Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Had a worm.win32.netsky infection. SmitFraud Fix helped but computer s

Started by chili fries , Mar 21 2008 05:50 PM

  • Please log in to reply

#1
chili fries
Posted 21 March 2008 - 05:50 PM

chili fries

    Member

  • Member
  • PipPip
  • 36 posts
Hi,

I got an infection downloading a bad ActiveX control. My computer was crippled, my background was changed to an ad for www.softwarereferral.com and a click anywhere on my background would open an internet explorer page, which was directed to softwarereferral.com. I used Smitfraudfix which got my computer back working, but things are still weird. When I use different anti-spyware/virus scans strange infections still turn up.

When I first got infected it messed up my Google Toolbar in Internet Explorer. A button was added to the toolbar, I think the first few letters of the button were engv, or something close to that. The odd thing is that I'm unable to remove the Google Toolbar in my Add/Remove programs list. When I hit the remove program button, the computer's screen flashes and nothing else happens. The Google Toolbar won't uninstall.


Here is my Hijackthis log. Thank you very much for the work you do in this forum and any help you can offer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:04 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 82.232.138.113:2565
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Spy Watcher] "C:\Program Files\Spy Cleaner Gold\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-872512348-4126567084-1637235535-1014\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.mrw.inter...er/tdserver.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://212.162.68.21...t02/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://75.160.96.110.../SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://63.116.179.15/kxhcm10.ocx
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://www.bartanet....RtspVaPgDec.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://scaad.dnsalia...layerWeb11g.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay11...es/MsnPUpld.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.co...amPlayerOCX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...erPlugin.cab?s6
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145674834444
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://stockholm.gru...activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://soen.miemasu.net/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://66.91.157.140...sCamControl.cab
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://sligachanhote...MJPEGRender.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} (XVideoShow Control) - http://twcam.www.gov.../xVideoShow.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com...in/h263ctrl.cab
O16 - DPF: {C7DEAFF2-1DEB-4647-9631-43C09BB8CEC6} (DVSTools Control) - http://twcam.www.gov...cx/DVSTools.cab
O16 - DPF: {CDEC3246-F5F1-41CE-87B2-C74E81FC1A39} (RAS_Watch Control) - http://www.le-perc.c...ai/RasWatch.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.jupit...activex/AMC.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 8167 bytes
  • 0

Advertisements

#2
chili fries
Posted 21 March 2008 - 06:21 PM

chili fries

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here is my combofix log:

ComboFix 08-03-21.1 - Jim 2008-03-21 19:00:05.1 - NTFSx86

Running from: C:\Documents and Settings\Jim\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\1DB2F454DB.dll
C:\WINDOWS\system32\962F639A03.dll
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\EA092A370D.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-21 18:58 . 2008-03-21 18:58 3,631 --a------ C:\D3.tmp
2008-03-21 18:56 . 2008-03-21 18:56 3,631 --a------ C:\D2.tmp
2008-03-21 18:16 . 2008-03-21 18:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-21 09:51 . 2008-03-21 11:00 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-21 09:51 . 2008-03-21 11:00 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-21 09:51 . 2008-03-21 11:00 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-03-21 09:50 . 2008-03-21 12:17 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-21 07:23 . 2008-03-21 11:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-21 07:23 . 2008-03-21 07:23 <DIR> d-------- C:\Documents and Settings\Jim\Application Data\SUPERAntiSpyware.com
2008-03-21 07:23 . 2008-03-21 07:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-21 07:22 . 2008-03-21 07:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 12:12 . 2008-03-15 12:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-12 07:06 . 2008-03-12 07:08 <DIR> d-------- C:\Program Files\iTunes
2008-03-12 06:58 . 2008-03-14 12:12 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2008-03-12 06:56 . 2008-03-12 06:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-08 21:35 . 2008-03-08 21:35 26 --a------ C:\WINDOWS\dvdSanta.INI
2008-03-04 15:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-03-04 15:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-03-04 15:32 . 2008-03-02 00:12 86,016 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-03-04 15:32 . 2008-03-01 00:48 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-03-04 15:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-03-04 15:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-03-04 15:32 . 2008-03-04 15:58 616 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-03-03 17:25 . 2008-03-03 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-03 11:26 . 2008-03-03 11:26 <DIR> d-------- C:\Documents and Settings\Charles\Application Data\Uniblue
2008-03-03 01:19 . 2008-03-04 00:25 <DIR> d-------- C:\Documents and Settings\Charles\Application Data\AVG7
2008-03-03 01:11 . 2008-03-03 01:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-03 01:11 . 2008-03-21 06:30 <DIR> d-------- C:\Documents and Settings\Jim\Application Data\AVG7
2008-03-03 01:10 . 2008-03-03 01:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-03 01:10 . 2008-03-03 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-01 20:16 . 2008-03-21 19:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 20:16 . 2007-12-10 15:53 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-03-01 20:16 . 2007-12-10 15:53 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-03-01 20:16 . 2008-02-01 13:55 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-03-01 20:16 . 2007-12-10 15:53 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-02-28 12:37 . 2008-03-13 07:15 137 --a------ C:\WINDOWS\cdplayer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 23:57 --------- d-----w C:\Documents and Settings\Jim\Application Data\uTorrent
2008-03-21 19:28 --------- d-----w C:\Program Files\Spy Cleaner Gold
2008-03-21 16:52 --------- d-----w C:\Program Files\utorrent
2008-03-21 16:52 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-21 16:50 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-21 16:43 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-03-12 12:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-12 11:08 --------- d-----w C:\Program Files\Soulseek
2008-03-09 02:34 --------- d-----w C:\Program Files\dvdSanta
2008-03-09 02:23 --------- d-----w C:\Program Files\SopCast
2008-03-04 19:00 --------- d-----w C:\Program Files\Google
2008-03-02 02:28 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-21 06:24 --------- d-----w C:\Program Files\pd
2008-02-07 05:57 --------- d-----w C:\Program Files\Free Audio Pack
2003-02-18 15:17 207,759 -c--a-w C:\Program Files\INSTALL.LOG
1779-07-03 22:44 4,263 --sh--w C:\WINDOWS\windllreg1c.sys
.

------- Sigcheck -------

2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SYSTEM32\svchost.exe

2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SYSTEM32\ws2_32.dll

2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SYSTEM32\winlogon.exe

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SYSTEM32\DLLCACHE\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spy Watcher"="C:\Program Files\Spy Cleaner Gold\SpyWatcher.exe" [2005-04-07 04:18 557056]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-03 01:10 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\pd\\bin\\pd.exe"=
"C:\\Documents and Settings\\Jim\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:vongo2
"80:UDP"= 80:UDP:vongo


.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 08:19:46 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 19:10:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
.
**************************************************************************
.
Completion time: 2008-03-21 19:20:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-22 00:20:19
.
2008-02-15 14:10:42 --- E O F ---
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP