|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
07-26-2006, 09:20 PM
|
#41 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,429
OS: N/A
|
__________________
Question - what have you done for the community today? |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-27-2006, 07:39 AM
|
#42 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 33
OS: XP
|
Here's the GMER log as per your request:
----------------------------------------------------------------------- GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-27 09:37:41 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT 81FAD8D8 ZwConnectPort SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwCreateFile <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwCreateKey <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwEnumerateKey <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwEnumerateValueKey <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwOpenFile <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwOpenKey <-- ROOTKIT !!! SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess SSDT 81F82460 ZwOpenThread SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwQueryDirectoryFile <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\mssync20.sys ZwQuerySystemInformation <-- ROOTKIT !!! SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess ---- Services - GMER 1.0.10 ---- Service C:\WINDOWS\system32\mssync20.sys (*** hidden *** ) [AUTO] mssync2020 <-- ROOTKIT !!! ---- Registry - GMER 1.0.10 ---- Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@mssync20 C:\WINDOWS\system32\mssync20.exe Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices@mssync20 C:\WINDOWS\system32\mssync20.exe Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FilterData 0x02 0x00 0x00 0x00 ... Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FilterData 0x02 0x00 0x00 0x00 ... Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{3e227e76-690d-11d2-8161-0000f8775bf1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{3e227e76-690d-11d2-8161-0000f8775bf1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft WINMM WDM Audio Compatibility Driver Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Audio Splitter Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Wave Audio Mixer Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@SetupPreferredAudioDevicesCount 0 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\##?#Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\##?#Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Audio Splitter Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\##?#Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\##?#Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel System Audio Device Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad809c00-7b88-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad809c00-7b88-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Wave Audio Mixer Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\##?#Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\##?#Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{dff220f3-f70f-11d0-b917-00a0c9223196}\##?#Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{dff220f3-f70f-11d0-b917-00a0c9223196}\##?#Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\##?#Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\##?#Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSSYNC2020 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSSYNC2020\0000 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@DisplayName mssync2020 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@DisplayName mssync2020 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020\Security Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@DisplayName mssync2020 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020\Enum Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\mssync2020@DisplayName mssync2020 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FilterData 0x02 0x00 0x00 0x00 ... Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FilterData 0x02 0x00 0x00 0x00 ... Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{3e227e76-690d-11d2-8161-0000f8775bf1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{3e227e76-690d-11d2-8161-0000f8775bf1}\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft WINMM WDM Audio Compatibility Driver Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Audio Splitter Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@SetupPreferredAudioDevicesCount 0 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Wave Audio Mixer Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@SetupPreferredAudioDevicesCount 0 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\##?#Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\##?#Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}\#{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Audio Splitter Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\##?#Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\##?#Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel System Audio Device Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad809c00-7b88-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad809c00-7b88-11d0-a5d6-28db04c10000}\##?#Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}\#{b7eafdc0-a680-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Wave Audio Mixer Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\##?#Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\##?#Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}\#{4245ff73-1db4-11d2-86e4-98ae20524153}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel Acoustic Echo Canceller Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{dff220f3-f70f-11d0-b917-00a0c9223196}\##?#Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{dff220f3-f70f-11d0-b917-00a0c9223196}\##?#Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}\#{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters@FriendlyName Microsoft Kernel GS Wavetable Synthesizer Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\##?#Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@CLSID {17CCA71B-ECD7-11D0-B908-00A0C9223196} Reg \Registry\MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\##?#Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}\#{eec12db6-ad9c-4168-8658-b03daef417fe}&{ABD61E00-9350-47e2-A632-4438B90C6641}\Device Parameters@FriendlyName Microsoft Kernel DRM Audio Descrambler Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSSYNC2020 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSSYNC2020\0000 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@DisplayName mssync2020 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@DisplayName mssync2020 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020\Security Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\mssync2020@DisplayName mssync2020 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSYNC2020 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSYNC2020\0000 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSSYNC2020@NextInstance 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@DisplayName mssync2020 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@DisplayName mssync2020 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020\Security Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@DisplayName mssync2020 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020\Enum Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Type 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@Start 2 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ErrorControl 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@ImagePath \??\C:\WINDOWS\system32\mssync20.sys Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\mssync2020@DisplayName mssync2020 Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Explorer@mssync20 0xE2 0x58 0xC6 0x44 ... Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\Run@mssync20 C:\WINDOWS\system32\mssync20.exe Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\CurrentVersion\RunServices@mssync20 C:\WINDOWS\system32\mssync20.exe Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\mssync20.exe mssync20 Reg \Registry\USER\S-1-5-21-1920598257-2491552050-16476969-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\system32\mssync20.exe mssync20 ---- Files - GMER 1.0.10 ---- File C:\System Volume Information\catalog.wci File C:\System Volume Information\MountPointManagerRemoteDatabase File C:\System Volume Information\tracking.log File C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3} File C:\WINDOWS\system32\mssync20.sys <-- ROOTKIT !!! File C:\WINDOWS\system32\mssync20.tlb ---- EOF - GMER 1.0.10 ---- |
|
|
|
|
07-27-2006, 07:51 AM
|
#43 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,429
OS: N/A
|
Well, there's the little bugger.
Run Gmer again. When you see the entry, highlighted in red Service C:\WINDOWS\system32\mssync20.sys (*** hidden *** ) [AUTO] mssync2020 Right click on it & have Gmer delete the service. Reboot immediately. Upon restarting Windows, locate the file - C:\WINDOWS\system32\mssync20.sys Rename it to mssync20.sys.ren Also look for any other file that has a similar name - mssync20**** If found, rename all of them Then send me samples of the file to this webpage
__________________
Question - what have you done for the community today? |
|
|
|
|
07-27-2006, 08:50 AM
|
#45 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,429
OS: N/A
|
Let' see if Kaspersky online scan will throw up a fit? :)
__________________
Question - what have you done for the community today? |
|
|
|
|
07-27-2006, 09:53 AM
|
#46 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 33
OS: XP
|
Finally success with an online scan. Following is the report you requested:
------------------------------------------------------ KASPERSKY ONLINE SCANNER REPORT Thursday, July 27, 2006 11:50:35 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 27/07/2006 Kaspersky Anti-Virus database records: 197781 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan Statistics Total number of scanned objects 59939 Number of viruses found 23 Number of infected objects 93 / 0 Number of suspicious objects 4 Duration of the scan process 00:53:26 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip/actalert.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006072720060728\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_840.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DF60E0.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\UserData\index.dat Object is locked skipped C:\Downloads\BitDefender Professional v6.4.x cracked.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.kd skipped C:\Downloads\BitDefender Professional v6.4.x cracked.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\Downloads\BitDefender Professional v6.4.x cracked.exe SetupFactory: infected - 2 skipped C:\Downloads\Deutsch BitDefender Professional v6.4.x crack.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.kd skipped C:\Downloads\Deutsch BitDefender Professional v6.4.x crack.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\Downloads\Deutsch BitDefender Professional v6.4.x crack.exe SetupFactory: infected - 2 skipped C:\Downloads\US BitDefender Professional v6.4.x crack.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\Movies\MsnMsgr.txt Object is locked skipped C:\My Downloads\BitDefender Professional v6.4.x cracked.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.kd skipped C:\My Downloads\BitDefender Professional v6.4.x cracked.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\My Downloads\BitDefender Professional v6.4.x cracked.exe SetupFactory: infected - 2 skipped C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.kd skipped C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe SetupFactory: infected - 2 skipped C:\My Downloads\US BitDefender Professional v6.4.x crack.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\Program Files\NoAdware4\NoAdwareBackup\7,22,2006_12,47,24.zip/!update.exe Suspicious: Password-protected-EXE skipped C:\Program Files\NoAdware4\NoAdwareBackup\7,22,2006_12,47,24.zip ZIP: suspicious - 1 skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Quarantine\047E5834 Infected: Worm.Win32.VB.an skipped C:\Program Files\Norton AntiVirus\Quarantine\0869393B Infected: Worm.Win32.VB.an skipped C:\Program Files\Norton AntiVirus\Quarantine\086C6337 Infected: Worm.Win32.VB.an skipped C:\Program Files\Norton AntiVirus\Quarantine\09786F67 Infected: Worm.Win32.VB.an skipped C:\Program Files\Norton AntiVirus\Quarantine\24C84FFC.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\24C84FFC.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\24C84FFC.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\24C84FFC.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Program Files\Norton AntiVirus\Quarantine\24C84FFC.zip ZIP: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\24C84FFC.zip CryptFF: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\30EE38F0.exe Infected: P2P-Worm.Win32.Krepper.c skipped C:\Program Files\Norton AntiVirus\Quarantine\33776519.exe Infected: Trojan-Downloader.Win32.Small.on skipped C:\Program Files\Norton AntiVirus\Quarantine\348769B8.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\348769B8.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\348769B8.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton AntiVirus\Quarantine\348769B8.zip ZIP: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\348769B8.zip CryptFF: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\396C3859.htm Infected: Trojan-Downloader.JS.IstBar.k skipped C:\Program Files\Norton AntiVirus\Quarantine\39D671D3.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\39D671D3.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\39D671D3.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton AntiVirus\Quarantine\39D671D3.zip ZIP: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\39D671D3.zip CryptFF: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\44F33C72 Infected: Worm.Win32.VB.an skipped C:\Program Files\Norton AntiVirus\Quarantine\4C2D6A4E.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\4C2D6A4E.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\4C2D6A4E.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton AntiVirus\Quarantine\4C2D6A4E.zip ZIP: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\4C2D6A4E.zip CryptFF: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\4DF77612.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\4DF77612.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\4DF77612.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\4DF77612.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Program Files\Norton AntiVirus\Quarantine\4DF77612.zip ZIP: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\4DF77612.zip CryptFF: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\55604BB5 Infected: Worm.Win32.VB.an skipped C:\Program Files\Norton AntiVirus\Quarantine\5D2E3091.exe Infected: P2P-Worm.Win32.Krepper.c skipped C:\Program Files\Norton AntiVirus\Quarantine\733052CD Infected: Worm.Win32.VB.an skipped C:\Program Files\Norton AntiVirus\Quarantine\78037E88.exe Infected: P2P-Worm.Win32.Krepper.c skipped C:\Program Files\Norton AntiVirus\Quarantine\7E6A537C.exe Infected: Trojan-Downloader.Win32.Small.on skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP113\A0025388.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP113\A0025389.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP113\A0025390.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP113\A0025391.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0028491.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0028492.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0029408.dll Infected: Trojan-Downloader.Win32.Zlob.aae skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0029409.exe Infected: Trojan-Downloader.Win32.Zlob.aai skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0030408.dll Infected: Trojan-Downloader.Win32.Zlob.aae skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0030409.exe Infected: Trojan-Downloader.Win32.Zlob.aai skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0031408.dll Infected: Trojan-Downloader.Win32.Zlob.aae skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0031409.exe Infected: Trojan-Downloader.Win32.Zlob.aai skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0031415.exe Infected: Trojan-Downloader.Win32.Zlob.aag skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0031416.exe Infected: Trojan-Downloader.Win32.Zlob.aae skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0031420.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0032518.sys Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0035519.sys Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0036521.dll Infected: not-virus:Hoax.Win32.Renos.dw skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0036535.dll Infected: not-virus:Hoax.Win32.Renos.dw skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0036537.exe Infected: Trojan-Downloader.Win32.PurityScan.cr skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041817.dll Infected: Packed.Win32.Klone.g skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041886.exe Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041887.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041888.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041889.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041890.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041891.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041892.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041893.exe Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041894.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041895.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041896.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041897.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041898.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041899.exe Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041900.dll Infected: Trojan-Downloader.Win32.Zlob.aae skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041941.sys Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP118\change.log Object is locked skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP46\A0000981.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP47\A0000988.exe Infected: Trojan-Clicker.Win32.Delf.dm skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. |
|
|
|
|
07-27-2006, 10:04 AM
|
#47 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,429
OS: N/A
|
Quote:
Please refer to post #31 for the recommended settings Before doing the scan again, please . . . Locate and delete the following files/folders: (make sure you get ALL of them)
__________________
Question - what have you done for the community today? |
|
|
|
|
|
07-27-2006, 11:17 AM
|
#49 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 33
OS: XP
|
OK, here's the new and improved kaspersky report.
 -------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, July 27, 2006 1:14:59 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 27/07/2006 Kaspersky Anti-Virus database records: 210321 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan Statistics Total number of scanned objects 60107 Number of viruses found 39 Number of infected objects 135 / 0 Number of suspicious objects 4 Duration of the scan process 00:53:23 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip/actalert.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Desktop\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped C:\Documents and Settings\Owner\Desktop\OiUninstaller.exe NSIS: infected - 1 skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006072720060728\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_840.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DF60E0.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\UserData\index.dat Object is locked skipped C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped C:\Movies\MsnMsgr.txt Object is locked skipped C:\Movies II\Easydvdx Propack\Burn4Free_Setup.exe/data0006/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped C:\Movies II\Easydvdx Propack\Burn4Free_Setup.exe/data0006/v2.0.4.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack\Burn4Free_Setup.exe/data0006/v2.0.4.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack\Burn4Free_Setup.exe/data0006/v2.0.4.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack\Burn4Free_Setup.exe/data0006/v2.0.4.cab Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack\Burn4Free_Setup.exe/data0006 Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack\Burn4Free_Setup.exe Inno: infected - 6 skipped C:\Movies II\Easydvdx Propack.zip/Burn4Free_Setup.exe/data0006/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped C:\Movies II\Easydvdx Propack.zip/Burn4Free_Setup.exe/data0006/v2.0.4.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack.zip/Burn4Free_Setup.exe/data0006/v2.0.4.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack.zip/Burn4Free_Setup.exe/data0006/v2.0.4.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack.zip/Burn4Free_Setup.exe/data0006/v2.0.4.cab Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack.zip/Burn4Free_Setup.exe/data0006 Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack.zip/Burn4Free_Setup.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\Movies II\Easydvdx Propack.zip ZIP: infected - 7 skipped C:\My Downloads\BitDefender Professional v6.4.x cracked.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped C:\My Downloads\BitDefender Professional v6.4.x cracked.exe/cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\My Downloads\BitDefender Professional v6.4.x cracked.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.kd skipped C:\My Downloads\BitDefender Professional v6.4.x cracked.exe/spoolsv32.exe Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped C:\My Downloads\BitDefender Professional v6.4.x cracked.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\My Downloads\BitDefender Professional v6.4.x cracked.exe SetupFactory: infected - 5 skipped C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe/cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.kd skipped C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe/spoolsv32.exe Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe SetupFactory: infected - 5 skipped C:\My Downloads\US BitDefender Professional v6.4.x crack.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\Program Files\NoAdware4\NoAdwareBackup\7,22,2006_12,47,24.zip/!update.exe Suspicious: Password-protected-EXE skipped C:\Program Files\NoAdware4\NoAdwareBackup\7,22,2006_12,47,24.zip ZIP: suspicious - 1 skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc1.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc10.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc10.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc10.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc10.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc10.zip ZIP: infected - 4 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc10.zip CryptFF: infected - 4 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc11.exe Infected: P2P-Worm.Win32.Krepper.c skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc12.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc12.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc12.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc12.zip ZIP: infected - 3 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc12.zip CryptFF: infected - 3 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc13 Infected: Worm.Win32.VB.an skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc14 Infected: Worm.Win32.VB.an skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc15 Infected: Worm.Win32.VB.an skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc16.htm Infected: Trojan-Downloader.JS.IstBar.k skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc18 Infected: Worm.Win32.VB.an skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc19 Infected: Worm.Win32.VB.an skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc20.exe Infected: P2P-Worm.Win32.Krepper.c skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc21.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc21.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc21.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc21.zip ZIP: infected - 3 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc21.zip CryptFF: infected - 3 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc22 Infected: Worm.Win32.VB.an skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc23.exe Infected: Trojan-Downloader.Win32.Small.on skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc3.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc3.exe/cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc3.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.kd skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc3.exe/spoolsv32.exe Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc3.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc3.exe SetupFactory: infected - 5 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc4.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc4.exe/cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc4.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.kd skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc4.exe/spoolsv32.exe Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc4.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc4.exe SetupFactory: infected - 5 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc5 Infected: Worm.Win32.VB.an skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc6.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc6.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc6.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc6.zip ZIP: infected - 3 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc6.zip CryptFF: infected - 3 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc7.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc7.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc7.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc7.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc7.zip ZIP: infected - 4 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc7.zip CryptFF: infected - 4 skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc8.exe Infected: P2P-Worm.Win32.Krepper.c skipped C:\RECYCLER\S-1-5-21-1920598257-2491552050-16476969-1003\Dc9.exe Infected: Trojan-Downloader.Win32.Small.on skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP106\A0011384.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP106\A0011385.dll Infected: not-a-virus:AdWare.Win32.Agent.c skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP106\A0011386.exe Infected: not-a-virus:AdWare.Win32.180Solutions.an skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP106\A0012374.dll Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP113\A0025388.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP113\A0025389.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP113\A0025390.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP113\A0025391.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0028491.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0028492.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0029408.dll Infected: Trojan-Downloader.Win32.Zlob.aae skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0029409.exe Infected: Trojan-Downloader.Win32.Zlob.aai skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0030408.dll Infected: Trojan-Downloader.Win32.Zlob.aae skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0030409.exe Infected: Trojan-Downloader.Win32.Zlob.aai skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0031408.dll Infected: Trojan-Downloader.Win32.Zlob.aae skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0031409.exe Infected: Trojan-Downloader.Win32.Zlob.aai skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0031415.exe Infected: Trojan-Downloader.Win32.Zlob.aag skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0031416.exe Infected: Trojan-Downloader.Win32.Zlob.aae skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0031420.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP114\A0032518.sys Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0035519.sys Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0036521.dll Infected: not-virus:Hoax.Win32.Renos.dw skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0036533.exe Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0036535.dll Infected: not-virus:Hoax.Win32.Renos.dw skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0036536.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0036537.exe Infected: Trojan-Downloader.Win32.PurityScan.cr skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0036538.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP115\A0038550.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041816.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041817.dll Infected: Packed.Win32.Klone.g skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041886.exe Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041887.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041888.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041889.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041890.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041891.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041892.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041893.exe Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041894.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041895.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041896.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041897.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041898.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041899.exe Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041900.dll Infected: Trojan-Downloader.Win32.Zlob.aae skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP116\A0041941.sys Infected: Trojan.Win32.Agent.ny skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP118\change.log Object is locked skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP46\A0000981.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP47\A0000988.exe Infected: Trojan-Clicker.Win32.Delf.dm skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP50\A0001018.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP50\A0001019.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP50\A0001024.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. |
|
|
|
|
07-27-2006, 11:23 AM
|
#50 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,429
OS: N/A
|
PLEASE delete all of these files.
C:\Movies II\Easydvdx Propack\Burn4Free_Setup.exe C:\Movies II\Easydvdx Propack.zip C:\My Downloads\BitDefender Professional v6.4.x cracked.exe C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe C:\My Downloads\US BitDefender Professional v6.4.x crack.exe Then show me a new HJT log. Let me know how the machine is behaving now
__________________
Question - what have you done for the community today? |
|
|
|
|
07-27-2006, 11:54 AM
|
#51 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 33
OS: XP
|
I did deleted the following when you asked me to in your last post.
C:\My Downloads\BitDefender Professional v6.4.x cracked.exe C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe C:\My Downloads\US BitDefender Professional v6.4.x crack.exe Somehow they came back. Not sure how that's possible but they did. Here's the latest HJT log: ------------------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 1:54:05 PM, on 7/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\DVD burner2\tray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ePrompter\ePrompter.exe C:\Program Files\MemoKit\memokit2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hardwood Spades\spades.exe C:\Documents and Settings\Owner\Desktop\HJT.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.202.240.48:3128:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [tray.exe] "C:\DVD burner2\tray.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart O4 - HKLM\..\Run: [mssync20] C:\WINDOWS\system32\mssync20.exe O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\RunServices: [mssync20] C:\WINDOWS\system32\mssync20.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [mssync20] C:\WINDOWS\system32\mssync20.exe O4 - HKCU\..\RunServices: [mssync20] C:\WINDOWS\system32\mssync20.exe O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab46479.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/eng/solitaire_2_0_0_18.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_67.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49...k/bjattack.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {63B3EC14-9F70-4129-B935-46EFB37013E8} (HPStamper Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143637503812 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45...o/wordmojo.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49...ed/haunted.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab46704.cab O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab36107.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46...s/wwspades.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323 O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51...ol/h2hpool.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe |
|
|
|
|
07-27-2006, 12:16 PM
|
#52 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,429
OS: N/A
|
Before proceeding, please disable Ewido's real-time scanner, as it hinders the removal of some entries.
You can re-enable it when you're clean. To disable Ewido's real-time scanner:
Then have hijackthis fix these: O4 - HKLM\..\RunServices: [mssync20] C:\WINDOWS\system32\mssync20.exe O4 - HKCU\..\Run: [mssync20] C:\WINDOWS\system32\mssync20.exe O4 - HKCU\..\RunServices: [mssync20] C:\WINDOWS\system32\mssync20.exe Quote:
__________________
Question - what have you done for the community today? Last edited by sUBs; 07-27-2006 at 12:18 PM. |
|
|
|
|
|
07-27-2006, 12:31 PM
|
#53 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 33
OS: XP
|
After reboot I checked for the following files:
C:\My Downloads\BitDefender Professional v6.4.x cracked.exe C:\My Downloads\Deutsch BitDefender Professional v6.4.x crack.exe C:\My Downloads\US BitDefender Professional v6.4.x crack.exe They have disappeared. Here's the lates HJT log: --------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 2:30:43 PM, on 7/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\UAService7.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\DVD burner2\tray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ePrompter\ePrompter.exe C:\Program Files\MemoKit\memokit2.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\HJT.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.202.240.48:3128:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [tray.exe] "C:\DVD burner2\tray.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart O4 - HKLM\..\Run: [mssync20] C:\WINDOWS\system32\mssync20.exe O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab46479.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/eng/solitaire_2_0_0_18.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_67.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49...k/bjattack.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {63B3EC14-9F70-4129-B935-46EFB37013E8} (HPStamper Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143637503812 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45...o/wordmojo.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49...ed/haunted.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab46704.cab O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab36107.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46...s/wwspades.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323 O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51...ol/h2hpool.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe |
|
|
|
|
07-27-2006, 12:38 PM
|
#54 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,429
OS: N/A
|
Did you miss this entry while you performed the HJT fixes?
O4 - HKLM\..\Run: [mssync20] C:\WINDOWS\system32\mssync20.exe I noticed that Ewido Guard (Resident shield) is running. That may have restored the entry
__________________
Question - what have you done for the community today? |
|
|
|
|
07-27-2006, 12:47 PM
|
#55 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 33
OS: XP
|
I unticked Ewido Guard Resident shield just as you said and it didn't show up in the tray upon reboot. I also checked to see if it was still unticked and it is/was. I exited Ewido and ran a new HJT log.
Also, I did delete that mssync20 file. It came back on it's own after reboot. ----------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 2:46:43 PM, on 7/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\UAService7.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\DVD burner2\tray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ePrompter\ePrompter.exe C:\Program Files\MemoKit\memokit2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\HJT.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.202.240.48:3128:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [tray.exe] "C:\DVD burner2\tray.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart O4 - HKLM\..\Run: [Easy SpyRemover] C:\Program Files\Easy SpyRemover\EasySpyRemover.exe /smart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab46479.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/eng/solitaire_2_0_0_18.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_67.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49...k/bjattack.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {63B3EC14-9F70-4129-B935-46EFB37013E8} (HPStamper Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143637503812 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45...o/wordmojo.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v49...ed/haunted.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab46704.cab O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v45/wof/wof.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab36107.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46...s/wwspades.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323 O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51...ol/h2hpool.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe |
|
|
|
|
07-27-2006, 12:53 PM
|
#56 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,429
OS: N/A
|
Quote:
__________________
Question - what have you done for the community today? |
|
|
|
|
|
07-27-2006, 01:08 PM
|
#58 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,429
OS: N/A
|
If it's an entry, it's a small problem. If file, that means the infection has regenerated.
Quote:
Click Start → Run - type SERVICES.MSC & then click on the OK button
Psst. dont tell anyone I taught you this  Your system is clean. Kindly follow these simple steps in order to keep your computer clean and secure:
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein After doing all these, your system will be optimised against future threats. It's okay to delete the Hijack This folder in a couple weeks if everything is working okay. Have a safe & happy computing day.  Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Question - what have you done for the community today? |
|
|
|
|
|
07-27-2006, 01:36 PM
|
#59 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 33
OS: XP
|
Whew..!! ...And to think it only took 3 pages and 58 posts to fix the problem.
Amazing. You really know your stuff. Thank you so much.I know where I got the virus and that was at an autosurf site where you surf like 12 pages and get paid for it. Unfortunately some nasty people submit pages with trojans. I will now only surf using the Firefox browser you mentioned. I was told to do that before but didn't listen. How was I to know.  Anyway, thx again. Really enjoyed your subtle sense of humor as well. 
|
|
|
|
| Thread Tools | |
|
|
