ladigital
2009-06-10, 16:11
Hi, I'm an IT Tech on a computer network.
On one of my computers, if I open My Computer and right click on any drive I get the error message: "Error Registry Access Denied". When I click OK, the error disappears and I'm given the list of right click options. ...? Also, I'm sporadically getting "Runtime Error 216", which I Googled and found it was related to the Subseven Trojan.
I'm also getting one of the other symptoms of Subseven on another computer on the network: the CD drive will randomly open.
We've got Symantec 11.4 installed over the network, but I've also used BartPE to run McAfee, and I've run Spybot, Malwarebytes, HijackThis, and ComboFix. I've been going round and round with this thing, so a fresh perspective will be welcome.
Here is the ComboFix log for the first computer (the one getting the Registry Access Denied error):
ComboFix 09-06-09.06 - admin 06/09/2009 17:26.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1673 [GMT -5:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\system32\bszip.dll
c:\winnt\system32\msfontsbs.dll
c:\winnt\system32\mssockqc.dll
c:\winnt\system32\tmp.reg
c:\winnt\system32\wlzxnte.dll
c:\winnt\system32\wpnt.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.
2009-06-09 22:23 . 2009-06-09 22:23 -------- d-----w- c:\program files\Trend Micro
2009-06-01 13:06 . 2009-06-01 13:06 -------- d-----w- c:\program files\ZipX
2009-06-01 12:56 . 2009-06-01 12:56 -------- d-----w- c:\program files\XAce
2009-05-14 22:59 . 2009-05-14 22:59 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2009-05-14 22:59 . 2009-04-06 20:32 15504 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-05-14 22:59 . 2009-04-06 20:32 38496 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-05-14 22:59 . 2009-05-14 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-14 22:59 . 2009-05-14 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-11 17:25 . 2009-05-11 18:49 -------- d-----w- c:\temp\09-05-11
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 20:44 . 2003-11-18 15:16 -------- d-----w- c:\documents and settings\admin\Application Data\AdobeUM
2009-06-09 17:19 . 2009-01-13 17:02 685 ----a-w- c:\program files\PlanroomLoader.exe.config
2009-06-08 21:19 . 2008-10-20 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-08 18:40 . 2003-11-15 16:22 -------- d-----w- c:\program files\AutoCAD R14
2009-06-07 23:00 . 2008-01-18 23:28 -------- d-----w- c:\program files\Norton Security Scan
2009-06-05 13:48 . 2009-04-29 08:07 1144440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-27 14:32 . 2004-11-16 16:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 16:13 . 2007-03-09 23:09 -------- d-----w- c:\program files\FlashGet
2009-05-08 15:33 . 2009-05-08 15:33 -------- d-----w- c:\documents and settings\admin\Application Data\GlarySoft
2009-05-08 15:32 . 2009-05-08 15:32 -------- d-----w- c:\program files\Glary Utilities
2009-05-08 15:31 . 2009-05-08 15:31 -------- d-----w- c:\program files\Glary Registry Repair
2009-05-07 21:26 . 2007-03-07 18:08 -------- d-----w- c:\documents and settings\admin\Application Data\U3
2009-04-29 12:51 . 2003-11-15 23:37 -------- d-----w- c:\documents and settings\admin\Application Data\Autodesk
2009-04-29 12:51 . 2003-11-15 23:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\Autodesk
2009-04-24 22:16 . 2009-04-24 22:16 36864 ----a-w- c:\documents and settings\admin\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
2009-04-24 22:15 . 2009-04-24 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-24 22:08 . 2005-04-11 15:51 577760 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 22:01 . 2009-04-24 21:54 -------- d-----w- c:\program files\AutoCAD 2010
2009-04-24 22:01 . 2003-11-15 23:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-04-24 21:58 . 2009-04-24 21:58 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-04-24 21:52 . 2003-11-15 23:40 -------- d-----w- c:\program files\Autodesk
2009-04-14 22:35 . 2009-04-14 22:32 -------- d-----w- c:\program files\Windows Live
2009-04-14 22:35 . 2009-04-14 22:35 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-04-14 22:34 . 2009-04-14 22:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-04-14 22:33 . 2009-04-14 22:33 -------- d-----w- c:\program files\Microsoft
2009-04-14 22:32 . 2009-04-14 22:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-14 21:45 . 2009-04-14 21:45 -------- d-----w- c:\program files\Common Files\Windows Live
2009-03-31 12:42 . 2007-11-07 21:12 167376 ----a-w- c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ihemmnit.default\FlashGot.exe
2005-06-04 17:19 . 2005-03-06 17:32 45056 ----a-w- c:\program files\PlanroomLoader.exe
1999-12-03 03:29 . 1999-12-03 03:29 21952 ---ha-w- c:\program files\folder.htt
2001-12-03 23:09 . 2004-05-25 20:55 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-14_22.37.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-09 22:20 . 2009-06-09 22:20 16384 c:\winnt\Temp\Perflib_Perfdata_694.dat
+ 2009-05-15 12:37 . 2002-09-20 15:45 72720 c:\winnt\system32\spool\drivers\w32x86\acpdfui207.dll
+ 2007-02-20 15:43 . 2009-06-09 22:19 32768 c:\winnt\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-20 15:43 . 2009-05-14 22:36 32768 c:\winnt\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-20 15:43 . 2009-06-09 22:19 32768 c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-20 15:43 . 2009-05-14 22:36 32768 c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-02-20 15:43 . 2009-06-09 22:19 16384 c:\winnt\system32\config\systemprofile\Cookies\index.dat
- 2007-02-20 15:43 . 2009-05-14 22:36 16384 c:\winnt\system32\config\systemprofile\Cookies\index.dat
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 40960 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 40960 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-05-15 12:37 . 2002-09-20 15:45 123017 c:\winnt\system32\spool\drivers\w32x86\acpdf207.dll
- 2003-11-15 16:31 . 1998-10-29 22:45 306688 c:\winnt\IsUninst.exe
+ 2003-11-15 16:31 . 1998-10-29 21:45 306688 c:\winnt\IsUninst.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [2002-07-26 155648]
"HotKeysCmds"="c:\winnt\System32\hkcmd.exe" [2002-07-26 114688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560]
"NWTRAY"="NWTRAY.EXE" - c:\winnt\system32\nwtray.exe [2001-12-18 28672]
"RTHDCPL"="RTHDCPL.EXE" - c:\winnt\RTHDCPL.exe [2006-10-31 16269312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KIP\\10\\KIP Color\\rscanner.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kyocera\\KACT\\KACT.exe"=
"c:\\Program Files\\KIP\\Request\\kawpdft.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 PQV2i;PQV2i;c:\winnt\system32\drivers\PQV2i.sys [7/29/2004 4:33 AM 138780]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\winnt\system32\drivers\SI3112r.sys [10/10/2004 2:46 PM 90698]
S1 PQIMount;PQIMount;c:\winnt\system32\drivers\PQIMount.sys [7/29/2004 5:13 AM 46779]
S2 fssfltr;FssFltr;c:\winnt\system32\drivers\fssfltr_tdi.sys [4/14/2009 5:35 PM 55152]
S3 bcm4sbe5;Broadcom 440x 10/100 Integrated Controller Driver;c:\winnt\system32\drivers\bcm4sbe5.sys [10/10/2004 2:50 PM 43802]
S3 COH_Mon;COH_Mon;\??\c:\winnt\system32\Drivers\COH_Mon.sys --> c:\winnt\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 8:46 PM 101936]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 MapMem;MapMem;c:\winnt\system32\drivers\MAPMEM.SYS [9/9/2008 8:55 AM 18464]
S3 MASSREADER;%MASSREADER.SvcDesc%;c:\winnt\system32\drivers\CAMUSB.SYS [4/9/2005 12:49 PM 84524]
S3 NUVision;NUVision II Video Service;c:\winnt\system32\drivers\nuvvid2.sys [12/21/2004 12:28 PM 153760]
S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [10/10/2004 2:38 PM 24784]
S3 tgiul50;tgiul50;c:\winnt\system32\drivers\tgiulnt5.sys [7/17/2007 11:06 AM 138528]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2/19/2007 6:36 PM 49776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-06-03 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2009-06-09 c:\winnt\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-08 14:49]
2009-06-09 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 23:55]
2009-06-09 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-688789844-839522115-1001.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 13:51]
2009-06-07 c:\winnt\Tasks\Norton Security Scan for admin.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]
2009-06-08 c:\winnt\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
Trusted Zone: isqft.com\www
Trusted Zone: isqft.com\www
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ihemmnit.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 17:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
"ImagePath"="a"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\=*‘|°b4]
"DisplayName"="?\11??"
"DeviceDesc"="?\11??"
"ProviderName"=""
"MFG"="????®"
"ReinstallString"="c:\\WINNT\\System32\\ReinstallBackups\\=???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(536)
c:\winnt\system32\Ati2evxx.dll
c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll
c:\winnt\system32\NLS\ENGLISH\MAPBASER.DLL
c:\winnt\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\winnt\system32\NLS\ENGLISH\NOVNPNTR.DLL
.
Completion time: 2009-06-09 17:33
ComboFix-quarantined-files.txt 2009-06-09 22:33
ComboFix2.txt 2009-05-14 22:41
Pre-Run: 64,889,962,496 bytes free
Post-Run: 65,067,098,112 bytes free
285 --- E O F --- 2009-05-13 08:05
Here is the HijackThis log for the first computer (the one getting the Registry Access Denied error):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:09:24, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINNT\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINNT\system32\SearchIndexer.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\RTHDCPL.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\KIP\Request\WinReq.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinNc.Net\Winnc.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton Ghost - Unknown owner - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe (file missing)
--
End of file - 8979 bytes
On one of my computers, if I open My Computer and right click on any drive I get the error message: "Error Registry Access Denied". When I click OK, the error disappears and I'm given the list of right click options. ...? Also, I'm sporadically getting "Runtime Error 216", which I Googled and found it was related to the Subseven Trojan.
I'm also getting one of the other symptoms of Subseven on another computer on the network: the CD drive will randomly open.
We've got Symantec 11.4 installed over the network, but I've also used BartPE to run McAfee, and I've run Spybot, Malwarebytes, HijackThis, and ComboFix. I've been going round and round with this thing, so a fresh perspective will be welcome.
Here is the ComboFix log for the first computer (the one getting the Registry Access Denied error):
ComboFix 09-06-09.06 - admin 06/09/2009 17:26.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1673 [GMT -5:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\system32\bszip.dll
c:\winnt\system32\msfontsbs.dll
c:\winnt\system32\mssockqc.dll
c:\winnt\system32\tmp.reg
c:\winnt\system32\wlzxnte.dll
c:\winnt\system32\wpnt.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.
2009-06-09 22:23 . 2009-06-09 22:23 -------- d-----w- c:\program files\Trend Micro
2009-06-01 13:06 . 2009-06-01 13:06 -------- d-----w- c:\program files\ZipX
2009-06-01 12:56 . 2009-06-01 12:56 -------- d-----w- c:\program files\XAce
2009-05-14 22:59 . 2009-05-14 22:59 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2009-05-14 22:59 . 2009-04-06 20:32 15504 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-05-14 22:59 . 2009-04-06 20:32 38496 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-05-14 22:59 . 2009-05-14 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-14 22:59 . 2009-05-14 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-11 17:25 . 2009-05-11 18:49 -------- d-----w- c:\temp\09-05-11
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 20:44 . 2003-11-18 15:16 -------- d-----w- c:\documents and settings\admin\Application Data\AdobeUM
2009-06-09 17:19 . 2009-01-13 17:02 685 ----a-w- c:\program files\PlanroomLoader.exe.config
2009-06-08 21:19 . 2008-10-20 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-08 18:40 . 2003-11-15 16:22 -------- d-----w- c:\program files\AutoCAD R14
2009-06-07 23:00 . 2008-01-18 23:28 -------- d-----w- c:\program files\Norton Security Scan
2009-06-05 13:48 . 2009-04-29 08:07 1144440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-27 14:32 . 2004-11-16 16:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 16:13 . 2007-03-09 23:09 -------- d-----w- c:\program files\FlashGet
2009-05-08 15:33 . 2009-05-08 15:33 -------- d-----w- c:\documents and settings\admin\Application Data\GlarySoft
2009-05-08 15:32 . 2009-05-08 15:32 -------- d-----w- c:\program files\Glary Utilities
2009-05-08 15:31 . 2009-05-08 15:31 -------- d-----w- c:\program files\Glary Registry Repair
2009-05-07 21:26 . 2007-03-07 18:08 -------- d-----w- c:\documents and settings\admin\Application Data\U3
2009-04-29 12:51 . 2003-11-15 23:37 -------- d-----w- c:\documents and settings\admin\Application Data\Autodesk
2009-04-29 12:51 . 2003-11-15 23:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\Autodesk
2009-04-24 22:16 . 2009-04-24 22:16 36864 ----a-w- c:\documents and settings\admin\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
2009-04-24 22:15 . 2009-04-24 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-24 22:08 . 2005-04-11 15:51 577760 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 22:01 . 2009-04-24 21:54 -------- d-----w- c:\program files\AutoCAD 2010
2009-04-24 22:01 . 2003-11-15 23:29 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-04-24 21:58 . 2009-04-24 21:58 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-04-24 21:52 . 2003-11-15 23:40 -------- d-----w- c:\program files\Autodesk
2009-04-14 22:35 . 2009-04-14 22:32 -------- d-----w- c:\program files\Windows Live
2009-04-14 22:35 . 2009-04-14 22:35 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-04-14 22:34 . 2009-04-14 22:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-04-14 22:33 . 2009-04-14 22:33 -------- d-----w- c:\program files\Microsoft
2009-04-14 22:32 . 2009-04-14 22:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-14 21:45 . 2009-04-14 21:45 -------- d-----w- c:\program files\Common Files\Windows Live
2009-03-31 12:42 . 2007-11-07 21:12 167376 ----a-w- c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ihemmnit.default\FlashGot.exe
2005-06-04 17:19 . 2005-03-06 17:32 45056 ----a-w- c:\program files\PlanroomLoader.exe
1999-12-03 03:29 . 1999-12-03 03:29 21952 ---ha-w- c:\program files\folder.htt
2001-12-03 23:09 . 2004-05-25 20:55 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-14_22.37.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-09 22:20 . 2009-06-09 22:20 16384 c:\winnt\Temp\Perflib_Perfdata_694.dat
+ 2009-05-15 12:37 . 2002-09-20 15:45 72720 c:\winnt\system32\spool\drivers\w32x86\acpdfui207.dll
+ 2007-02-20 15:43 . 2009-06-09 22:19 32768 c:\winnt\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-20 15:43 . 2009-05-14 22:36 32768 c:\winnt\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-20 15:43 . 2009-06-09 22:19 32768 c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-20 15:43 . 2009-05-14 22:36 32768 c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-02-20 15:43 . 2009-06-09 22:19 16384 c:\winnt\system32\config\systemprofile\Cookies\index.dat
- 2007-02-20 15:43 . 2009-05-14 22:36 16384 c:\winnt\system32\config\systemprofile\Cookies\index.dat
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 40960 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 40960 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 49152 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2004-12-13 15:22 . 2009-05-15 12:37 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
- 2004-12-13 15:22 . 2007-04-11 14:34 65536 c:\winnt\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-05-15 12:37 . 2002-09-20 15:45 123017 c:\winnt\system32\spool\drivers\w32x86\acpdf207.dll
- 2003-11-15 16:31 . 1998-10-29 22:45 306688 c:\winnt\IsUninst.exe
+ 2003-11-15 16:31 . 1998-10-29 21:45 306688 c:\winnt\IsUninst.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [2002-07-26 155648]
"HotKeysCmds"="c:\winnt\System32\hkcmd.exe" [2002-07-26 114688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560]
"NWTRAY"="NWTRAY.EXE" - c:\winnt\system32\nwtray.exe [2001-12-18 28672]
"RTHDCPL"="RTHDCPL.EXE" - c:\winnt\RTHDCPL.exe [2006-10-31 16269312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KIP\\10\\KIP Color\\rscanner.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kyocera\\KACT\\KACT.exe"=
"c:\\Program Files\\KIP\\Request\\kawpdft.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 PQV2i;PQV2i;c:\winnt\system32\drivers\PQV2i.sys [7/29/2004 4:33 AM 138780]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\winnt\system32\drivers\SI3112r.sys [10/10/2004 2:46 PM 90698]
S1 PQIMount;PQIMount;c:\winnt\system32\drivers\PQIMount.sys [7/29/2004 5:13 AM 46779]
S2 fssfltr;FssFltr;c:\winnt\system32\drivers\fssfltr_tdi.sys [4/14/2009 5:35 PM 55152]
S3 bcm4sbe5;Broadcom 440x 10/100 Integrated Controller Driver;c:\winnt\system32\drivers\bcm4sbe5.sys [10/10/2004 2:50 PM 43802]
S3 COH_Mon;COH_Mon;\??\c:\winnt\system32\Drivers\COH_Mon.sys --> c:\winnt\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 8:46 PM 101936]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 MapMem;MapMem;c:\winnt\system32\drivers\MAPMEM.SYS [9/9/2008 8:55 AM 18464]
S3 MASSREADER;%MASSREADER.SvcDesc%;c:\winnt\system32\drivers\CAMUSB.SYS [4/9/2005 12:49 PM 84524]
S3 NUVision;NUVision II Video Service;c:\winnt\system32\drivers\nuvvid2.sys [12/21/2004 12:28 PM 153760]
S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [10/10/2004 2:38 PM 24784]
S3 tgiul50;tgiul50;c:\winnt\system32\drivers\tgiulnt5.sys [7/17/2007 11:06 AM 138528]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2/19/2007 6:36 PM 49776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-06-03 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2009-06-09 c:\winnt\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-08 14:49]
2009-06-09 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 23:55]
2009-06-09 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-688789844-839522115-1001.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 13:51]
2009-06-07 c:\winnt\Tasks\Norton Security Scan for admin.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]
2009-06-08 c:\winnt\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
Trusted Zone: isqft.com\www
Trusted Zone: isqft.com\www
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\ihemmnit.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 17:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
"ImagePath"="a"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\=*‘|°b4]
"DisplayName"="?\11??"
"DeviceDesc"="?\11??"
"ProviderName"=""
"MFG"="????®"
"ReinstallString"="c:\\WINNT\\System32\\ReinstallBackups\\=???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(536)
c:\winnt\system32\Ati2evxx.dll
c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll
c:\winnt\system32\NLS\ENGLISH\MAPBASER.DLL
c:\winnt\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\winnt\system32\NLS\ENGLISH\NOVNPNTR.DLL
.
Completion time: 2009-06-09 17:33
ComboFix-quarantined-files.txt 2009-06-09 22:33
ComboFix2.txt 2009-05-14 22:41
Pre-Run: 64,889,962,496 bytes free
Post-Run: 65,067,098,112 bytes free
285 --- E O F --- 2009-05-13 08:05
Here is the HijackThis log for the first computer (the one getting the Registry Access Denied error):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:09:24, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINNT\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINNT\system32\SearchIndexer.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\RTHDCPL.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\KIP\Request\WinReq.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinNc.Net\Winnc.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton Ghost - Unknown owner - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe (file missing)
--
End of file - 8979 bytes