Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Darksam Help

Started by Postal Phil , May 02 2008 10:51 AM

  • This topic is locked This topic is locked

#1
Postal Phil
Posted 02 May 2008 - 10:51 AM

Postal Phil

    New Member

  • Member
  • Pip
  • 1 posts
Well I downloaded combofix and followed the instructions and now I still have the Darksam downloader but now I also have Bitfrost that is a backdoor and Kazaa which is a P2P

here are the new logs:

ComboFix 08-05-01.1 - P. R. Morgan 2008-05-02 11:18:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.693 [GMT -5:00]
Running from: C:\Documents and Settings\P. R. Morgan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.

2008-05-02 10:37 . 2008-05-02 10:38 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-01 12:50 . 2008-05-01 12:50 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-05-01 12:43 . 2008-05-01 12:43 <DIR> d-------- C:\VundoFix Backups
2008-05-01 11:18 . 2008-05-02 11:22 0 --a------ C:\WINDOWS\system.ini
2008-04-30 20:05 . 2008-04-30 20:05 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-30 16:54 . 2008-04-30 16:54 0 ---hs---- C:\WINDOWS\SC2DC5687.tmp
2008-04-30 16:24 . 2008-04-30 16:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-04-30 11:53 . 2008-04-30 11:53 <DIR> d-------- C:\Program Files\Uniblue
2008-04-30 11:53 . 2008-04-30 11:53 <DIR> d-------- C:\Documents and Settings\P. R. Morgan\Application Data\Uniblue
2008-04-30 08:34 . 2008-04-30 08:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-04-30 08:33 . 2008-05-01 12:50 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-30 08:33 . 2008-05-02 11:14 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
2008-04-26 14:49 . 2008-04-26 14:49 <DIR> d-------- C:\Program Files\PSP Max Media Manager Pro
2008-04-26 13:13 . 2008-04-26 14:20 <DIR> d-------- C:\Documents and Settings\P. R. Morgan\Application Data\Datel
2008-04-26 13:03 . 2008-04-26 13:03 <DIR> d-------- C:\Program Files\Datel
2008-04-26 12:00 . 2008-05-01 14:20 109,756 --a------ C:\WINDOWS\BM4b1e3e72.xml
2008-04-25 14:45 . 2008-04-25 14:45 <DIR> d-------- C:\Documents and Settings\P. R. Morgan\Application Data\Apple Computer
2008-04-25 14:42 . 2008-04-25 14:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-25 14:42 . 2008-04-25 14:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-25 11:58 . 2008-04-26 14:18 <DIR> d-------- C:\Documents and Settings\P. R. Morgan\Application Data\Any Video Converter
2008-04-25 11:57 . 2008-04-26 14:18 <DIR> d-------- C:\Program Files\Any Video Converter
2008-04-25 11:35 . 2008-04-25 11:35 <DIR> d-------- C:\Program Files\Cucusoft
2008-04-25 11:35 . 2008-04-25 11:35 <DIR> d-------- C:\ConverterOutput
2008-04-25 11:35 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-04-25 11:35 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-04-25 11:35 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-04-25 11:35 . 2003-03-30 20:08 372,736 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-25 11:35 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-04-25 11:35 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-04-25 11:35 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-04-25 11:35 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-04-23 19:16 . 2008-04-23 19:17 <DIR> d-------- C:\Program Files\QuickTime
2008-04-23 19:15 . 2008-04-23 19:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-23 19:15 . 2008-04-23 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-23 17:50 . 2008-04-23 17:50 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-04-23 17:50 . 2008-04-26 12:51 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-23 12:50 . 2008-04-23 12:50 <DIR> d-------- C:\Documents and Settings\P. R. Morgan\Application Data\dvdcss
2008-04-23 11:21 . 2004-08-30 21:00 1,499,136 --a------ C:\WINDOWS\system32\BTCPatcher.exe
2008-04-23 11:21 . 2008-04-23 11:21 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-19 15:22 . 1998-08-26 23:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-04-19 15:22 . 1998-08-20 06:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-04-19 15:22 . 1998-09-02 03:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-04-19 15:21 . 2008-04-19 15:21 <DIR> d-------- C:\Program Files\CyberLink
2008-04-14 14:21 . 2008-04-14 14:21 <DIR> d-------- C:\Program Files\Google
2008-04-13 14:41 . 2008-04-13 14:41 <DIR> d-------- C:\Program Files\Micro Drive Test Utility
2008-04-13 14:40 . 2008-04-13 14:40 <DIR> d-------- C:\WINDOWS\MassAP
2008-04-13 14:40 . 2008-04-13 14:40 249,856 --------- C:\WINDOWS\Setup1.exe
2008-04-13 14:40 . 2008-04-13 14:40 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-04-13 14:40 . 2003-07-17 15:09 13,656 --a------ C:\WINDOWS\system32\drivers\CAMUSBAP.SYS
2008-04-12 14:03 . 2008-04-17 10:18 <DIR> d-------- C:\Documents and Settings\P. R. Morgan\Application Data\Orbit
2008-04-08 16:21 . 2008-04-08 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-08 16:16 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-04-08 16:16 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-04-08 16:16 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-04-08 16:16 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-04-08 16:16 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-04-08 16:15 . 2008-04-08 16:15 <DIR> d-------- C:\Program Files\IVT Corporation
2008-04-08 15:16 . 2008-04-08 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-08 15:15 . 2008-04-08 15:15 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-03 13:53 . 2008-04-03 13:53 <DIR> d-------- C:\Documents and Settings\P. R. Morgan\Application Data\CyberPower Audio Editing Lab
2008-04-03 11:01 . 2008-03-20 17:45 36,288 --a------ C:\WINDOWS\system32\drivers\maploml.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-02 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-01 17:04 --------- d-----w C:\Program Files\JiWire
2008-05-01 16:53 --------- d-----w C:\Program Files\Gateway
2008-04-29 22:55 --------- d-----w C:\Program Files\PowerISO
2008-04-28 20:12 --------- d-----w C:\Documents and Settings\P. R. Morgan\Application Data\U3
2008-04-23 16:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-18 19:05 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-16 20:00 --------- d-----w C:\Program Files\JetAudio
2008-04-13 19:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-08 20:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 16:12 --------- d-----w C:\Documents and Settings\P. R. Morgan\Application Data\SlySoft
2008-04-01 18:48 --------- d-----w C:\Program Files\Common Files\COWON
2008-03-29 19:47 --------- d-----w C:\Documents and Settings\P. R. Morgan\Application Data\OfficeUpdate12
2008-03-27 22:02 97,600 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-26 16:48 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-03-22 16:23 --------- d-----w C:\Program Files\Trillian
2008-03-20 22:45 36,800 ----a-w C:\WINDOWS\system32\drivers\maplom.sys
2008-03-14 15:01 --------- d-----w C:\Documents and Settings\P. R. Morgan\Application Data\TOSHIBA
2008-03-14 14:47 --------- d-----w C:\Program Files\Toshiba
2008-03-10 20:16 --------- d-----w C:\Documents and Settings\P. R. Morgan\Application Data\Skype
2008-03-10 16:23 --------- d-----w C:\Program Files\Supertintin for Skype
2008-03-10 16:10 12,416 ----a-w C:\WINDOWS\system32\drivers\wpsnuio.sys
2008-03-10 15:55 --------- d-----w C:\Documents and Settings\P. R. Morgan\Application Data\skypePM
2008-03-09 20:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-09 20:28 --------- d-----w C:\Program Files\Skype
2008-03-09 20:28 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-09 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-06 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
.

((((((((((((((((((((((((((((( snapshot@2008-05-02_10.57.55.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-02 15:53:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 16:21:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 16:22:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_290.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-04-11 14:11 160832]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GWMDMMSG"="GWMDMMSG.exe" [2007-04-08 12:10 90112 C:\WINDOWS\GWMDMMSG.exe]
"GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [2007-04-08 12:10 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-04-08 12:10 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-08 12:10 561152]
"Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 11:13 98361 C:\WINDOWS\GWHotKey.exe]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-09 20:33 1165680]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-12-19 11:29 994072]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 08:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 08:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 08:40 118784]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LifeCam"="c:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 17:48 275800]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 08:21 94208]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2004-07-12 22:07 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-02 18:10:56 113664]
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-03-20 21:26:50 542192]
STK017 PNP Monitor.lnk - C:\Program Files\STK017_V2.01\STK017M.exe [2007-05-03 11:52:56 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywustQ]
yaywustQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"vidc.MP42"= MPG4c32..dll
"vidc.MP43"= MPG4c32..dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
C:\PROGRA~1\McAfee\MHN\McENUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2008-04-24 11:45 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WPSScannerSvc"=2 (0x2)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 MSCamSvc;MSCamSvc;"c:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 14:13]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]
R3 FLASHREADER;USB Reader;C:\WINDOWS\system32\DRIVERS\camusb.sys [2007-04-08 12:11]
R3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\MaplomL.sys [2008-03-20 17:45]
S3 DCamUSBSTK017;STK017 Camera;C:\WINDOWS\system32\DRIVERS\STK017W2.sys [2003-11-17 20:39]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1.tmp []
S3 USB28xxBGA;PCTV 330e/8x0e Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 07:40]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 07:40]
S3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-12-19 11:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfe9ece3-0345-11dd-a1e9-00e0b8559c0f}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 00:16:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 11:22:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-05-02 11:27:18 - machine was rebooted [P. R. Morgan]
ComboFix-quarantined-files.txt 2008-05-02 16:27:04
ComboFix2.txt 2008-05-02 15:58:48

Pre-Run: 72,063,291,392 bytes free
Post-Run: 72,051,875,840 bytes free

233



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:05 AM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\STK017_V2.01\STK017M.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\P. R. Morgan\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: STK017 PNP Monitor.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191995335193
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204765109711
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: yaywustQ - yaywustQ.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10117 bytes
  • 0

Advertisements

#2
Lusitano
Posted 07 May 2008 - 04:45 AM

Lusitano

    Trusted Helper

  • Malware Removal
  • 525 posts
Hi, Welcome and sorry for this delay!

You might want to save this page on your favorites, so you can find it again when you return.


If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :thumbup2:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP