Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help, please!

Started by natcguerreiro , Feb 15 2008 11:43 AM

  • Please log in to reply

#1
natcguerreiro
Posted 15 February 2008 - 11:43 AM

natcguerreiro

    Member

  • Member
  • PipPip
  • 73 posts
I think my computer is infected.

I am sending a combofix, avg antispyware and hijackthis logs.

I'm pasting them per order i have done them.

Thanks


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:46:19 15/02/2008

+ Scan result:



C:\Documents and Settings\vitor\Local Settings\Temp\tem3D.tmp.exe -> Adware.Mirar : No action taken.
C:\Documents and Settings\vitor\Local Settings\Temporary Internet Files\Content.IE5\16M5J4G0\installer-65659-19-LimeWire-English[1].exe -> Backdoor.Agent.duj : No action taken.
C:\System Volume Information\_restore{5D9C8577-F248-4E96-9999-0A2B7D7F5465}\RP143\A0030410.exe -> Downloader.Agent.bkw : No action taken.
C:\System Volume Information\_restore{5D9C8577-F248-4E96-9999-0A2B7D7F5465}\RP144\A0030518.exe -> Downloader.Agent.bkw : No action taken.
C:\System Volume Information\_restore{5D9C8577-F248-4E96-9999-0A2B7D7F5465}\RP146\A0030641.exe -> Downloader.Agent.bkw : No action taken.
C:\Documents and Settings\vitor\Local Settings\Temporary Internet Files\Content.IE5\HTWLO426\PLAY_MP3[1].exe -> Not-A-Virus.Adware.Agent : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][1].txt -> TrackingCookie.Co : No action taken.
C:\Documents and Settings\vitor\Cookies\vitor@connextra[2].txt -> TrackingCookie.Connextra : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Dealtime : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\vitor\Cookies\vitor@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\vitor\Cookies\vitor@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\vitor\Cookies\vitor@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\vitor\Cookies\vitor@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\vitor\Cookies\vitor@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\vitor\Cookies\vitor@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\vitor\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end



ComboFix 08-02-14.2 - vitor 2008-02-15 17:03:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.652 [GMT 0:00]
Running from: C:\Documents and Settings\vitor\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.cj+|C̛v+@J:NGD_DQ{zt һHG.X UGiIHmWU Client Download S-1-5-18 `HT4?? 6VwoQZCDHMsC:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\eef5a36924cdf0c02598ccf96aa4f60887a49840
.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-15 17:00 . 2004-08-04 12:00 388,608 --a------ C:\kmd.exe
2008-02-14 22:38 . 2008-02-14 22:38 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-02-14 22:38 . 2008-02-14 22:38 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-02-14 22:38 . 2008-02-15 15:03 <DIR> d-------- C:\Program Files\BrowsingTool
2008-02-14 22:37 . 2008-02-14 22:37 <DIR> d-------- C:\Program Files\PlayMP3z
2008-02-14 22:06 . 2008-02-14 23:03 <DIR> d-------- C:\Documents and Settings\vitor\Application Data\LimeWire
2008-02-14 22:05 . 2008-02-14 22:06 <DIR> d-------- C:\Program Files\LimeWire
2008-02-08 20:16 . 2008-02-08 20:16 <DIR> d-------- C:\Documents and Settings\vitor\System
2008-02-08 20:16 . 2008-02-08 20:50 <DIR> d-------- C:\Documents and Settings\vitor\Application Data\SmartDraw
2008-02-08 20:10 . 2008-02-08 20:16 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-02-08 20:03 . 2008-02-08 20:03 <DIR> d-------- C:\Program Files\VectorEngineer Quick-Tools
2008-02-06 21:28 . 2008-02-06 21:28 1,301 --a------ C:\WINDOWS\XSP2003.INI
2008-02-06 16:36 . 2008-02-06 16:36 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-05 15:54 . 2008-02-05 15:54 244 --ah----- C:\sqmnoopt16.sqm
2008-02-05 15:54 . 2008-02-05 15:54 232 --ah----- C:\sqmdata16.sqm
2008-02-05 10:43 . 2008-02-05 10:43 244 --ah----- C:\sqmnoopt15.sqm
2008-02-05 10:43 . 2008-02-05 10:43 232 --ah----- C:\sqmdata15.sqm
2008-02-05 10:38 . 2008-02-05 10:38 244 --ah----- C:\sqmnoopt14.sqm
2008-02-05 10:38 . 2008-02-05 10:38 232 --ah----- C:\sqmdata14.sqm
2008-02-05 10:37 . 2008-02-05 10:37 244 --ah----- C:\sqmnoopt13.sqm
2008-02-05 10:37 . 2008-02-05 10:37 232 --ah----- C:\sqmdata13.sqm
2008-02-05 08:10 . 2008-02-05 08:10 244 --ah----- C:\sqmnoopt12.sqm
2008-02-05 08:10 . 2008-02-05 08:10 232 --ah----- C:\sqmdata12.sqm
2008-02-05 08:07 . 2008-02-05 08:07 244 --ah----- C:\sqmnoopt11.sqm
2008-02-05 08:07 . 2008-02-05 08:07 232 --ah----- C:\sqmdata11.sqm
2008-02-05 08:06 . 2008-02-05 08:06 244 --ah----- C:\sqmnoopt10.sqm
2008-02-05 08:06 . 2008-02-05 08:06 232 --ah----- C:\sqmdata10.sqm
2008-02-04 22:08 . 2008-02-04 22:08 244 --ah----- C:\sqmnoopt09.sqm
2008-02-04 22:08 . 2008-02-04 22:08 232 --ah----- C:\sqmdata09.sqm
2008-02-04 21:37 . 2008-02-04 21:37 244 --ah----- C:\sqmnoopt08.sqm
2008-02-04 21:37 . 2008-02-04 21:37 232 --ah----- C:\sqmdata08.sqm
2008-02-04 20:07 . 2008-02-04 20:07 244 --ah----- C:\sqmnoopt07.sqm
2008-02-04 20:07 . 2008-02-04 20:07 232 --ah----- C:\sqmdata07.sqm
2008-02-04 19:59 . 2008-02-04 19:59 244 --ah----- C:\sqmnoopt06.sqm
2008-02-04 19:59 . 2008-02-04 19:59 232 --ah----- C:\sqmdata06.sqm
2008-02-04 19:58 . 2008-02-04 19:58 244 --ah----- C:\sqmnoopt05.sqm
2008-02-04 19:58 . 2008-02-04 19:58 244 --ah----- C:\sqmnoopt04.sqm
2008-02-04 19:58 . 2008-02-04 19:58 232 --ah----- C:\sqmdata05.sqm
2008-02-04 19:58 . 2008-02-04 19:58 232 --ah----- C:\sqmdata04.sqm
2008-01-28 19:22 . 2008-01-28 19:22 <DIR> d-------- C:\Program Files\Common Files\snpstd3
2008-01-28 19:22 . 2005-04-14 17:23 472,960 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys
2008-01-28 19:22 . 2005-01-14 11:00 339,968 --a------ C:\WINDOWS\vsnpstd3.exe
2008-01-28 19:22 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd3.dll
2008-01-28 19:22 . 2005-02-01 13:45 57,344 --a------ C:\WINDOWS\system32\rsnpstd3.dll
2008-01-28 19:22 . 2004-11-25 12:59 36,864 --a------ C:\WINDOWS\system32\vsnpstd3.dll
2008-01-28 19:22 . 2005-04-14 17:31 36,864 --a------ C:\WINDOWS\system32\dsnpstd3.ax
2008-01-28 19:22 . 2004-12-08 18:40 20,480 --a------ C:\WINDOWS\usnpstd3.exe
2008-01-28 19:22 . 2004-02-27 17:36 15,498 --a------ C:\WINDOWS\snpstd3.ini
2008-01-28 19:22 . 2004-02-27 17:36 13,023 --a------ C:\WINDOWS\snpstd3.src
2008-01-28 19:21 . 2008-01-28 19:21 <DIR> d-------- C:\Program Files\camtool
2008-01-27 22:28 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-01-27 22:27 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-27 22:26 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-27 22:25 . 2001-08-17 14:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-01-27 22:24 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-27 22:23 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-01-27 22:22 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-27 22:21 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-27 22:20 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-27 22:19 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-27 22:18 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-01-27 22:17 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-27 22:16 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-01-27 22:15 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-27 22:14 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-01-27 22:13 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-27 22:12 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-01-27 22:11 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-01-27 22:10 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-01-27 22:09 . 2001-08-17 13:28 907,456 --a--c--- C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-01-27 22:08 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-27 22:07 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-01-27 22:06 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-27 22:05 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-27 22:04 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-27 22:03 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-01-27 22:02 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-01-26 10:07 . 2008-01-26 10:08 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-26 10:07 . 2008-01-26 10:07 <DIR> d-------- C:\Documents and Settings\vitor\Application Data\TuneUp Software
2008-01-26 10:07 . 2008-01-26 10:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-01-26 10:07 . 2008-01-26 10:07 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-26 10:07 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-24 23:04 . 2008-01-25 11:06 <DIR> d-------- C:\Documents and Settings\vitor\Application Data\Likno
2008-01-24 23:03 . 2008-01-25 11:01 <DIR> d-------- C:\Program Files\AllWebMenus5
2008-01-24 23:03 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-01-24 23:03 . 2003-05-30 09:58 244,232 --a------ C:\WINDOWS\system32\MsFlxGrd.ocx
2008-01-24 23:03 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\RichTx32.ocx
2008-01-24 23:03 . 2004-03-09 00:00 152,848 --------- C:\WINDOWS\system32\COMDLG32.OCX
2008-01-24 23:03 . 1998-06-18 00:00 49,152 --a------ C:\WINDOWS\system32\MSCDRUN.DLL
2008-01-24 22:11 . 2008-01-24 22:11 <DIR> d-------- C:\Documents and Settings\vitor\DoctorWeb
2008-01-21 19:17 . 2008-01-21 19:19 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 19:17 . 2008-01-21 19:19 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-20 18:02 . 2008-01-20 18:02 0 --a------ C:\WINDOWS\system32\yahoo
2008-01-19 15:22 . 2008-01-21 13:42 29,548 --a------ C:\WINDOWS\bom____0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 15:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-02-15 14:04 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-15 13:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\pdf995
2008-02-11 08:16 --------- d-----w C:\Program Files\Google
2008-02-09 19:14 --------- d-----w C:\Documents and Settings\vitor\Application Data\ZoomBrowser EX
2008-02-03 14:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ZoomBrowser
2008-01-26 10:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 17:15 --------- d-----w C:\Documents and Settings\vitor\Application Data\12Pay
2008-01-24 19:47 --------- d-----w C:\Program Files\MSN Messenger
2008-01-16 22:10 --------- d-----w C:\Program Files\12Pay Payroll
2008-01-13 21:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-19 20:15 --------- d-----w C:\Program Files\feedbackanalyzer
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-16 15:43 --------- d-----w C:\Program Files\backups
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-09-28 21:40 897 ----a-w C:\Program Files\Google Updater.lnk
2007-09-28 21:40 882,784 ----a-w C:\Program Files\Google Updater.exe
2006-11-12 18:29 7,363,784 ----a-w C:\Program Files\INSTALL_MSN_MESSENGER_DL.EXE
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-08-14 02:22 7,803 ----a-w C:\Program Files\55mm_uninstal.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0661233-42D4-F7F1-80E1-8A9E0E99E71D}]
2007-12-30 20:48 1019904 --a------ C:\Program Files\BrowsingTool\BrowsingTool-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06 1318912]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 11:02 68856]
"InternetCalls"="C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" [2007-04-18 14:49 7116352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 17:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-01-14 11:00 339968]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
camtool.lnk - C:\Program Files\camtool\VideoMonitor\CamTool.exe [2008-01-28 19:21:38 94208]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\Netgear\WG111v2 Configuration Utility\RtlWake.exe [2007-09-05 15:13:50 745472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 10:43]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-16 10:39]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-26 10:07]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 17:17:25 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-15 16:49:33 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 17:06:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 17:07:35
ComboFix-quarantined-files.txt 2008-02-15 17:07:21
ComboFix2.txt 2008-01-21 22:19:17
ComboFix3.txt 2008-01-20 10:39:19
.
2008-02-14 00:53:34 --- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 17:42:11, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe
C:\Program Files\camtool\VideoMonitor\CamTool.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Netgear\WG111v2 Configuration Utility\RtlWake.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: BrowsingTool - {D0661233-42D4-F7F1-80E1-8A9E0E99E71D} - C:\Program Files\BrowsingTool\BrowsingTool-2.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: camtool.lnk = C:\Program Files\camtool\VideoMonitor\CamTool.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\Netgear\WG111v2 Configuration Utility\RtlWake.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1192715544437
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
  • 0

Advertisements

#2
natcguerreiro
Posted 21 February 2008 - 03:13 PM

natcguerreiro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
hello,

Can anyone help.

Thanks
Nat
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP