Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Trojan:dos/alureon.E still here!
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Darksma Infection; MS Juan and MS Track System (New)

Reply  
Thread Tools
samreay's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Nov 2008
Experience: Advanced
24-Nov-2008, 03:12 AM #1
Darksma Infection; MS Juan and MS Track System
Hey guys

Recently I appear to have gathered to my comp an irritating piece of spyware that CA has labelled Darksma.

It appears to like the registry settings MS Track System and MS Juan (HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MS Juan...etc). The symptoms are:

Whenever I open IE7 (as in checking hotmail emails) a get an alert box with the standard spyware message telling me how my computer is infected with spyware and please download this new product to fix it... funnily enough the no option doesn't seem to work.

Also, a believe that the Darksma has attempted to download other viruses to the computer, twice I have gotten CA alerts saying that they've just deleted the Vundoo virus strand.

Well here's the HJT this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:32 PM, on 24/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\regedit.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [\\HINTON-LAPTOP\EPSON Stylus CX4700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /P42 "\\HINTON-LAPTOP\EPSON Stylus CX4700 Series" /O6 "USB001" /M "Stylus CX4700"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [849982a7] rundll32.exe "C:\WINDOWS\system32\vsjcvlvi.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA7C242-3E6C-4927-8F20-A0131E0E9E75}: NameServer = 10.1.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: xycoah.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9054 bytes

Any help would be appreciated.

Also, if needed, I could post the registry values in the MS Juan and MS Track System registry folders.




Thanks
Register for free to hide this ad!
samreay's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Nov 2008
Experience: Advanced
24-Nov-2008, 05:26 PM #2
*bump*

There forums are busy aren't they.
samreay's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Nov 2008
Experience: Advanced
25-Nov-2008, 05:21 PM #3
sorry bout this guys but hey

*double bump*
samreay's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Nov 2008
Experience: Advanced
25-Nov-2008, 09:14 PM #4
Haha and I may as well start the process so when someone can get to this thread it doesn't take as long:

Here's the ComboFix Log:

ComboFix 08-11-26.01 - Sam 2008-11-26 10:59:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2538 [GMT 10:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\byXQIBut.dll
c:\windows\system32\cIQpAJlm.ini
c:\windows\system32\cIQpAJlm.ini2
c:\windows\system32\efcBtsQJ.dll
c:\windows\system32\fsedicle.dll
c:\windows\system32\hwliiktf.dll
c:\windows\system32\hyifukjk.dll
c:\windows\system32\ivlvcjsv.ini
c:\windows\system32\lfjlojkx.ini
c:\windows\system32\lmiblf.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mlJApQIc.dll
c:\windows\system32\nnjdflno.ini
c:\windows\system32\rooxapmt.ini
c:\windows\system32\sgcpkmdx.dll
c:\windows\system32\tmpaxoor.dll
c:\windows\system32\ufjiapdr.dll
c:\windows\system32\vyitnt.dll
c:\windows\system32\xtavjuqc.ini
c:\windows\system32\xycoah.dll
c:\windows\system32\yppfrw.dll
c:\windows\system32\yronxp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.

2008-11-24 16:55 . 2008-11-24 16:55 <DIR> d-------- c:\program files\Trend Micro
2008-11-23 10:52 . 2008-11-23 10:52 <DIR> d-------- c:\program files\AnswerWorks 4.0
2008-11-22 10:27 . 2008-11-22 10:27 <DIR> d-------- c:\program files\Common Files\ChaosGroup
2008-11-21 22:33 . 2008-11-21 22:33 <DIR> d-------- c:\program files\Xvid
2008-11-21 22:33 . 2008-04-27 10:33 765,952 --a------ c:\windows\system32\xvidcore.dll
2008-11-21 22:33 . 2008-04-27 10:35 180,224 --a------ c:\windows\system32\xvidvfw.dll
2008-11-21 22:33 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax
2008-11-21 20:46 . 2008-11-22 00:04 32 --a------ c:\windows\CD_Start.INI
2008-11-21 18:03 . 2008-11-21 18:26 428 --a------ c:\documents and settings\Sam\scriptsOrganizer.dat
2008-11-21 16:48 . 2008-11-21 16:48 <DIR> d-------- c:\documents and settings\Sam\Application Data\Apple Computer
2008-11-21 16:43 . 2008-11-21 16:43 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-21 16:43 . 2008-11-21 16:43 <DIR> d-------- c:\program files\Apple Software Update
2008-11-21 16:43 . 2008-11-21 16:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-21 16:43 . 2008-11-21 16:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-21 16:07 . 2008-11-21 16:44 <DIR> d-------- c:\program files\QuickTime
2008-11-21 09:43 . 2008-11-21 09:43 <DIR> d-------- c:\documents and settings\Sam\.assistant
2008-11-21 07:56 . 2008-11-22 12:19 <DIR> d-------- c:\documents and settings\Sam\scenes
2008-11-21 02:49 . 2008-11-21 02:49 <DIR> d-------- c:\program files\Next Limit
2008-11-20 22:33 . 2008-11-20 22:33 <DIR> d-------- c:\program files\Turbo Squid Tentacles
2008-11-20 22:33 . 2008-11-20 22:33 <DIR> d-------- c:\program files\Microsoft WSE
2008-11-20 22:25 . 2008-11-20 22:25 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-20 22:24 . 2008-11-20 22:24 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-20 22:24 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-11-20 19:27 . 2008-11-20 19:27 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-20 19:26 . 2008-11-20 19:27 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-20 19:26 . 2008-11-21 02:55 1,393 --a------ c:\windows\imsins.BAK
2008-11-17 15:58 . 2008-11-24 18:25 69 --a------ c:\windows\NeroDigital.ini
2008-11-15 13:08 . 2008-11-15 13:08 <DIR> d-------- c:\program files\Stardock
2008-11-15 13:08 . 2008-11-15 13:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Stardock
2008-11-15 13:08 . 2008-11-15 13:08 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2008-11-15 13:07 . 2008-11-15 16:23 <DIR> d-------- c:\program files\Kalypso
2008-11-12 22:23 . 2008-11-12 22:23 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 19:34 . 2008-11-12 19:34 <DIR> d-------- c:\program files\Dassault Systemes
2008-11-12 19:33 . 2008-11-12 19:33 <DIR> d-------- c:\documents and settings\Sam\Application Data\DassaultSystemes
2008-11-12 19:33 . 2008-11-12 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\DassaultSystemes
2008-11-12 16:12 . 2008-10-24 21:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 16:11 . 2008-09-05 03:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:16 . 2008-11-11 17:16 <DIR> d-------- c:\documents and settings\Sam\Application Data\Nero
2008-11-11 17:12 . 2008-11-11 17:12 <DIR> d-------- c:\program files\Nero
2008-11-11 17:12 . 2008-11-11 17:14 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-11 17:12 . 2008-11-11 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-11-06 07:48 . 2008-11-06 07:48 <DIR> dr-h----- c:\documents and settings\Sam\Application Data\SecuROM
2008-11-05 18:26 . 2008-11-05 18:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-04 17:26 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-11-04 17:25 . 2008-11-20 22:28 <DIR> d-------- c:\program files\MSBuild
2008-11-04 17:25 . 2008-11-04 17:25 <DIR> d-------- c:\program files\Microsoft Works
2008-11-04 17:21 . 2008-11-04 17:21 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-11-04 17:20 . 2008-11-16 09:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-04 17:18 . 2008-11-04 17:18 <DIR> dr-h----- C:\MSOCache
2008-11-03 16:33 . 2008-11-03 16:33 <DIR> d-------- c:\program files\EPSON
2008-11-02 17:23 . 2008-11-02 17:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-11-02 17:22 . 2008-11-02 17:22 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-10-28 16:24 . 2008-11-06 07:48 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-10-28 16:19 . 2008-10-28 16:19 <DIR> d-------- c:\windows\Logs
2008-10-28 16:19 . 2008-10-28 16:19 22,328 --a------ c:\documents and settings\Sam\Application Data\PnkBstrK.sys
2008-10-28 16:18 . 2008-10-28 16:18 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-10-28 16:18 . 2008-10-28 16:18 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-10-28 16:18 . 2008-10-28 16:18 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-10-28 16:15 . 2008-10-28 16:15 <DIR> d-------- c:\program files\Ubisoft
2008-10-27 17:51 . 2008-11-22 20:17 34 --a------ c:\windows\system32\oeminfo.ini
2008-10-27 08:04 . 2008-10-27 08:04 <DIR> d-------- c:\documents and settings\Sam\Application Data\gtk-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 22:17 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-11-23 04:32 --------- d-----w c:\program files\uTorrent
2008-11-23 04:27 --------- d-----w c:\documents and settings\Sam\Application Data\uTorrent
2008-11-23 04:27 --------- d-----w c:\documents and settings\Sam\Application Data\Autodesk
2008-11-23 04:26 --------- d-----w c:\program files\Autodesk
2008-11-23 04:26 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-11-20 16:49 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-02 07:25 --------- d-----w c:\program files\Common Files\Adobe
2008-10-28 06:19 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-28 06:15 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 21:41 --------- d-----w c:\program files\Common Files\Scanner
2008-10-21 08:58 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-21 08:29 --------- d-----w c:\program files\Microsoft VisioModeler 3.1
2008-10-21 08:11 --------- d-----w c:\documents and settings\All Users\Application Data\CA
2008-10-21 07:15 99,904 ----a-w c:\windows\system32\isafeif.dll
2008-10-21 07:15 880,560 ----a-w c:\windows\system32\drivers\vetefile.sys
2008-10-21 07:15 79,424 ----a-w c:\windows\system32\vetredir.dll
2008-10-21 07:15 75,280 ----a-w c:\windows\system32\isafprod.dll
2008-10-21 07:15 32,528 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2008-10-21 07:15 26,640 ----a-w c:\windows\system32\drivers\vet-filt.sys
2008-10-21 07:15 21,648 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2008-10-21 07:15 21,392 ----a-w c:\windows\system32\drivers\vet-rec.sys
2008-10-21 07:15 108,368 ----a-w c:\windows\system32\drivers\veteboot.sys
2008-10-21 07:11 --------- d-----w c:\program files\CA
2008-10-21 06:29 315,392 ----a-w c:\windows\HideWin.exe
2008-10-21 06:29 --------- d-----w c:\program files\Realtek
2008-10-21 06:27 --------- d-----w c:\program files\Winrar v.3.70b Full
2008-10-20 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-10-20 12:22 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-20 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-20 06:45 --------- d-----w c:\program files\Windows Live
2008-10-20 06:43 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-20 06:36 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-20 06:28 --------- d-----w c:\program files\Microsoft.NET
2008-10-20 06:27 --------- d-----w c:\program files\Ashampoo
2008-10-20 06:26 --------- d-----w c:\program files\DAEMON Tools Lite
2008-10-20 06:24 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-20 06:19 --------- d-----w c:\documents and settings\Sam\Application Data\DAEMON Tools
2008-10-20 05:33 --------- d-----w c:\program files\Revit Architecture 2009
2008-10-20 05:02 --------- d-----w c:\program files\CCleaner
2008-10-20 04:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-20 04:50 --------- d-----w c:\program files\AGEIA Technologies
2008-10-20 04:43 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 04:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 04:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 04:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 04:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 04:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 04:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 04:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 04:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-07 03:33 797,216 ----a-w c:\windows\system32\nvcplui.exe
2008-10-07 03:33 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-10-02 00:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 06:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-03 23:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-28 22:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-21 133104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-10-21 177416]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-10-21 230928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-10-22 14088]
"\\HINTON-LAPTOP\EPSON Stylus CX4700 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE" [2005-02-02 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-21 413696]
"nwiz"="nwiz.exe" [2008-08-01 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-12 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sam\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-06 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yppfrw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Next Limit\\RealFlow4\\realflow.exe"=

R0 nvgts;nvgts;c:\windows\system32\DRIVERS\nvgts.sys [2008-08-18 145952]
R1 LUMDriver;LUMDriver;\??\c:\windows\system32\drivers\LUMDriver.sys [2007-04-25 16688]
R2 BBDemon;Backbone Service;"c:\program files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe" -service [2007-05-04 36864]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;"c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 65536]
R3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-03-12 189704]
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-20 c:\windows\Tasks\CAAntiSpywareScan_Daily as Sam at 5 11 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-10-21 17:15]

2008-11-25 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-21 16:46]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7CFEF675-ABEF-4F37-B484-34DBBB35F40F} - c:\windows\system32\mlJApQIc.dll
BHO-{90dd1937-1ca6-499f-976e-ef087595c5d5} - c:\windows\system32\yppfrw.dll
BHO-{B3983B5E-1B68-44D8-8D36-D9AD07F4778D} - c:\windows\system32\efcBtsQJ.dll
ShellExecuteHooks-{B3983B5E-1B68-44D8-8D36-D9AD07F4778D} - c:\windows\system32\efcBtsQJ.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\9u3i6dmt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.au
FF -: plugin - c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 11:09:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(2000)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(356)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-11-26 11:11:56 - machine was rebooted [Sam]
ComboFix-quarantined-files.txt 2008-11-26 01:11:47

Pre-Run: 177,934,848,000 bytes free
Post-Run: 177,894,203,392 bytes free

293 --- E O F --- 2008-11-20 16:55:50
samreay's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Nov 2008
Experience: Advanced
25-Nov-2008, 09:39 PM #5
And after that I'm not sure how to make the CFScript.txt file to finish things up, so here I will wait for my elders.
samreay's Avatar
Computer Specs
Junior Member with 6 posts.
  
Join Date: Nov 2008
Experience: Advanced
25-Nov-2008, 09:55 PM #6
Okay, this is the HJT log after ComboFix and a run of the MWB-Anti-Malware (which found nothing).

Also, I downloaded KillBox and attempted to delete yppfrw.dll, but it said the file didn't exist.

Hoping its now clean, even though Murphey's Law says that I've probably added to the number of viruses.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:36 AM, on 26/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [\\HINTON-LAPTOP\EPSON Stylus CX4700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /P42 "\\HINTON-LAPTOP\EPSON Stylus CX4700 Series" /O6 "USB001" /M "Stylus CX4700"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA7C242-3E6C-4927-8F20-A0131E0E9E75}: NameServer = 10.1.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: yppfrw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9418 bytes
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

Tags
darksma, juan, spyware, system, track

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:09 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.