|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
07-09-2008, 07:44 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 9
OS: Windows XP
|
Hello. So, I downloaded a game, and a few days after playing it, I've scanned my computer and noticed that this virus called "win32.jeefo" is detected. So continuously, I scan my computer trying to delete this virus, but it continues to come back after every time I scan. I have no idea where this virus is located and only know it's name, which is again, the win32.jeefo virus / malware.Forgive me if I have provoked any posting restrictions, as I am new to these forums. Any help would be greatly appreciated, thanks in advance.
Here is a log from the scanner, Deckard's system scanner. ..hopefully, it'll pop up. Thanks for all the help, in advance. [: Last edited by amateur : 07-09-2008 at 11:52 PM. Reason: to retain 0-reply status |
|
     |
|
07-14-2008, 11:22 AM
|
#3 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 9
OS: Windows XP
|
Re: Win32.jeefo virus / malware.
Here is a new log of the scan.
Deckard's System Scanner v20071014.68 Run by Jacob on 2008-07-14 14:20:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Jacob.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:20:39 PM, on 7/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jacob\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Jacob.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM') O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user') O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/game...lugin10USA.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 10630 bytes -- Files created between 2008-06-14 and 2008-07-14 ----------------------------- 2008-07-11 11:59:19 0 d-------- C:\Nexon 2008-07-10 22:52:36 0 d-------- C:\Program Files\LimeWire 2008-07-10 22:12:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-09 22:16:18 0 d-------- C:\Program Files\SpywareBlaster 2008-07-09 20:03:31 0 d-------- C:\Program Files\Trend Micro 2008-07-09 19:53:09 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-09 19:53:04 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-09 19:53:04 0 d-------- C:\Documents and Settings\Jacob\Application Data\SUPERAntiSpyware.com 2008-06-19 12:49:04 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire -- Find3M Report --------------------------------------------------------------- 2008-07-14 13:59:17 0 d-------- C:\Documents and Settings\Jacob\Application Data\Skype 2008-07-14 10:41:31 0 d-------- C:\Documents and Settings\Jacob\Application Data\skypePM 2008-07-11 05  40 0 d-------- C:\Program Files\GetRight2008-07-10 16:17:14 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-10 16:16:55 0 d--h----- C:\Documents and Settings\Jacob\Application Data\ijjigame 2008-07-09 21:57:11 0 d-------- C:\Program Files\Common Files 2008-07-09 21:55:21 0 d-------- C:\Program Files\ScanSpyware v3.8.0.4 2008-07-09 20:58:28 155648 --a------ C:\WINDOWS\system32\RAMASST.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; > 2008-07-09 20:58:27 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2008-07-09 20:58:26 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2008-07-09 20:58:24 425984 --a------ C:\WINDOWS\system32\keystone.exe 2008-07-09 20:58:21 110592 --a------ C:\WINDOWS\system32\cselect.exe <Not Verified; Toshiba Corporation; toshiba cselect> 2008-07-09 20:58:13 306688 --a----c- C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-07-09 20:57:59 20966970 --a----c- C:\WINDOWS\cfdemo.exe <Not Verified; Macromedia, Inc.; Shockwave Flash> 2008-07-09 20:55:38 700416 --a------ C:\StubInstaller.exe <Not Verified; LimeWire; LimeWire swarmed installer> 2008-06-29 16:42:44 0 d-------- C:\Documents and Settings\Jacob\Application Data\Adobe 2008-06-29 10:49:02 0 d-------- C:\Documents and Settings\Jacob\Application Data\Mozilla 2008-05-07 16:01:30 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [03/14/2006 03:12 PM] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/24/2005 11:58 PM] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 08:13 PM] "NDSTray.exe"="NDSTray.exe" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/15/2006 07:34 PM] "CFSServ.exe"="CFSServ.exe" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 04:32 AM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/03/2007 05:12 PM] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/20/2007 04:30 PM] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [04/30/2008 05:17 PM] "ares"="C:\Program Files\Ares\Ares.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [9/27/2007 3:22:30 PM] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jacob^Start Menu^Programs^Accessories^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] CFSServ.exe -NoClient [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] launchapp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet -- End of Deckard's System Scanner: finished at 2008-07-14 14:21:09 ------------ Last edited by TheBruce1 : 07-14-2008 at 12:35 PM. |
|
|
|
|
07-14-2008, 12:48 PM
|
#4 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 2,481
OS: XP
|
Re: Win32.jeefo virus / malware.
Hello again
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. ======== Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present. Please Do Not Attach logs to your posts unless you are advised to do so. ======= P2P P2P - I see you have P2P software LimeWire 4.18.3 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections. References for the risk of these programs are Here, Here and Here. ========== Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once the Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed.  Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. ========= Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ========== Logs Required C:\Combofix.txt Hijackthis Log Why do you not have any virus protection installed? |
|
|
|
|
07-14-2008, 01:25 PM
|
#5 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 9
OS: Windows XP
|
Re: Win32.jeefo virus / malware.
All the virus protection programs Windows recommended me were not free, so I thought I could find a free one. Not successful so far. Could you recommend any free ones for me? And here are the logs you have requested.
It's not allowing me to upload the log from HiJackThis, so I'll post it here. ComboFix 08-07-14.2 - Jacob 2008-07-14 16:16:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.585 [GMT -4:00] Running from: C:\Documents and Settings\Jacob\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jacob\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))) . 2008-07-11 11:59 . 2008-07-11 11:59 <DIR> d-------- C:\Nexon 2008-07-10 22:52 . 2008-07-10 22:52 <DIR> d-------- C:\Program Files\LimeWire 2008-07-10 22:12 . 2008-07-10 22:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-10 22:12 . 2008-07-10 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-10 20:32 . 2007-11-22 10:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-07-10 02:20 . 2008-07-14 10:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-10 02:20 . 2008-07-10 02:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-09 22:32 . 2008-07-09 22:32 <DIR> d-------- C:\Deckard 2008-07-09 22:16 . 2008-07-09 22:18 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-07-09 20:03 . 2008-07-09 20:03 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-09 19:53 . 2008-07-09 19:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-07-09 19:53 . 2008-07-09 21:57 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\SUPERAntiSpyware.com 2008-07-09 19:53 . 2008-07-09 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-20 13:41 . 2008-06-20 13:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys 2008-06-19 12:49 . 2008-06-19 12:49 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-14 20:17 --------- d-----w C:\Documents and Settings\Jacob\Application Data\Skype 2008-07-14 20:01 --------- d-----w C:\Documents and Settings\Jacob\Application Data\skypePM 2008-07-11 09:06 --------- d-----w C:\Program Files\GetRight 2008-07-10 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-10 20:16 --------- d--h--w C:\Documents and Settings\Jacob\Application Data\ijjigame 2008-07-10 01:55 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.4 2008-07-10 00:57 20,966,970 -c--a-w C:\WINDOWS\cfdemo.exe 2008-07-10 00:55 700,416 ----a-w C:\StubInstaller.exe 2008-07-09 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 04:32 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 17:12 68856] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 16:30 4670704] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-14 15:12 1769472] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 23:58 81920] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 20:13 122880] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-15 19:34 7557120] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ IEHOME.LNK - C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat [2006-12-14 07:12:44 298] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ IEHOME.LNK - C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat [2006-12-14 07:12:44 298] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2007-09-27 15:22:30 4112384] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Jacob^Start Menu^Programs^Accessories^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] launchapp [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-10 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2008-07-09 20:58 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-05 17:56 64512 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] --a------ 2008-07-09 20:39 602182 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] --a------ 2008-07-09 20:39 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-02-15 19:34 7557120 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-04-03 17:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2008-07-09 20:40 761856 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-20 16:30 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --a------ 2005-12-28 19:21 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-02-15 19:34 1519616 C:\WINDOWS\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 02:42] R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 20:21] R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 18:27] S3 cheetah1;cheetah1;C:\Documents and Settings\Jacob\Desktop\Haxx\Toliks Hack Pack v37\Cheetah Engine 1.4\cheetah.sys [] S3 geebers12;geebers12;C:\Documents and Settings\Jacob\My Documents\Haxx\Buffy Engine\nvid888.sys [] S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Jacob\Desktop\Akash's v.46 HackPack\Akash's v.46 HackPack\IlvMoney1083.sys [] S3 kaspersky1;kaspersky1;C:\Documents and Settings\Jacob\Desktop\Haxx\KasperSky6.0\kaspersky.sys [] S3 memxers12;memxers12;C:\Documents and Settings\Jacob\My Documents\Haxx\Vicious_Engine_5[1].1\nvid999.sys [] S3 saruen;saruen;C:\Documents and Settings\Jacob\My Documents\Hacking tools\Kaspersky_Engine_2\saruen.sys [] S3 spuce1;spuce1;C:\Documents and Settings\Jacob\Desktop\Haxx\Spuc3ngine\spuce.sys [] S3 toBzM;toBzM;C:\toBzM.sys [] S3 TSHAK3T1;TSHAK3T1;C:\Documents and Settings\Jacob\Desktop\Haxx\RE_3[1][1].2\RE 3.2\spuce.sys [] S3 xp1;xp1;C:\Documents and Settings\Jacob\Desktop\Haxx\xpengine\xp.sys [] S3 zenx1;zenx1;C:\Documents and Settings\Jacob\My Documents\Hacking tools\ZenxEngine_LATEST\zenx.sys [] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-07-08 21:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-ares - C:\Program Files\Ares\Ares.exe HKLM-Run-NDSTray.exe - NDSTray.exe HKLM-Run-CFSServ.exe - CFSServ.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) MSConfigStartUp-CFSServ - CFSServ.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-14 16:17:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** "ImagePath"="\??\C:\Documents and Settings\Jacob\My Documents\Haxx\Vicious_Engine_5 [1].1\nvid999.sys" -- "ImagePath"="\??\C:\Documents and Settings\Jacob\Desktop\Haxx\RE_3 [1][1].2\RE 3.2\spuce.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\memxers12] "ImagePath"="\??\C:\Documents and Settings\Jacob\My Documents\Haxx\Vicious_Engine_5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSHAK3T1] "ImagePath"="\??\C:\Documents and Settings\Jacob\Desktop\Haxx\RE_3 . Completion time: 2008-07-14 16:17:58 ComboFix-quarantined-files.txt 2008-07-14 20:17:36 Pre-Run: 90,053,595,136 bytes free Post-Run: 90,091,458,560 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 174 --- E O F --- 2008-07-10 23:17:56 ========== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:19:21 PM, on 7/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM') O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user') O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user') O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/game...lugin10USA.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 10427 bytes Last edited by TheBruce1 : 07-14-2008 at 02:03 PM. |
|
|
|
|
07-14-2008, 02:24 PM
|
#6 (permalink) | ||
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 2,481
OS: XP
|
Re: Win32.jeefo virus / malware.
Hello again
Quote:
We do not condone the use of cracked/hacked software and i would be within my rights to stop helping you at this point, i will continue to help you, this time only, if you become infected again by downloading crack software, you may have to pay someone to assist you in cleaning up the infections, be very wary of crack software, your system maybe used as a vehicle for illegal activity. ======== Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFscript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall =========== I see no evidence of an AntiVirus program on your system. This must be resolved. Here are a few very good free Antivirus products which are available:Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan. ============ Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ============ Logs Required C:\Combofix.txt AV scan results Hijackthis Log |
||
|
|
|
|
07-15-2008, 07:20 AM
|
#7 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 9
OS: Windows XP
|
Re: Win32.jeefo virus / malware.
Thank you for your help, I greatly appreciate it. I've downloaded the AV program, avast!, ran a scan and such but I could not produce a log. I also did the other things you've asked for and here are the requested logs: Again, my HiJackThis log was invalid to produce as a file, so I will paste it in my post. Sorry for the inconvience. ComboFix 08-07-14.2 - Jacob 2008-07-14 17:40:07.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.89 [GMT -4:00] Running from: C:\Documents and Settings\Jacob\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jacob\Desktop\CFscript.txt * Created a new restore point FILE :: C:\WINDOWS\cfdemo.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\ScanSpyware v3.8.0.4 C:\Program Files\ScanSpyware v3.8.0.4\log\10-7-2008 (1-33-19).log C:\Program Files\ScanSpyware v3.8.0.4\log\12-10-2007 (0-1-33).log C:\Program Files\ScanSpyware v3.8.0.4\log\13-10-2007 (17-0-23).log C:\Program Files\ScanSpyware v3.8.0.4\log\14-6-2008 (16-40-7).log C:\Program Files\ScanSpyware v3.8.0.4\log\16-2-2008 (13-25-50).log C:\Program Files\ScanSpyware v3.8.0.4\log\17-12-2007 (22-38-15).log C:\Program Files\ScanSpyware v3.8.0.4\log\18-3-2008 (20-50-40).log C:\Program Files\ScanSpyware v3.8.0.4\log\19-3-2008 (16-42-53).log C:\Program Files\ScanSpyware v3.8.0.4\log\2-11-2007 (2-2-50).log C:\Program Files\ScanSpyware v3.8.0.4\log\21-3-2008 (13-59-47).log C:\Program Files\ScanSpyware v3.8.0.4\log\21-3-2008 (18-52-44).log C:\Program Files\ScanSpyware v3.8.0.4\log\25-12-2007 (0-47-50).log C:\Program Files\ScanSpyware v3.8.0.4\log\26-1-2008 (14-53-40).log C:\Program Files\ScanSpyware v3.8.0.4\log\26-12-2007 (20-49-45).log C:\Program Files\ScanSpyware v3.8.0.4\log\3-7-2008 (13-23-14).log C:\Program Files\ScanSpyware v3.8.0.4\log\8-10-2007 (19-48-17).log C:\Program Files\ScanSpyware v3.8.0.4\ssdb012508.db C:\Program Files\ScanSpyware v3.8.0.4\ssdb110107.db C:\Program Files\ScanSpyware v3.8.0.4\undelete.log C:\WINDOWS\cfdemo.exe . ((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))) . 2008-07-11 11:59 . 2008-07-11 11:59 <DIR> d-------- C:\Nexon 2008-07-10 22:52 . 2008-07-10 22:52 <DIR> d-------- C:\Program Files\LimeWire 2008-07-10 22:12 . 2008-07-10 22:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-10 22:12 . 2008-07-10 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-10 20:32 . 2007-11-22 10:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2008-07-10 02:20 . 2008-07-14 10:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-10 02:20 . 2008-07-10 02:20 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-09 22:32 . 2008-07-09 22:32 <DIR> d-------- C:\Deckard 2008-07-09 22:16 . 2008-07-09 22:18 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-07-09 20:03 . 2008-07-09 20:03 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-09 19:53 . 2008-07-09 19:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-07-09 19:53 . 2008-07-09 21:57 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\SUPERAntiSpyware.com 2008-07-09 19:53 . 2008-07-09 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-20 13:41 . 2008-06-20 13:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys 2008-06-19 12:49 . 2008-06-19 12:49 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-14 21:41 --------- d-----w C:\Documents and Settings\Jacob\Application Data\Skype 2008-07-14 20:01 --------- d-----w C:\Documents and Settings\Jacob\Application Data\skypePM 2008-07-11 09:06 --------- d-----w C:\Program Files\GetRight 2008-07-10 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-10 20:16 --------- d--h--w C:\Documents and Settings\Jacob\Application Data\ijjigame 2008-07-10 00:55 700,416 ----a-w C:\StubInstaller.exe 2008-07-09 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 04:32 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 17:12 68856] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 16:30 4670704] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-14 15:12 1769472] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 23:58 81920] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 20:13 122880] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-15 19:34 7557120] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ IEHOME.LNK - C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat [2006-12-14 07:12:44 298] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ IEHOME.LNK - C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat [2006-12-14 07:12:44 298] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2007-09-27 15:22:30 4112384] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Jacob^Start Menu^Programs^Accessories^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] launchapp [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-10 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2008-07-09 20:58 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-08-05 17:56 64512 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] --a------ 2008-07-09 20:39 602182 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] --a------ 2008-07-09 20:39 667718 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-02-15 19:34 7557120 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-04-03 17:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2008-07-09 20:40 761856 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-20 16:30 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --a------ 2005-12-28 19:21 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-02-15 19:34 1519616 C:\WINDOWS\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 02:42] R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 20:21] R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 18:27] S3 cheetah1;cheetah1;C:\Documents and Settings\Jacob\Desktop\Haxx\Toliks Hack Pack v37\Cheetah Engine 1.4\cheetah.sys [] S3 geebers12;geebers12;C:\Documents and Settings\Jacob\My Documents\Haxx\Buffy Engine\nvid888.sys [] S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Jacob\Desktop\Akash's v.46 HackPack\Akash's v.46 HackPack\IlvMoney1083.sys [] S3 kaspersky1;kaspersky1;C:\Documents and Settings\Jacob\Desktop\Haxx\KasperSky6.0\kaspersky.sys [] S3 memxers12;memxers12;C:\Documents and Settings\Jacob\My Documents\Haxx\Vicious_Engine_5[1].1\nvid999.sys [] S3 saruen;saruen;C:\Documents and Settings\Jacob\My Documents\Hacking tools\Kaspersky_Engine_2\saruen.sys [] S3 spuce1;spuce1;C:\Documents and Settings\Jacob\Desktop\Haxx\Spuc3ngine\spuce.sys [] S3 toBzM;toBzM;C:\toBzM.sys [] S3 TSHAK3T1;TSHAK3T1;C:\Documents and Settings\Jacob\Desktop\Haxx\RE_3[1][1].2\RE 3.2\spuce.sys [] S3 xp1;xp1;C:\Documents and Settings\Jacob\Desktop\Haxx\xpengine\xp.sys [] S3 zenx1;zenx1;C:\Documents and Settings\Jacob\My Documents\Hacking tools\ZenxEngine_LATEST\zenx.sys [] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-07-08 21:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ******************************** |
