWS\system32\CTMBHA.DLL] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [12/24/2007 05:12 PM] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [12/24/2007 05:12 PM] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/24/2007 05:12 PM] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [12/24/2007 05:12 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [12/24/2007 05:12 PM] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [12/24/2007 05:12 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [12/24/2007 05:12 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/06/2007 06:56 PM] "nwiz"="nwiz.exe" [09/06/2007 06:56 PM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/06/2007 06:56 PM] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [12/24/2007 05:12 PM] "5c696a3b"="C:\WINDOWS\system32\engyuonk.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [12/22/2004 11:40 AM C:\WINDOWS\MIDIDEF.EXE] "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe" [12/24/2007 05:12 PM] "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [12/24/2007 05:12 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [12/24/2007 05:12 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [12/24/2007 05:12 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/20/2006 6:40:53 PM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geebc [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Program Files\Steam\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet -- End of Deckard's System Scanner: finished at 2007-12-24 20:21:08 ------------ Last edited by lo-key21 : 12-24-2007 at 07:50 PM. Reason: added name of trojan |
|
     |
|
12-24-2007, 11:34 PM
|
#2 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 9
OS: winXP
|
Re: lo-key21 trojan(s)
Used instructions from this post by Microbell.
http://www.techsupportforum.com/secu...tml#post477177 VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 11:51:16 PM 12/24/2007 Listing files found while scanning.... C:\WINDOWS\LastGood\pchealth\helpctr\binaries\msconfig.exe C:\WINDOWS\system32\cbeeg.ini C:\WINDOWS\system32\cbeeg.ini2 C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\geebc.dll C:\WINDOWS\system32\geebc.exe Beginning removal... Attempting to delete C:\WINDOWS\LastGood\pchealth\helpctr\binaries\msconfig.exe C:\WINDOWS\LastGood\pchealth\helpctr\binaries\msconfig.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\cbeeg.ini C:\WINDOWS\system32\cbeeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cbeeg.ini2 C:\WINDOWS\system32\cbeeg.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\dla\tfswctrl.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\geebc.dll C:\WINDOWS\system32\geebc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\geebc.exe C:\WINDOWS\system32\geebc.exe Has been deleted! Performing Repairs to the registry. Done! THEN RAN DSS AGAIN Logfile of HijackThis v1.99.1 Scan saved at 12:31:54 AM, on 12/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide .exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh .exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol .exe C:\DOCUME~1\NICCAR~1\LOCALS~1\Temp\clclean.0001 C:\WINDOWS\system32\WLTRAY .exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe C:\Program Files\Dell\MediaDirect\PCMService .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon .exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\HIJACK~1\NICCAR~1.EXE C:\WINDOWS\notepad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 F3 - REG:win.ini: load=C:\WINDOWS\system32\geebc.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {146C1AAF-B1F1-46EB-86FE-7190CF4BD98C} - C:\WINDOWS\system32\geebc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: {da3eed17-b08b-e4db-1ee4-cefd9c249496} - {694942c9-dfec-4ee1-bd4e-b80b71dee3ad} - C:\WINDOWS\system32\qryurmex.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe" /SCB O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Deckard's System Scanner v20071014.68 Run by Nic Carter on 2007-12-25 00:29:30 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Nic Carter.exe) ------------------------------------------ Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-25 00:30:33 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe C:\Program Files\Trend Micro\Internet Security 14\pccguide .exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh .exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol .exe C:\Documents and Settings\Nic Carter\Local Settings\Temp\clclean.0001 C:\WINDOWS\system32\WLTRAY .exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe C:\Program Files\Dell\MediaDirect\PCMService .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon .exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Nic Carter\Desktop\dss.exe C:\Program Files\HijackThis\Nic Carter.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 F0 - win.ini: load=C:\WINDOWS\system32\geebc.exe F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {146C1AAF-B1F1-46EB-86FE-7190CF4BD98C} - C:\WINDOWS\system32\geebc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: {da3eed17-b08b-e4db-1ee4-cefd9c249496} - {694942c9-dfec-4ee1-bd4e-b80b71dee3ad} - C:\WINDOWS\system32\qryurmex.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe" /SCB O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE -- End of file - 11234 bytes -- Files created between 2007-11-25 and 2007-12-25 ----------------------------- 2007-12-25 00:16:49 341504 --a------ C:\WINDOWS\system32\geebc.exe 2007-12-25 00:16:35 14266 --ahs---- C:\WINDOWS\system32\cbeeg.ini2 2007-12-25 00:16:27 337920 --a------ C:\WINDOWS\system32\geebc.dll 2007-12-24 23:51:16 0 d-------- C:\VundoFix Backups 2007-12-24 19:49:38 0 d-------- C:\ie-spyad_zo 2007-12-24 03:25:43 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-23 20:58:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-23 20:58:10 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-12-23 20:58:10 0 d-------- C:\Documents and Settings\Nic Carter\Application Data\SUPERAntiSpyware.com 2007-12-23 19:29:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-23 19:15:52 0 d-------- C:\Program Files\SpywareBlaster 2007-12-23 13:27:06 1392640 --a------ C:\WINDOWS\system32\WLTRAY .exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet> 2007-12-23 04:33:43 0 d-------- C:\Program Files\QdrModule 2007-12-23 04:33:43 0 d-------- C:\Program Files\QdrDrive 2007-12-17 15:33:23 0 d-------- C:\Program Files\Activision 2007-12-03 23:22:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-12-03 23:22:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-12-03 23:22:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-03 23:22:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-12-03 23:22:43 1478656 --a------ C:\WINDOWS\system32\nview.dll 2007-12-03 23:22:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-12-03 23:22:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-12-03 23:22:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-12-03 23:20:07 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-03 23:19:50 0 d-------- C:\nVidia Forceware 2007-12-03 23:18:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-12-03 23:16:51 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-12-03 22:49:59 0 d-------- C:\Program Files\SystemRequirementsLab 2007-12-03 22:49:56 0 d-------- C:\Documents and Settings\Nic Carter\Application Data\SystemRequirementsLab 2007-11-27 13:56:00 0 d-------- C:\Documents and Settings\Nic Carter\Application Data\Bioshock 2007-11-27 13:24:06 0 d-------- C:\Program Files\2K Games -- Find3M Report --------------------------------------------------------------- 2007-12-25 00:16:40 2095104 --a------ C:\WINDOWS\system32\WLTRAY.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet> 2007-12-25 00:16:35 0 d-------- C:\Program Files\Messenger 2007-12-24 21:20:38 3684 --a------ C:\Documents and Settings\Nic Carter\Application Data\wklnhst.dat 2007-12-24 19:10:14 0 d-------- C:\Program Files\Google 2007-12-24 19:04:42 0 d-------- C:\Program Files\Digital Line Detect 2007-12-24 18:59:04 0 d-------- C:\Program Files\BAE 2007-12-23 20:57:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-23 19 02 0 d-------- C:\Program Files\Java2007-12-22 18:13:37 86517 --a------ C:\WINDOWS\system32\nvModes.dat 2007-12-20 17:48:24 2672 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-12-20 17:48:11 0 d-------- C:\Documents and Settings\Nic Carter\Application Data\Corel 2007-12-20 17:47:54 88 -r-hs---- C:\WINDOWS\system32\C452DD4D2C.sys 2007-12-17 16:50:14 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-03 23:36:53 0 d-------- C:\Program Files\Steam 2007-11-01 20:32:12 0 d-------- C:\Program Files\Dell Support Center 2007-11-01 20:31:56 0 d-------- C:\Program Files\Common Files\supportsoft 2007-11-01 20:31:55 0 d-------- C:\Program Files\Common Files -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{146C1AAF-B1F1-46EB-86FE-7190CF4BD98C}] 12/25/2007 12:16 AM 337920 --a------ C:\WINDOWS\system32\geebc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{694942c9-dfec-4ee1-bd4e-b80b71dee3ad}] C:\WINDOWS\system32\qryurmex.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVHotkey"="nvHotkey.dll" [03/21/2006 12:03 PM C:\WINDOWS\system32\nvhotkey.dll] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/25/2007 12:16 AM] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/25/2007 12:16 AM] "SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 11:30 PM C:\WINDOWS\stsystra.exe] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [12/25/2007 12:16 AM] "MBMon"="CTMBHA.DLL" [06/29/2006 06:12 AM C:\WINDOWS\system32\CTMBHA.DLL] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [12/25/2007 12:16 AM] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [12/25/2007 12:16 AM] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [12/25/2007 12:16 AM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [12/25/2007 12:16 AM] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [12/25/2007 12:16 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [12/25/2007 12:16 AM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/06/2007 06:56 PM] "nwiz"="nwiz.exe" [09/06/2007 06:56 PM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/06/2007 06:56 PM] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [12/25/2007 12:16 AM] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 05:00 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [12/22/2004 11:40 AM C:\WINDOWS\MIDIDEF.EXE] "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe" [12/25/2007 12:16 AM] "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [12/25/2007 12:16 AM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [12/25/2007 12:16 AM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [12/25/2007 12:16 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/20/2006 6:40:53 PM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geebc [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5c696a3b] rundll32.exe "C:\WINDOWS\system32\engyuonk.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\geebc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "C:\Program Files\Steam\Steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet -- End of Deckard's System Scanner: finished at 2007-12-25 00:31:42 ------------ |
|
|
|
|
12-25-2007, 03:53 PM
|
#3 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: lo-key21 trojan(s)
www.bleepingcomputer.com
www.forospyware.com www.geekstogo.com 1. Please choose from any of the above links. Download the file & Save it to Desktop. 2. Double click on ComboFix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall |
|
|
|
|
12-25-2007, 05:09 PM
|
#4 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 9
OS: winXP
|
Re: lo-key21 trojan(s)
ComboFix 07-12-26.3 - Nic Carter 2007-12-25 17:43:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1295 [GMT -6:00] Running from: C:\Documents and Settings\Nic Carter\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\QdrDrive C:\Program Files\QdrModule C:\Program Files\QdrModule\QdrModule11 .exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\cbeeg.ini C:\WINDOWS\system32\cbeeg.ini2 C:\WINDOWS\system32\geebc.dll C:\WINDOWS\system32\geebc.exe C:\WINDOWS\system32\knouygne.ini C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\UpdReg.EXE . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE ((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))) . 2007-12-24 23:51 . 2007-12-25 00:21 <DIR> d-------- C:\VundoFix Backups 2007-12-24 20:12 . 2007-12-24 20:12 <DIR> d-------- C:\Deckard 2007-12-24 19:49 . 2007-12-24 19:49 <DIR> d-------- C:\ie-spyad_zo 2007-12-24 03:25 . 2007-12-24 19:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-24 03:25 . 2007-12-24 18:19 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-24 03:25 . 2007-12-24 18:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-24 03:25 . 2007-12-24 18:19 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-24 02:19 . 2007-12-24 02:19 341,504 --a------ C:\WINDOWS\system32\RCX37.tmp 2007-12-23 23:51 . 2007-12-23 23:51 341,504 --a------ C:\WINDOWS\system32\RCX36.tmp 2007-12-23 23:00 . 2007-12-23 23:00 341,504 --a------ C:\WINDOWS\system32\RCX35.tmp 2007-12-23 20:58 . 2007-12-26 17:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-23 20:58 . 2007-12-23 20:58 <DIR> d-------- C:\Documents and Settings\Nic Carter\Application Data\SUPERAntiSpyware.com 2007-12-23 20:58 . 2007-12-23 20:58 <DIR> d-------- C:\DOCUME~1\NICCAR~1\APPLIC~1\SUPERAntiSpyware.com 2007-12-23 20:58 . 2007-12-23 20:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-12-23 20:15 . 2007-12-23 20:15 341,504 --a------ C:\WINDOWS\system32\RCX34.tmp 2007-12-23 19:29 . 2007-12-23 19:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira 2007-12-23 19:15 . 2007-12-25 11:20 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-12-23 19:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-23 13:27 . 2007-12-25 17:05 1,392,640 --a------ C:\WINDOWS\system32\WLTRAY .exe 2007-12-23 13:27 . 2007-12-23 13:27 341,504 --a------ C:\WINDOWS\system32\RCX31.tmp 2007-12-23 13:27 . 2007-12-25 17:05 90,112 --a------ C:\WINDOWS\UpdReg .EXE 2007-12-23 13:27 . 2007-12-25 01:04 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2007-12-17 16:48 . 2007-12-17 16:48 278 --a------ C:\WINDOWS\game.ini 2007-12-17 15:33 . 2007-12-17 15:33 <DIR> d-------- C:\Program Files\Activision 2007-12-03 23:20 . 2007-09-06 18:56 2,441,216 --a------ C:\WINDOWS\system32\nvwssr.dll 2007-12-03 23:20 . 2007-09-06 18:56 2,371,584 --a------ C:\WINDOWS\system32\nvwss.dll 2007-12-03 23:20 . 2007-09-06 19:57 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-12-03 23:20 . 2007-09-06 19:57 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-12-03 23:20 . 2007-09-06 18:56 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-03 23:20 . 2007-12-03 23:33 54,919 --a------ C:\WINDOWS\system32\nvapps.xml 2007-12-03 23:20 . 2007-09-06 18:56 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu 2007-12-03 23:19 . 2007-12-03 23:19 <DIR> d-------- C:\nVidia Forceware 2007-12-03 23:18 . 2007-12-03 23:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-12-03 23:16 . 2007-12-03 23:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles 2007-12-03 22:49 . 2007-12-03 22:49 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2007-12-03 22:49 . 2007-12-03 22:49 <DIR> d-------- C:\Documents and Settings\Nic Carter\Application Data\SystemRequirementsLab 2007-12-03 22:49 . 2007-12-03 22:49 <DIR> d-------- C:\DOCUME~1\NICCAR~1\APPLIC~1\SystemRequirementsLab 2007-11-27 13:56 . 2007-12-17 15:24 <DIR> d-------- C:\Documents and Settings\Nic Carter\Application Data\Bioshock 2007-11-27 13:56 . 2007-12-17 15:24 <DIR> d-------- C:\DOCUME~1\NICCAR~1\APPLIC~1\Bioshock 2007-11-27 13:24 . 2007-12-04 15:44 <DIR> d-------- C:\Program Files\2K Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-25 03:20 3,684 ----a-w C:\Documents and Settings\Nic Carter\Application Data\wklnhst.dat 2007-12-25 03:20 3,684 ----a-w C:\DOCUME~1\NICCAR~1\APPLIC~1\wklnhst.dat 2007-12-25 01:10 --------- d-----w C:\Program Files\Google 2007-12-25 01:04 --------- d-----w C:\Program Files\Digital Line Detect 2007-12-25 00:59 --------- d-----w C:\Program Files\BAE 2007-12-24 02:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-24 01:06 --------- d-----w C:\Program Files\Java 2007-12-23 00:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-20 23:48 --------- d-----w C:\Documents and Settings\Nic Carter\Application Data\Corel 2007-12-20 23:48 --------- d-----w C:\DOCUME~1\NICCAR~1\APPLIC~1\Corel 2007-12-17 22:50 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-04 23:13 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell 2007-12-04 05:36 --------- d-----w C:\Program Files\Steam 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-02 02:32 --------- d-----w C:\Program Files\Dell Support Center 2007-11-02 02:32 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft 2007-11-02 02:31 --------- d-----w C:\Program Files\Common Files\supportsoft 2007-06-13 23:32 22,584 ----a-w C:\Documents and Settings\Nic Carter\Application Data\PnkBstrK.sys 2007-06-13 23:32 22,584 ----a-w C:\DOCUME~1\NICCAR~1\APPLIC~1\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{694942c9-dfec-4ee1-bd4e-b80b71dee3ad}] C:\WINDOWS\system32\qryurmex.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 11:40 C:\WINDOWS\MIDIDEF.EXE] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVHotkey"="nvHotkey.dll" [2006-03-21 12:03 C:\WINDOWS\system32\nvhotkey.dll] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 C:\WINDOWS\stsystra.exe] "MBMon"="Rundll32 CTMBHA.DLL" [] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-09-06 18:56 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-11 19:45] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-20 18:40:53] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5c696a3b] rundll32.exe C:\WINDOWS\system32\engyuonk.dll,b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] C:\Program Files\Dell Support\DSAgnt.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-10-30 09:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\geebc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] 2003-09-10 02:24 20480 --------- C:\Program Files\NetWaiting\netWaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service [] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-26 17:50:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-26 17:51:41 - machine was rebooted . 2007-12-13 23:46:50 --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 5:58:56 PM, on 12/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\NICCAR~1\LOCALS~1\Temp\clclean.0001 C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Nic Carter\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\NICCAR~1.EXE C:\WINDOWS\system32\cmd.exe C:\DOCUME~1\NICCAR~1\LOCALS~1\Temp\~ziqzplo.tmp\swreg.exe C:\DOCUME~1\NICCAR~1\LOCALS~1\Temp\~ziqzplo.tmp\sed.exe C:\WINDOWS\system32\cmd.exe C:\DOCUME~1\NICCAR~1\LOCALS~1\Temp\~ziqzplo.tmp\sed.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061220 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: {da3eed17-b08b-e4db-1ee4-cefd9c249496} - {694942c9-dfec-4ee1-bd4e-b80b71dee3ad} - C:\WINDOWS\system32\qryurmex.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE |
|
|
|
