Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i need help removing darksma


  • Please log in to reply

#1
Galeana

Galeana

    New Member

  • Member
  • Pip
  • 2 posts
hello im new to this site
i just scan my pc with ca antispyware and it tells me that im infected with darskma spyware at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan
i used the option to quarantine it but it does not fix it i scan again and get the same spyware. my pc also starterd to run slow and when i go to let's say youtube and enter my sign name and passy it does not log in and it asks for the pass again and the id name.
here is my hijackthis log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:08 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: {a1cd003e-52fe-9e08-9e64-4878d46ba896} - {698ab64d-8784-46e9-80e9-ef25e300dc1a} - C:\WINDOWS\system32\vffldz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [winsock32] C:\WINDOWS\system32:winsock32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [BM53fafe29] Rundll32.exe "C:\WINDOWS\system32\anrubsko.dll",s
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Games Voice Chat - http://presence.game...yog/y/va1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.inf...ex/QTPlugin.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (Software Center) - http://us.dl1.yimg.c...ntr_current.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.ritea...PhotoOnline.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag....crusher-cae.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 8188 bytes
  • 0

Advertisements


#2
Galeana

Galeana

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
here is my combo fix log


ComboFix 08-06-20.4 - Owner 2008-06-27 22:16:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.468 [GMT -7:00]
Running from: C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp.zip
C:\WINDOWS\BM53fafe29.xml
C:\WINDOWS\hosts
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtsQHxw.dll
C:\WINDOWS\system32\bnevmdvi.ini
C:\WINDOWS\system32\byXOiGYQ.dll
C:\WINDOWS\system32\byXPHwVL.dll
C:\WINDOWS\system32\dbxDgrevCheck.dll
C:\WINDOWS\system32\ddrdvheg.ini
C:\WINDOWS\system32\geBrqnMF.dll
C:\WINDOWS\system32\GhkUwyxx.ini
C:\WINDOWS\system32\GhkUwyxx.ini2
C:\WINDOWS\system32\hvoeyokl.ini
C:\WINDOWS\system32\iifdaAro.dll
C:\WINDOWS\system32\iifedbcy.dll
C:\WINDOWS\system32\iiffGWNf.dll
C:\WINDOWS\system32\iifgDuts.dll
C:\WINDOWS\system32\iifgEuUL.dll
C:\WINDOWS\system32\kthnhadh.ini
C:\WINDOWS\system32\mlJAsQhe.dll
C:\WINDOWS\system32\nnnllLba.dll
C:\WINDOWS\system32\nnnoPJYQ.dll
C:\WINDOWS\system32\obsvcnwf.ini
C:\WINDOWS\system32\pmnkLEts.dll
C:\WINDOWS\system32\pmnliJAR.dll
C:\WINDOWS\system32\pmnmjggh.dll
C:\WINDOWS\system32\qgrjgbpw.ini
C:\WINDOWS\system32\qwqyrasf.ini
C:\WINDOWS\system32\ssqOICUL.dll
C:\WINDOWS\system32\ssqQkLCR.dll
C:\WINDOWS\system32\tuvVoliG.dll
C:\WINDOWS\system32\vtUlMdaX.dll
C:\WINDOWS\system32\vtUomjJC.dll
C:\WINDOWS\system32\vtUooNEV.dll
C:\WINDOWS\system32\wvUoNHwV.dll
C:\WINDOWS\system32\xxvtcjhl.ini
C:\WINDOWS\system32\xxywUkhG.dll
C:\WINDOWS\system32\xxywUNDS.dll
C:\WINDOWS\system32\yayyAtrS.dll
C:\WINDOWS\system32\yxhronnk.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-06-27 23:15 . 2008-06-27 23:15 22 --a------ C:\WINDOWS\pskt.ini
2008-06-27 23:15 . 2008-06-27 23:15 0 --a------ C:\WINDOWS\BM53fafe29.xml
2008-06-27 21:04 . 2008-06-27 21:04 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-27 20:40 . 2008-06-27 20:40 102,912 --a------ C:\WINDOWS\system32\vffldz.dll
2008-06-27 20:40 . 2008-06-27 20:40 102,912 --a------ C:\WINDOWS\system32\jppjobbn.dll
2008-06-27 19:17 . 2008-06-27 19:17 90,112 --a------ C:\WINDOWS\system32\anrubsko.dll
2008-06-27 19:17 . 2008-06-27 19:17 81,920 --a------ C:\WINDOWS\system32\knnorhxy.dll
2008-06-26 21:09 . 2008-06-26 21:09 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-06-26 14:04 . 2008-06-26 14:04 106,496 --a------ C:\WINDOWS\system32\tyuaydos.dll
2008-06-26 14:01 . 2008-06-26 14:01 91,648 --a------ C:\WINDOWS\system32\yxvtlqed.dll
2008-06-25 14:04 . 2008-06-25 14:04 106,496 --a------ C:\WINDOWS\system32\bktkrvnf.dll
2008-06-25 13:59 . 2008-06-25 13:59 91,136 --a------ C:\WINDOWS\system32\mwwuapna.dll
2008-06-24 10:02 . 2008-06-24 10:02 99,840 --a------ C:\WINDOWS\system32\pqsyhrhv.dll
2008-06-22 12:26 . 2008-06-22 12:26 99,328 --a------ C:\WINDOWS\system32\xejllydp.dll
2008-06-22 12:20 . 2008-06-22 12:20 90,624 --a------ C:\WINDOWS\system32\guimpqsg.dll
2008-06-21 17:18 . 2008-06-27 20:39 <DIR> d-------- C:\Program Files\Exterminate It!
2008-06-21 14:27 . 2003-07-24 02:56 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\WINDOWS
2008-06-21 14:27 . 2003-07-26 01:54 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\Symantec
2008-06-21 14:27 . 2003-07-24 02:35 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\Sonic
2008-06-21 14:27 . 2003-07-24 03:02 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\SampleView
2008-06-21 14:27 . 2003-07-26 01:57 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\interMute
2008-06-21 14:27 . 2008-06-21 14:27 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41
2008-06-21 12:23 . 2008-06-21 12:23 99,328 --a------ C:\WINDOWS\system32\kgwleuhy.dll
2008-06-21 12:17 . 2008-06-21 12:17 90,112 --a------ C:\WINDOWS\system32\qbaxelxg.dll
2008-06-20 12:20 . 2008-06-20 12:20 99,328 --a------ C:\WINDOWS\system32\rqccwarc.dll
2008-06-20 12:17 . 2008-06-20 12:17 90,624 --a------ C:\WINDOWS\system32\sdcksnjv.dll
2008-06-20 09:39 . 2008-06-27 23:10 151,070 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-06-20 09:37 . 2008-06-20 09:37 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-06-20 09:37 . 2008-06-20 09:37 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-06-20 09:24 . 2007-08-20 13:37 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2008-06-20 09:24 . 2007-08-20 13:26 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-06-20 09:24 . 2007-08-20 13:37 75,016 --a------ C:\WINDOWS\system32\isafprod.dll
2008-06-20 09:24 . 2007-08-20 13:38 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-06-20 09:24 . 2007-08-20 13:38 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-06-20 09:24 . 2007-08-20 13:38 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-06-20 09:24 . 2007-08-20 13:38 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-06-20 08:56 . 2006-11-27 17:00 4,212 --ah----- C:\WINDOWS\system32\zllictbl_cpy.dat
2008-06-17 17:09 . 2008-06-17 17:09 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-17 17:08 . 2008-06-17 17:08 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-10 23:20 . 2008-04-14 04:01 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 16:53 . 2008-06-05 16:53 <DIR> d-------- C:\Program Files\LG Electronics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 04:06 --------- d-----w C:\Program Files\ShortKeys2
2008-06-28 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-28 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-06-28 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-06-27 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-06-27 02:53 --------- d-----w C:\Program Files\Minilyrics
2008-06-22 00:41 --------- d-----w C:\Program Files\MSN Messenger
2008-06-22 00:41 --------- d-----w C:\Program Files\Instant Source
2008-06-22 00:41 --------- d-----w C:\Program Files\ColourToHTML
2008-06-22 00:03 --------- d-----w C:\Program Files\Winamp
2008-06-21 15:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-21 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-20 17:52 --------- d-----w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\U3
2008-06-20 16:20 --------- d-----w C:\Program Files\CA
2008-06-18 00:15 --------- d-----w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\Skype
2008-06-18 00:05 --------- d-----w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\skypePM
2008-06-05 23:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 17:07 --------- d-----w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\AdobeUM
2008-05-27 00:11 --------- d-----w C:\Program Files\XAimer
2008-05-22 06:26 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-20 14:41 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 13:43 --------- d-----w C:\Program Files\Watchtower
2008-05-05 13:39 --------- d-----w C:\Program Files\Common Files\Acronis
2008-05-05 13:25 --------- d-----w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\Watchtower
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-11-16 22:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-05-27 02:43 87,608 ----a-w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\inst.exe
2007-05-27 02:43 47,360 ----a-w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{698ab64d-8784-46e9-80e9-ef25e300dc1a}]
2008-06-27 20:40 102912 --a------ C:\WINDOWS\system32\vffldz.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"winsock32"="C:\WINDOWS\system32:winsock32.exe" [ ]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:25 177416]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:36 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-06-20 09:37 1193224]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-06-20 09:37 173320]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-06-20 09:37 259336]
"BM53fafe29"="C:\WINDOWS\system32\anrubsko.dll" [2008-06-27 19:17 90112]

C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ShortKeys 2.lnk]
backup=C:\WINDOWS\pss\ShortKeys 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinTasks.lnk]
backup=C:\WINDOWS\pss\WinTasks.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-LK4RLMSU41^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00ERSRRRNKY]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-08-19 15:57 2841824 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM53fafe29]
C:\WINDOWS\system32\sgibupda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2006-05-22 13:26 694272 C:\Program Files\dvd43\dvd43_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-10-01 21:45 840704 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 03:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 17:01 277296 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
--a------ 2003-07-14 10:52 40960 C:\WINDOWS\ltmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-04-06 18:40 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-05-02 23:19 323584 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-06-14 17:58 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
--a------ 2006-02-24 11:32 1290240 C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
--a------ 2007-06-06 16:52 936960 C:\Program Files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
--a------ 2006-12-19 12:29 994072 C:\WINDOWS\vVX6000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 16:19 129536 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 10:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 13:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 13:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 14:21]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 10:24]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 12:09]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-18 10:24]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 10:24]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 13:30]
R3 ATIDACXX;ATI DTV Wonder Analog Audio Capture Device;C:\WINDOWS\system32\drivers\atidacxx.sys [2005-09-26 18:21]
R3 ATIDDCXX;ATI DTV Wonder Digital BDA Capture Device;C:\WINDOWS\system32\drivers\atiddcxx.sys [2005-09-26 18:20]
R3 ATIDTUXX;ATI DTV Wonder Digital And Analog Tuner Device;C:\WINDOWS\system32\drivers\atidtuxx.sys [2005-09-26 18:21]
R3 ATIDVCXX;ATI DTV Wonder Analog AV Capture Device;C:\WINDOWS\system32\drivers\atidvcxx.sys [2005-09-26 18:20]
R3 ATIDXBXX;ATI DTV Wonder Analog AV Crossbar Device;C:\WINDOWS\system32\drivers\atidxbxx.sys [2005-09-26 18:21]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 15:15]
R3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;C:\WINDOWS\system32\Drivers\nx6000.sys [2007-04-12 15:46]
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-16 21:10]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 PL-40R;LK USB MIDI;C:\WINDOWS\system32\Drivers\pl40rwdm.sys [2002-08-15 23:21]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 23:04]
S3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-12-19 12:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206b8be9-b3dd-11db-a13b-0018f8302cc0}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df725db4-ef9c-11db-a161-dd7686fd9430}]
\Shell\AutoRun\command - G:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
C:\WINDOWS\system32:winsock32.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 06:57:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-27 04:10:09 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 9 10 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2008-06-26 08:00:00 C:\WINDOWS\Tasks\PPv5Scan_Daily as Owner at 1 00 AM.job"
- C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\ppv5consumercl.exe
"2008-06-28 00:57:27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{95B5C862-29AA-455A-8B29-91938C14A80D}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 23:15:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\anrubsko.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
.
**************************************************************************
.
Completion time: 2008-06-27 23:48:52 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-06-28 06:47:42

Pre-Run: 8,517,492,736 bytes free
Post-Run: 8,409,530,368 bytes free

355 --- E O F --- 2008-06-11 13:51:14
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP