Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Recurring Darksma downloader

Started by JetKit , Mar 14 2008 10:12 PM

  • Please log in to reply

#1
JetKit
Posted 14 March 2008 - 10:12 PM

JetKit

    New Member

  • Member
  • Pip
  • 1 posts
Ca has flagged and quarantined. VundoFix removed few recurrences.
This afternoon, flagged again.
Here is my log:

Deckard's System Scanner v20071014.68
Run by Andre on 2008-03-14 23:45:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-03-15 03:46:11 UTC - RP13 - Deckard's System Scanner Restore Point
12: 2008-03-14 22:27:50 UTC - RP12 - Installed CA Desktop DNA Migrator
11: 2008-03-14 22:26:14 UTC - RP11 - Installed CA Parental Controls
10: 2008-03-13 13:56:29 UTC - RP10 - Installed Ad-Aware 2007
9: 2008-03-12 01:57:13 UTC - RP9 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-03-11 12:44:28 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Andre.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:34 PM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\DOCUMENTS\Downloads\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\DOCUME~1\Andre\Desktop\Andre.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkmcreative.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {01669be4-3f87-b49a-6774-773e8f38aab3} - {3baa83f8-e377-4776-a94b-78f34eb96610} - C:\WINDOWS\system32\cfeswcpp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O2 - BHO: (no name) - {F60AD3DF-A52E-49F6-8C03-F7483ED2C032} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O2 - BHO: (no name) - {FC9F68DA-8485-41AA-9EA3-FA7C639DC486} - C:\WINDOWS\system32\awttqpo.dll (file missing)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [BM7327c509] Rundll32.exe "C:\WINDOWS\system32\xoeitpkp.dll",s
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202422383562
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
O24 - Desktop Component 0: (no name) - D:\DOCUMENTS\Personal\mr2\FERRARI.jpg
O24 - Desktop Component 1: (no name) - D:\DOCUMENTS\My Pictures\Viagems e festas\Brasil\Claudia brasil Dez 07\SD530264.JPG
O24 - Desktop Component 2: (no name) - D:\DOCUMENTS\Personal\mr2\Pictures\mr2jul07_5.jpg
O24 - Desktop Component 3: (no name) - D:\DOCUMENTS\My Pictures\Family and friends\Photo_061005_001.jpg

--
End of file - 7569 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Andre\Desktop\backups\) ---------------

backup-20080206-210757-102 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
backup-20080206-210757-130 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
backup-20080206-210757-664 O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
backup-20080206-210757-778 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
backup-20080206-210757-779 O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
backup-20080206-210757-808 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
backup-20080206-210757-881 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
backup-20080206-210757-931 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080206-210758-135 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201133599859
backup-20080206-210758-273 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080206-210758-303 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080206-210758-716 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
backup-20080311-230522-104 O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080311-230522-110 O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080311-230522-259 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
backup-20080311-230522-350 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080311-230522-382 O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080311-230522-534 O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
backup-20080311-230522-560 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080311-230522-570 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
backup-20080311-230522-587 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20080311-230522-649 O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
backup-20080311-230522-653 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (file missing)
backup-20080311-230522-745 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080311-230522-848 O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
backup-20080311-230522-858 O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

-- File Associations -----------------------------------------------------------

.scr - AutoCADLTScriptFile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 bpfinder (BACKPACK Finder) - c:\windows\system32\drivers\bpfinder.sys <Not Verified; Micro Solutions, Inc.; BACKPACK Finder>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R3 bpflt (BACKPACK Filter) - c:\windows\system32\drivers\bpflt.sys <Not Verified; Micro Solutions, Inc.; BACKPACK Filter>
R3 bpusbflt (BACKPACK USB Filter) - c:\windows\system32\drivers\bpusbflt.sys <Not Verified; Micro Solutions, Inc.; BACKPACK USB Filter>

S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S3 bppccard (BACKPACK PC Card) - c:\windows\system32\drivers\bppccard.sys <Not Verified; Micro Solutions, Inc.; BACKPACK PC Card Driver>
S3 bppnpdrv (BACKPACK Driver) - c:\windows\system32\drivers\bppnpdrv.sys <Not Verified; Micro Solutions, Inc.; BACKPACK Plug and Play Driver>
S3 bpusbdrv (BACKPACK USB 1 Cable) - c:\windows\system32\drivers\bpusbdrv.sys <Not Verified; Micro Solutions, Inc.; BACKPACK USB Cable>
S3 btaudio (Bluetooth Audio Device) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 FXDRV - i:\fxdrv.sys (file missing)
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 rcvpn (SonicWALL VPN Adapter) - c:\windows\system32\drivers\rcvpn.sys (file missing)
S3 SaiNtBus - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>
S3 W8335XP (NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)) - c:\windows\system32\drivers\wg311v3xp.sys (file missing)
S3 XIRLINK (IBM PC Camera) - c:\windows\system32\drivers\c-itnt.sys <Not Verified; Xirlink, Inc; Xirlink Digital Video PC Camera>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 WinSvchostManager (WinSock Svchost Manager) - c:\windows\system32\svcprs32.exe

S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-02-14 and 2008-03-14 -----------------------------

2008-03-14 18:43:56 6 --a------ C:\WINDOWS\system32\mkghj.dll
2008-03-14 18:27:08 0 d-------- C:\Documents and Settings\Andre\Application Data\CallingID
2008-03-14 18:26:37 0 d-------- C:\Program Files\Common Files\Scanner
2008-03-14 18:26:17 2732032 --a------ C:\WINDOWS\system32\win32cpr.dll
2008-03-14 18:26:17 823296 --a------ C:\WINDOWS\system32\svcprs32.exe
2008-03-14 18:26:16 1564771 --a------ C:\WINDOWS\system32\winsflt.dll
2008-03-14 18:26:16 1212416 --a------ C:\WINDOWS\system32\mdmcls32.exe
2008-03-14 18:26:16 11333632 --a------ C:\WINDOWS\cfgmng32.exe
2008-03-14 18:26:15 1830912 --a------ C:\WINDOWS\system32\winsflte.dll <Not Verified; PureSight Inc; PureSight Classification SDK>
2008-03-14 18:26:10 0 d-------- C:\WINDOWS\rnapxs
2008-03-14 18:25:05 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-03-14 18:25:04 0 d-------- C:\Program Files\CA
2008-03-13 16:49:56 0 d-------- C:\VundoFix Backups
2008-03-13 10:07:20 0 d-------- C:\WINDOWS\CAVTemp
2008-03-13 09:56:32 0 d-------- C:\Program Files\Lavasoft
2008-03-13 09:56:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-13 09:55:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 09:47:56 93760 --a------ C:\WINDOWS\system32\cfeswcpp.dll
2008-03-13 09:44:55 86080 --a------ C:\WINDOWS\system32\wqirxomq.dll
2008-03-13 09:39:40 90176 --a------ C:\WINDOWS\system32\xoeitpkp.dll
2008-03-11 22:45:30 921632 --a------ C:\PA7311.DAT
2008-03-10 12:19:57 0 d-------- C:\Program Files\Acro Software
2008-03-10 12:19:47 40448 --a------ C:\WINDOWS\system32\gebabcc.dll
2008-03-10 11:26:02 0 d-------- C:\Documents and Settings\Andre\Application Data\Adobe
2008-03-09 19:59:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-09 18:18:08 40448 --a------ C:\WINDOWS\system32\gebbyay.dll
2008-03-09 17:58:46 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-09 17:58:15 0 d-------- C:\Program Files\Reference Assemblies
2008-03-09 17:56:11 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-03-09 17:42:10 40448 --a------ C:\WINDOWS\system32\awttsqq.dll
2008-03-09 16:40:53 9208 --ahs---- C:\WINDOWS\system32\rqtss.ini2
2008-03-09 16:30:41 40448 --a------ C:\WINDOWS\system32\ljjgfdb.dll
2008-03-09 16:16:53 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-09 16:02:17 40448 --a------ C:\WINDOWS\system32\iifcyya.dll
2008-03-08 15:27:16 0 d-------- C:\Documents and Settings\Andre\Application Data\wsInspector
2008-03-08 15:24:13 0 d-------- C:\Program Files\Startup Inspector for Windows
2008-03-05 16:44:42 0 d-------- C:\Program Files\Microsoft Works
2008-03-05 15:48:10 0 d-------- C:\Program Files\Common Files\Protexis
2008-03-05 15:48:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-03-05 15:45:59 0 d-------- C:\Program Files\Common Files\Corel
2008-03-05 14:47:01 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\A6C71A4801.sys
2008-03-05 14:47:00 2828 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-03-05 13:54:38 0 d-------- C:\Program Files\Corel
2008-03-05 13:53:20 0 d-------- C:\WINDOWS\Corel
2008-03-04 00:12:41 0 d-------- C:\Program Files\JKM Creative
2008-02-29 18:09:39 0 d-------- C:\p550
2008-02-29 18:07:58 0 d-------- C:\Program Files\IZArc
2008-02-29 17:40:16 0 d-------- C:\Documents and Settings\Andre\Application Data\BitTorrent
2008-02-29 17:39:48 0 d-------- C:\Program Files\DNA
2008-02-29 17:39:48 0 d-------- C:\Documents and Settings\Andre\Application Data\DNA
2008-02-29 17:39:47 0 d-------- C:\Program Files\BitTorrent
2008-02-23 14:57:43 0 d-------- C:\Backup
2008-02-18 20:19:35 157696 --a------ C:\WINDOWS\system32\OggEnc.exe
2008-02-18 20:19:35 145408 --a------ C:\WINDOWS\system32\Lame.exe
2008-02-18 20:19:35 76800 --a------ C:\WINDOWS\system32\Faac.exe
2008-02-18 20:19:31 920576 --a------ C:\WINDOWS\system32\AdjMmsEng.dll <Not Verified; MultiMedia Soft; adjstud Dynamic Link Library>
2008-02-18 20:19:31 0 d-------- C:\Program Files\Xenocode
2008-02-18 20:19:31 0 d-------- C:\Program Files\Audio Sound Recorder for .NET


-- Find3M Report ---------------------------------------------------------------

2008-03-14 18:26:37 0 d-------- C:\Program Files\Common Files
2008-03-14 18:26:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-12 22:35:50 0 d-------- C:\Documents and Settings\Andre\Application Data\Skype
2008-03-12 17:42:15 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-12 17:42:10 0 d-------- C:\Program Files\Analog Devices
2008-03-11 22:24:50 0 d-------- C:\Program Files\Symantec
2008-03-11 22:23:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-10 11:24:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-05 15:27:42 0 d-------- C:\Documents and Settings\Andre\Application Data\Corel
2008-02-23 22:18:32 0 d-------- C:\Program Files\IBM PC Camera
2008-02-22 14:05:03 0 d-------- C:\Program Files\Thumbs4
2008-02-21 20:03:30 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-13 20:18:11 0 d-------- C:\Program Files\FreePCB
2008-02-13 20:12:26 0 d-------- C:\Program Files\TinyCAD
2008-02-07 14:34:22 0 d-------- C:\Program Files\VIA
2008-02-07 09:34:09 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-02-06 17:06:48 0 d-------- C:\Program Files\SonicWallES
2008-02-05 18:26:45 0 d-------- C:\Program Files\Yahoo!
2008-02-05 18:11:28 0 d-------- C:\Documents and Settings\Andre\Application Data\SonicWALL
2008-02-05 18:08:36 0 d-------- C:\Program Files\Estimate Master
2008-02-05 17:58:17 0 d-------- C:\Documents and Settings\Andre\Application Data\Bullzip
2008-02-03 16:54:36 0 d-------- C:\Documents and Settings\Andre\Application Data\My Battle for Middle-earth Files
2008-02-03 13:11:02 0 d-------- C:\Program Files\EA GAMES
2008-01-28 20:53:05 0 d-------- C:\Program Files\MSDN
2008-01-23 20:20:34 0 d-------- C:\Program Files\MSXML 6.0
2008-01-23 19:56:24 0 d-------- C:\Program Files\Microsoft Silverlight


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3baa83f8-e377-4776-a94b-78f34eb96610}]
03/13/2008 09:47 AM 93760 --a------ C:\WINDOWS\system32\cfeswcpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F60AD3DF-A52E-49F6-8C03-F7483ED2C032}]
C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC9F68DA-8485-41AA-9EA3-FA7C639DC486}]
C:\WINDOWS\system32\awttqpo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [01/25/2008 12:40 PM]
"dvHighMem"="C:\WINDOWS\cfgmng32.exe" [11/14/2007 12:34 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [01/11/2008 09:30 PM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe" [03/14/2008 06:26 PM]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [01/24/2008 04:43 PM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [01/24/2008 04:43 PM]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [01/24/2008 04:43 PM]
"BM7327c509"="C:\WINDOWS\system32\xoeitpkp.dll" [03/13/2008 09:39 AM]
"CaPPcl"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [01/11/2008 06:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= D:\DOCUMENTS\Personal\mr2\FERRARI.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= D:\DOCUMENTS\My Pictures\Viagems e festas\Brasil\Claudia brasil Dez 07\SD530264.JPG
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= D:\DOCUMENTS\Personal\mr2\Pictures\mr2jul07_5.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= D:\DOCUMENTS\My Pictures\Family and friends\Photo_061005_001.jpg
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FC9F68DA-8485-41AA-9EA3-FA7C639DC486}"= C:\WINDOWS\system32\awttqpo.dll [ ]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll [10/15/2007 09:40 PM 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andre^Start Menu^Programs^Startup^Corel Registration.lnk]
path=C:\Documents and Settings\Andre\Start Menu\Programs\Startup\Corel Registration.lnk
backup=C:\WINDOWS\pss\Corel Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"C:\Program Files\Spyware Doctor\pctsTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PtiuPbmd]
Rundll32.exe ptipbm.dll,SetWriteBack

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrv"=2 (0x2)
"VETMSGNT"=2 (0x2)
"CAISafe"=2 (0x2)
"vsmon"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"NVSvc"=2 (0x2)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-03-14 23:52:23 ------------

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP