- Messages
- 2,875
- Reaction score
- 827
- Points
- 818
- Thread Starter
- #301
Re: Symbianize Lab
Run ComboFix in safemode and post the log here. .
Hi po. Maraming po sa effort na nilalaan nyo para sa mga ka-symbianizers na katulad ko.
Boss, paannalyze din po ako. Salamat po.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:02:37 AM, on 5/1/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\RTHDCPL.exe
C:\Windows\System32\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\neo\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DFX\DFX.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Users\neo\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Program Files\DFX\Universal\Apps\dfxItunesSong.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\neo\Desktop\MDMA.exe
C:\Users\neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\neo\Desktop\Internet\UKNOW\UKNOW.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Users\neo\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Privacy SafeGuard - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\system32\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl11] "C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe"
O4 - HKLM\..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\niupdate.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\SMART BRO\UIExec.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [F.lux] "C:\Users\neo\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\neo\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: DFX.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A3476F6-7ACC-458E-A6B4-C8C21951BC2A}: NameServer = 10.1.8.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7c5e60b1-349e-419e-bcd9-7a7df4eb8eae}: NameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E3FBE4-22C9-495C-8859-6BF904EFE158}: NameServer = 10.36.128.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAC8345C-FEFF-4586-8ADF-3F50530CEDDB}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
--
End of file - 10557 bytes
Run ComboFix in safemode and post the log here. .
Last edited: