Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

DARKSMA infection PLEASE HELP

Started by W4R , Jul 11 2008 09:37 PM

  • Please log in to reply

#1
W4R
Posted 11 July 2008 - 09:37 PM

W4R

    New Member

  • Member
  • Pip
  • 2 posts
I need help removing Darksma from my computer please take a look and tell what you think. I'll post the combofix log first then the Hijack this log.

ComboFix 08-07-11.1 - Owner 2008-07-11 23:04:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.82 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\smp.bat
C:\WINDOWS\BMb3022162.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\dsaip32b.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\atomvysi.dll
C:\WINDOWS\system32\awtUMCTl.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cfyxukka.ini
C:\WINDOWS\system32\cpaakwjd.dll
C:\WINDOWS\system32\dhbnja.dll
C:\WINDOWS\system32\dkuximfn.ini
C:\WINDOWS\system32\eavzvm.dll
C:\WINDOWS\system32\eyjibdsd.dll
C:\WINDOWS\system32\fobpnhec.ini
C:\WINDOWS\system32\geBtRlkk.dll
C:\WINDOWS\system32\gjwkvnxv.dll
C:\WINDOWS\system32\GQBLUvut.ini
C:\WINDOWS\system32\GQBLUvut.ini2
C:\WINDOWS\system32\gwcsqwkx.dll
C:\WINDOWS\system32\hcrxjfpq.dll
C:\WINDOWS\system32\hffemffw.ini
C:\WINDOWS\system32\iphglakl.dll
C:\WINDOWS\system32\ixqcdpft.ini
C:\WINDOWS\system32\jexean.dll
C:\WINDOWS\system32\jmbalamh.dll
C:\WINDOWS\system32\khfEtrQK.dll
C:\WINDOWS\system32\khfEVLEu.dll
C:\WINDOWS\system32\kklRtBeg.ini
C:\WINDOWS\system32\kklRtBeg.ini2
C:\WINDOWS\system32\knchaxyl.dll
C:\WINDOWS\system32\ktfdvsku.ini
C:\WINDOWS\system32\lfffnwpn.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhmigsei.dll
C:\WINDOWS\system32\mpeisc.dll
C:\WINDOWS\system32\nibqjpix.dll
C:\WINDOWS\system32\njeuxy.dll
C:\WINDOWS\system32\obmphjtq.ini
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\onaodfrr.dll
C:\WINDOWS\system32\pbpkjh.dll
C:\WINDOWS\system32\pesmoxdu.ini
C:\WINDOWS\system32\ptkjhv.dll
C:\WINDOWS\system32\qpfjxrch.ini
C:\WINDOWS\system32\quffbvsr.dll
C:\WINDOWS\system32\rermghas.dll
C:\WINDOWS\system32\rjolwe.dll
C:\WINDOWS\system32\rqRKEUmJ.dll
C:\WINDOWS\system32\stsqdbns.dll
C:\WINDOWS\system32\suxdgmvy.dll
C:\WINDOWS\system32\topouikp.dll
C:\WINDOWS\system32\uancvjyl.ini
C:\WINDOWS\system32\udxomsep.dll
C:\WINDOWS\system32\unbidxxv.dll
C:\WINDOWS\system32\uvdmtlje.dll
C:\WINDOWS\system32\wegmeibv.dll
C:\WINDOWS\system32\wqkvfj.dll
C:\WINDOWS\system32\wujske.dll
C:\WINDOWS\system32\wvgfayub.dll
C:\WINDOWS\system32\wyheba.dll
C:\WINDOWS\system32\xfxwgmsq.dll
C:\WINDOWS\system32\xjesgjgu.ini
C:\WINDOWS\system32\yhyoomoc.ini
C:\WINDOWS\system32\ypbavdtp.dll
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.graboid.com
.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-11 02:02 . 2008-07-11 02:02 22,371 --a------ C:\WINDOWS\b728x90.tmp
2008-07-11 01:31 . 2008-07-11 01:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-11 01:31 . 2008-07-11 01:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-05 02:50 . 2008-07-05 02:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Launcher
2008-07-04 22:34 . 2008-07-04 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2008-07-04 22:30 . 2008-07-04 22:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MozillaControl
2008-07-04 22:29 . 2008-07-04 22:30 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-07-04 22:28 . 2008-07-04 22:30 <DIR> d-------- C:\Program Files\Graboid
2008-07-02 19:44 . 2008-07-02 19:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 19:32 . 2008-07-02 19:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-02 19:30 . 2008-07-02 19:32 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-02 19:18 . 2008-07-02 19:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert
2008-07-02 19:17 . 2008-07-04 11:43 <DIR> d-------- C:\Program Files\AdwareAlert
2008-06-25 11:32 . 2008-06-25 11:32 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-06-25 11:32 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-06-25 11:32 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-06-25 11:32 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-06-25 11:32 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-06-25 11:32 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-06-25 11:32 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-06-25 11:32 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-06-25 11:19 . 2008-06-25 11:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\vlc
2008-06-25 10:57 . 2008-06-25 10:57 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-06-25 10:56 . 2008-06-25 10:56 <DIR> d-------- C:\Program Files\Raxco
2008-06-25 10:56 . 2008-06-25 10:56 <DIR> d-------- C:\Program Files\CA
2008-06-25 10:56 . 2008-06-25 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-06-25 10:55 . 2008-06-27 13:39 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-06-25 10:48 . 2008-06-25 10:48 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-25 10:14 . 2008-06-25 11:06 53,192 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-06-25 10:13 . 2007-04-19 11:24 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-06-25 10:02 . 2008-06-25 10:02 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-06-25 08:52 . 2008-06-27 11:55 <DIR> d-------- C:\Program Files\Registry Mighty
2008-06-20 01:26 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-20 01:26 . 2008-06-13 09:10 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 03:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-07-12 03:02 8,148 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-30 19:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-28 18:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-28 17:26 --------- d-----w C:\Program Files\Audible
2008-06-26 00:48 --------- d-----w C:\Program Files\Accessdiver
2008-06-25 15:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\AT&T
2008-06-25 14:54 --------- d-----w C:\Program Files\AT&T
2008-06-25 14:53 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-06-25 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AT&T
2008-06-25 13:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2008-06-18 22:43 --------- d-----w C:\Program Files\xchat
2008-06-18 22:27 --------- d-----w C:\Program Files\BigFix
2008-06-10 18:36 --------- d-----w C:\Program Files\DivX
2008-06-06 17:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\DivX
2008-06-06 05:24 --------- d-----w C:\Program Files\Tor
2008-05-30 04:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-29 15:41 --------- d-----w C:\Program Files\Microsoft Works
2008-05-29 03:45 --------- d-----w C:\Program Files\Common Files\ASCOM
2008-05-29 03:44 --------- d-----w C:\Program Files\ASCOM
2008-05-29 03:04 --------- d-----w C:\Program Files\Microsoft Research
2008-03-29 01:32 53,934 ----a-w C:\Program Files\INSTALL.LOG
2008-02-16 18:47 0 -c-ha-w C:\Documents and Settings\Owner\hpothb07.dat
2007-11-08 01:32 43,752 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-04-30 23:55 164 -c-ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-03-03 01:03 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 03:07 289088]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-01-29 22:13 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-01-29 22:13 118784]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 16:42 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-03 21:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-28 19:02 198184]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RegistryMighty.exe"="C:\Program Files\Registry Mighty\RegistryMighty.exe" [2008-05-22 19:28 3256832]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 16:09 310000]
"-FreedomNeedsReboot"="C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [2007-06-28 16:09 13552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 22:08:34 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 21:56:10 40960]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-10-26 04:09:52 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\att-nap\\McciBrowser.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-28 16:56]
S3 2d5d50c5-c60f-4a7f-82d6-372f0bee9b2f;2d5d50c5-c60f-4a7f-82d6-372f0bee9b2f;E:\CDS300\cds300.dll []
S3 krdpdre;krdpdre;C:\DOCUME~1\Owner\LOCALS~1\Temp\krdpdre.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-01-28 16:56]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-01-28 16:56]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-04 15:00]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 15:00]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{362dc7c1-3718-11d9-8bd0-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a976d37-371b-11d9-8bd3-00038a000015}]
\Shell\AutoRun\command - G:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a461a84-e54d-11db-9b1e-001111a802a3}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca11b496-3d04-11dc-9b50-001111a802a3}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb095743-3723-11d9-805e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f087f49d-3761-11d9-84dc-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 07:00:01 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
- C:\Program Files\AdwareAlert
"2008-05-21 23:09:46 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203187297.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2005-02-27 23:20:25 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-02-27 23:20:25 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-02-27 23:20:25 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{E995073E-28F6-4621-A82B-2A5F87E35620} - C:\WINDOWS\system32\tuvULBQG.dll
HKCU-Run-MoneyAgent - C:\Program Files\Microsoft Money\System\mnyexpr.exe
HKCU-Run-AdwareAlert - C:\Program Files\AdwareAlert\AdwareAlert.exe
HKLM-Run-b03112fe - C:\WINDOWS\system32\udxomsep.dll
HKLM-Run-BMb3022162 - C:\WINDOWS\system32\wvgfayub.dll
Notify-tuvULBQK - tuvULBQK.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 23:22:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterr.exe
.
**************************************************************************
.
Completion time: 2008-07-11 23:33:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 03:32:59

Pre-Run: 30,152,781,824 bytes free
Post-Run: 32,422,420,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

266 --- E O F --- 2008-06-20 07:16:31


HIJIACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:12 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RegistryMighty.exe] C:\Program Files\Registry Mighty\RegistryMighty.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: Chris Sawyer's Locomotion Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{2EEDFE55-86BD-4EE0-8931-548181D4CDFF}\{77F45E76-E897-42CA-A9FE-5F56817D875C}\ATR1.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E40C2416} (InstallerWeb Control) - https://txdalas01.cl...ies/instweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7170 bytes

Thanks for the help
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP