Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » [Resolved] Malware all over my computer. HJT logs Pls help.

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

[Resolved] Malware all over my computer. HJT logs Pls help.

Reply
Page 1 of 4 1 234
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 03-10-2009, 09:10 AM
Valued Member
New Recruit
  
Join Date: Sep 2004
Posts: 108
FreakY Is a beginner here at D-A-L
[Resolved] Malware all over my computer. HJT logs Pls help.
Hey guys. First of all, thanks for taking the time to read this.

Problem is, my (my dad's) computer got infected by several malware.
-The computer's been running slow and takes a long time to boot (getting rid of malware is my priority, we could workout this in depth later).
-When i started firefox it opened the homepage as well as another website classified as "unsafe", I had the Avast antivirus but it wasn't updated because my license ran out.
-So I downloaded AVG free edition and I did a full scan in Safe Mode, it found some viruses.
-After that, I restarted and I did a Spybot S&D scan and "I fixed all the problems found".
-Later, I left safe mode and I started my Windows XP in <normal mode>.
-I realized that I couldn't get my Wireless to work (didn't try ethernet though because I didn't had a cable at that time). I restarted in safe mode with Networking and I couldn't get the wireless to work.

-Then I had to use System Restore to get it working again. I'm afraid the viruses/spyware (malware) are still here...


I hope this HijackThis scan log will help. I also added the "uninstall list" log from HijackThis.

Thanks in advance.
-FreakY

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:57 AM, on 10/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\DOCUME~1\Menendez\LOCALS~1\Temp\RtkBtMnt.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Docum ents and Settings\Menendez\qmtwvh.exe \s
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\iexplorer72.exe
O4 - HKLM\..\Run: [Window Proxy Service] C:\WINDOWS\System32\winpsvc.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\system32\firewall.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [13CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0950\vsse33.exe
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\Menendez\restorer32_a.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\iexplorer72.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - spyware blocker all for auto at browsergate.com (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - spyware blocker all for auto at browsergate.com (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - C:\WINDOWS\system32\xskmoqx.dll (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows Server IP Verification Service (LSIVS) - Unknown owner - C:\WINDOWS\system32\lsivs.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6663 bytes

=====================
=====================
=====================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Apple Software Update
Ask Toolbar
Bonjour
Broadcom 802.11 Network Adapter
Combined Community Codec Pack 2008-01-24
Critical Update for Windows Media Player 11 (KB959772)
Flickr Uploadr 3.1.3
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Internet Service
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mozilla Firefox (3.0.14)
MSXML 6 Service Pack 2 (KB954459)
Nero Suite
PowerDVD
QuickTime
Realtek AC'97 Audio
RemoveIT Pro v4 - SE
Secure Browsing
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SiS VGA Utilities
SiSAGP driver
Skype™ 3.8
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6e
Web Application
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 04-10-2009, 12:13 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,268
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Malware all over my computer. HJT logs Pls help.
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    NOTE. If Combofix asks you to install Recovery Console, please allow it.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 06-10-2009, 03:12 AM
Valued Member
New Recruit
  
Join Date: Sep 2004
Posts: 108
FreakY Is a beginner here at D-A-L
re: [Resolved] Malware all over my computer. HJT logs Pls help.
Hello Broni, thanks for replying and sorry for the delayed response.

I followed the steps but the internet didn't work so I did a system restore. Though, here's the HJT and Combofix logs before the system restore. In the end of this post I added a HJT log after the system restore (just in case it's useful).

COMBOFIX

ComboFix 09-10-04.01 - Menendez 10/05/2009 17:31.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190.81 [GMT -8:00]
Running from: c:\documents and settings\Menendez\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Menendez\Application Data\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\Menendez\Application Data\Microsoft\Clip Organizer\Offic10.MGC
c:\documents and settings\Menendez\oashdihasidhasuidhiasdhiashdiuas dhasd
c:\documents and settings\Menendez\Start Menu\Programs\AntiSpywareShield
c:\documents and settings\Menendez\Start Menu\Programs\AntiSpywareShield\AntiSpywareShield. lnk
c:\documents and settings\Menendez\Start Menu\Programs\AntiSpywareShield\Uninstall.lnk
c:\program files\AntiSpywareShield
c:\program files\AntiSpywareShield\AntiSpywareShield.lic
c:\program files\AntiSpywareShield\AntiSpywareShield1.ad
c:\program files\AntiSpywareShield\Uninstall.exe
c:\program files\VirusHeat 4.3
c:\program files\VirusHeat 4.3\vpp.ini
c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851
c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0950
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-3924760050-5479214402-049354625-1441
c:\recycler\S-1-5-21-5335840985-9248784781-353337287-2592
c:\recycler\S-1-5-21-5412976693-2312741135-626942539-3767
c:\recycler\S-1-5-21-5850021785-8784855588-571017503-6119
c:\recycler\S-1-5-21-6054712288-9262315425-357839721-3232
c:\recycler\S-1-5-21-6054712288-9262315425-357839721-3232\Desktop.ini
c:\recycler\S-1-5-21-6054712288-9262315425-357839721-3232\mwau.exe
c:\recycler\S-1-5-21-7244758626-3278823189-634519906-3965
c:\recycler\S-1-5-21-790525478-1897051121-682003330-1001
c:\recycler\S-1-5-21-8738800444-6979139400-148606359-3769
c:\recycler\S-1-5-21-9177887857-7661164564-498233425-5652
c:\windows\hosts
c:\windows\iexplorer7.exe
c:\windows\Installer\206071c.msi
c:\windows\Installer\2060720.msi
c:\windows\Installer\b33eb.msi
c:\windows\system32\msvcrt2.dll
c:\windows\system32\secupdat.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BNDMSS
-------\Legacy_LSIVS
-------\Service_LSIVS
-------\Service_Passthru


((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-02 05:40 . 2009-10-02 05:40 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-02 05:37 . 2009-10-02 05:37 -------- d-----w- c:\documents and settings\Menendez\Application Data\AVG7
2009-10-02 05:37 . 2009-10-02 05:37 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVG7
2009-10-02 05:37 . 2009-10-02 05:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg7
2009-10-02 05:36 . 2009-10-02 05:36 -------- d-----w- c:\program files\AskSBar
2009-10-01 03:34 . 2009-10-01 04:05 -------- d-----w- C:\$AVG8.VAULT$
2009-10-01 02:34 . 2009-10-01 02:34 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-10-01 02:34 . 2009-10-02 05:37 -------- d-----w- c:\program files\AVG(2)
2009-10-01 02:34 . 2009-10-02 05:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)
2009-10-01 02:17 . 2009-10-01 02:17 -------- d-----w- C:\AVGTemp
2009-10-01 00:58 . 2009-10-01 00:58 -------- d-----w- c:\documents and settings\Menendez\Application Data\AVG8
2009-10-01 00:32 . 2009-10-01 00:32 67072 ----a-w- c:\windows\system32\mbciae.exe
2009-10-01 00:16 . 2009-10-01 00:16 -------- d-----w- c:\documents and settings\Menendez\Application Data\Panda Security
2009-10-01 00:09 . 2009-10-01 00:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Panda Security
2009-09-30 23:46 . 2009-09-30 23:46 67072 ----a-w- c:\windows\system32\dsof.exe
2009-09-30 06:13 . 2009-09-30 06:13 67072 ----a-w- c:\windows\system32\mdgvrr.exe
2009-09-30 05:40 . 2009-09-30 05:40 67072 ----a-w- c:\windows\system32\dsibm.exe
2009-09-29 22:53 . 2009-09-29 22:53 67072 ----a-w- c:\windows\system32\jwxrmta.exe
2009-09-27 17:03 . 2009-09-27 17:03 -------- d-----w- c:\documents and settings\Menendez\Local Settings\Application Data\PCHealth
2009-09-26 18:33 . 2009-09-26 21:07 140288 ----a-w- C:\up2.exe
2009-09-26 03:29 . 2009-09-26 03:29 -------- d-----w- C:\834633b4e8885c17f623e4b8
2009-09-26 03:28 . 2009-09-26 03:29 -------- d-----w- C:\d4ed617d8788bf68ce70a613ea
2009-09-21 22:33 . 2009-09-21 22:33 33440 ----a-w- c:\windows\system32\drivers\dobelbez.sys
2009-09-21 22:20 . 2009-09-21 22:20 33440 ----a-w- c:\windows\system32\drivers\hwvkknrf.sys
2009-09-21 22:16 . 2009-09-21 22:17 -------- d-----w- C:\68e627b4e9040d007e
2009-09-21 22:15 . 2009-09-21 22:16 -------- d-----w- C:\4cfd8036aa8d22e57950ff43bd
2009-09-21 22:13 . 2009-09-21 22:13 12288 ---ha-w- c:\documents and settings\Menendez\qmtwvh.exe
2009-09-21 22:13 . 2009-09-21 22:13 50944 ----a-w- c:\windows\system32\drivers\ndisvvan.sys
2009-09-19 17:23 . 2009-09-19 17:24 -------- d-----w- C:\c24c7f79fbe67519e653d0
2009-09-19 17:23 . 2009-09-19 17:23 -------- d-----w- C:\0da9e216b2d6b7837f15cc0c9c7c

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-02 05:36 . 2008-03-03 08:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-02 05:36 . 2008-03-03 08:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-09-01 03:42 . 2008-02-03 20:30 85496 ----a-w- c:\documents and settings\Menendez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 09:55 . 2008-08-17 01:10 -------- d-----w- c:\documents and settings\Menendez\Application Data\Skype
2009-08-23 09:44 . 2008-08-17 01:13 -------- d-----w- c:\documents and settings\Menendez\Application Data\skypePM
2009-08-15 04:07 . 2009-08-15 04:07 -------- d-----w- c:\program files\MSBuild
2009-08-15 04:07 . 2009-08-15 04:07 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 03:57 . 2009-08-15 03:57 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 07:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-03-04 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-03-04 06:25 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-01 577536]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-02-25 49152]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-2-1 331776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\dobelbez.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"poxy4.exe"= poxy4.exe:LSIVS
"skp66.exe"= skp66.exe:BNDMSS
"ud32.exe"= ud32.exe:BNDMSS
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\jwxrmta.exe"=
"c:\\WINDOWS\\system32\\dsibm.exe"=
"c:\\WINDOWS\\system32\\mdgvrr.exe"=
"c:\\WINDOWS\\system32\\dsof.exe"=

R0 dobelbez;dobelbez;c:\windows\system32\drivers\dobe lbez.sys [9/21/2009 2:33 PM 33440]
S3 hwvkknrf;hwvkknrf;c:\windows\system32\drivers\hwvk knrf.sys [9/21/2009 2:20 PM 33440]
.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Menendez\Application Data\Mozilla\Firefox\Profiles\94wlakj8.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-restorer32_a - c:\documents and settings\Menendez\restorer32_a.exe
HKLM-Run-Microsoft Driver Setup - c:\windows\iexplorer72.exe
HKLM-Run-Window Proxy Service - c:\windows\System32\winpsvc.exe
HKLM-Run-restorer32_a - c:\windows\system32\restorer32_a.exe
HKLM-Run-Windows Network Firewall - c:\windows\system32\firewall.exe
HKLM-Run-Microsoft(R) System Manager - c:\windows\system32\sysmgr.exe
AddRemove-Secure Browsing - c:\program files\NetProject\sbun.exe
AddRemove-Web Application - c:\program files\NetProject\waun.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-05 17:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED6077 9-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):79,2d,fb,6b,6a,0e,84,28,12,31,aa,5 8,77,57,e3,fc,64,07,dd,fd,e7,
cb,f7,38,f0,ab,59,b1,90,f4,1b,61,a9,4f,bc,c7,25,2b ,9c,29,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f9259ea 1-4baa-40fe-a6be-5331616f9785}]
@Denied: (Full) (Everyone)
"Model"=dword:00000070
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5 ,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe ,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(332)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WLTRAY.EXE
c:\windows\system32\rundll32.exe
c:\docume~1\Menendez\LOCALS~1\temp\RtkBtMnt.EXE
.
************************************************** ************************
.
Completion time: 2009-10-06 17:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-06 01:52

Pre-Run: 7,742,382,080 bytes free
Post-Run: 8,917,037,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

227 --- E O F --- 2009-10-05 20:36


HJT (AFTER COMBOFIX, BEFORE SYSTEM RESTORE)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:46 PM, on 10/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\DOCUME~1\Menendez\LOCALS~1\Temp\RtkBtMnt.EXE
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5042 bytes


HJT (AFTER COMBOFIX, AFTER SYSTEM RESTORE)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:36 PM, on 10/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\keyhook.exe
C:\DOCUME~1\Menendez\LOCALS~1\Temp\RtkBtMnt.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Docum ents and Settings\Menendez\qmtwvh.exe \s
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\iexplorer72.exe
O4 - HKLM\..\Run: [Window Proxy Service] C:\WINDOWS\System32\winpsvc.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\system32\firewall.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [13CFG914-K641-26SF-N31P] C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0950\vsse33.exe
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\Menendez\restorer32_a.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\iexplorer72.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - spyware blocker pussy all for at browsergate.com (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - spyware blocker pussy all for at browsergate.com (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - C:\WINDOWS\system32\xskmoqx.dll (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Windows Server IP Verification Service (LSIVS) - Unknown owner - C:\WINDOWS\system32\lsivs.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6702 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 06-10-2009, 03:23 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,268
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Malware all over my computer. HJT logs Pls help.
Quote:
Though, here's the HJT and Combofix logs before the system restore
This won't do.
I need you to re-run Combofix and HJT.
DO NOT make any other changes.
By using system restore, we'll be going back and forth.
Whatever Combofix removes, it'll be back by using system restore.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 06-10-2009, 04:24 AM
Valued Member
New Recruit
  
Join Date: Sep 2004
Posts: 108
FreakY Is a beginner here at D-A-L
re: [Resolved] Malware all over my computer. HJT logs Pls help.
Quote:
Originally Posted by broni View Post
then restart your computer to restore back your connection.
I'm so sorry, I got your message wrong. I thought that you meant: if there's no internet conection, restore (system restore). I'll run Combofix right away.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 06-10-2009, 05:52 AM
Valued Member
New Recruit
  
Join Date: Sep 2004
Posts: 108
FreakY Is a beginner here at D-A-L
re: [Resolved] Malware all over my computer. HJT logs Pls help.
I scanned with Combofix again, restarted a couple of times but i couldnt connect to the internet though my wireless adapter was working fine.

Tomorrow ill have access to another computer with internet so ill send the logs through that computer and see what we can do. Thx.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 06-10-2009, 05:58 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,268
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Malware all over my computer. HJT logs Pls help.
That's a good idea, so I can see what was removed.
I'd also like you to see, if you can connect when hard-wired.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 06-10-2009, 11:07 PM
Valued Member
New Recruit
  
Join Date: Sep 2004
Posts: 108
FreakY Is a beginner here at D-A-L
re: [Resolved] Malware all over my computer. HJT logs Pls help.
Here they are.

ComboFix 09-10-05.01 - Menendez 10/06/2009 13:43.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190.11 [GMT -8:00]
Running from: c:\documents and settings\Menendez\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Menendez\Start Menu\Programs\AntiSpywareShield
c:\documents and settings\Menendez\Start Menu\Programs\AntiSpywareShield\AntiSpywareShield. lnk
c:\documents and settings\Menendez\Start Menu\Programs\AntiSpywareShield\Uninstall.lnk
c:\program files\AntiSpywareShield
c:\program files\AntiSpywareShield\AntiSpywareShield.lic
c:\program files\AntiSpywareShield\Uninstall.exe
c:\program files\VirusHeat 4.3
c:\program files\VirusHeat 4.3\vpp.ini
c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851
c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0950
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-3924760050-5479214402-049354625-1441
c:\recycler\S-1-5-21-5335840985-9248784781-353337287-2592
c:\recycler\S-1-5-21-5412976693-2312741135-626942539-3767
c:\recycler\S-1-5-21-5850021785-8784855588-571017503-6119
c:\recycler\S-1-5-21-6054712288-9262315425-357839721-3232
c:\recycler\S-1-5-21-6054712288-9262315425-357839721-3232\Desktop.ini
c:\recycler\S-1-5-21-6054712288-9262315425-357839721-3232\mwau.exe
c:\recycler\S-1-5-21-7244758626-3278823189-634519906-3965
c:\recycler\S-1-5-21-790525478-1897051121-682003330-1001
c:\recycler\S-1-5-21-8738800444-6979139400-148606359-3769
c:\recycler\S-1-5-21-9177887857-7661164564-498233425-5652
c:\windows\iexplorer7.exe
c:\windows\Installer\206071c.msi
c:\windows\Installer\2060720.msi
c:\windows\Installer\b33eb.msi
c:\windows\system32\msvcrt2.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BNDMSS
-------\Legacy_LSIVS
-------\Service_LSIVS
-------\Service_Passthru


((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-06 04:47 . 2009-10-06 04:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-06 04:01 . 2009-10-06 04:46 -------- d-----w- C:\cmdcons(2)
2009-10-02 05:37 . 2009-10-02 05:37 -------- d-----w- c:\documents and settings\Menendez\Application Data\AVG7
2009-10-02 05:37 . 2009-10-02 05:37 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVG7
2009-10-02 05:37 . 2009-10-02 05:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg7
2009-10-02 05:36 . 2009-10-02 05:36 -------- d-----w- c:\program files\AskSBar
2009-10-01 03:34 . 2009-10-01 04:05 -------- d-----w- C:\$AVG8.VAULT$
2009-10-01 02:34 . 2009-10-01 02:34 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-10-01 02:34 . 2009-10-02 05:37 -------- d-----w- c:\program files\AVG(2)
2009-10-01 02:34 . 2009-10-02 05:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)
2009-10-01 02:17 . 2009-10-01 02:17 -------- d-----w- C:\AVGTemp
2009-10-01 00:58 . 2009-10-01 00:58 -------- d-----w- c:\documents and settings\Menendez\Application Data\AVG8
2009-10-01 00:32 . 2009-10-01 00:32 67072 ----a-w- c:\windows\system32\mbciae.exe
2009-10-01 00:16 . 2009-10-01 00:16 -------- d-----w- c:\documents and settings\Menendez\Application Data\Panda Security
2009-10-01 00:09 . 2009-10-01 00:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Panda Security
2009-09-30 23:46 . 2009-09-30 23:46 67072 ----a-w- c:\windows\system32\dsof.exe
2009-09-30 06:13 . 2009-09-30 06:13 67072 ----a-w- c:\windows\system32\mdgvrr.exe
2009-09-30 05:40 . 2009-09-30 05:40 67072 ----a-w- c:\windows\system32\dsibm.exe
2009-09-29 22:53 . 2009-09-29 22:53 67072 ----a-w- c:\windows\system32\jwxrmta.exe
2009-09-27 17:03 . 2009-09-27 17:03 -------- d-----w- c:\documents and settings\Menendez\Local Settings\Application Data\PCHealth
2009-09-26 18:33 . 2009-09-26 21:07 140288 ----a-w- C:\up2.exe
2009-09-26 03:29 . 2009-09-26 03:29 -------- d-----w- C:\834633b4e8885c17f623e4b8
2009-09-26 03:28 . 2009-09-26 03:29 -------- d-----w- C:\d4ed617d8788bf68ce70a613ea
2009-09-21 22:33 . 2009-09-21 22:33 33440 ----a-w- c:\windows\system32\drivers\dobelbez.sys
2009-09-21 22:20 . 2009-09-21 22:20 33440 ----a-w- c:\windows\system32\drivers\hwvkknrf.sys
2009-09-21 22:16 . 2009-09-21 22:17 -------- d-----w- C:\68e627b4e9040d007e
2009-09-21 22:15 . 2009-09-21 22:16 -------- d-----w- C:\4cfd8036aa8d22e57950ff43bd
2009-09-21 22:13 . 2009-09-21 22:13 12288 ---ha-w- c:\documents and settings\Menendez\qmtwvh.exe
2009-09-21 22:13 . 2009-09-21 22:13 50944 ----a-w- c:\windows\system32\drivers\ndisvvan.sys
2009-09-19 17:23 . 2009-09-19 17:24 -------- d-----w- C:\c24c7f79fbe67519e653d0
2009-09-19 17:23 . 2009-09-19 17:23 -------- d-----w- C:\0da9e216b2d6b7837f15cc0c9c7c

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-02 05:36 . 2008-03-03 08:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-02 05:36 . 2008-03-03 08:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-09-01 03:42 . 2008-02-03 20:30 85496 ----a-w- c:\documents and settings\Menendez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 09:55 . 2008-08-17 01:10 -------- d-----w- c:\documents and settings\Menendez\Application Data\Skype
2009-08-23 09:44 . 2008-08-17 01:13 -------- d-----w- c:\documents and settings\Menendez\Application Data\skypePM
2009-08-15 04:07 . 2009-08-15 04:07 -------- d-----w- c:\program files\MSBuild
2009-08-15 04:07 . 2009-08-15 04:07 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 03:57 . 2009-08-15 03:57 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 07:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-03-04 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-03-04 06:25 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"restorer32_a"="c:\documents and settings\Menendez\restorer32_a.exe" [BU]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"Microsoft Driver Setup"="c:\windows\iexplorer72.exe" [BU]
"Window Proxy Service"="c:\windows\System32\winpsvc.exe" [BU]
"restorer32_a"="c:\windows\system32\restorer32_a.e xe" [BU]
"Windows Network Firewall"="c:\windows\system32\firewall.exe" [BU]
"Microsoft(R) System Manager"="c:\windows\system32\sysmgr.exe" [BU]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-01 577536]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-02-25 49152]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-2-1 331776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\dobelbez.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"poxy4.exe"= poxy4.exe:LSIVS
"skp66.exe"= skp66.exe:BNDMSS
"ud32.exe"= ud32.exe:BNDMSS
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\jwxrmta.exe"=
"c:\\WINDOWS\\system32\\dsibm.exe"=
"c:\\WINDOWS\\system32\\mdgvrr.exe"=
"c:\\WINDOWS\\system32\\dsof.exe"=

R0 dobelbez;dobelbez;c:\windows\system32\drivers\dobe lbez.sys [9/21/2009 2:33 PM 33440]
S3 hwvkknrf;hwvkknrf;c:\windows\system32\drivers\hwvk knrf.sys [9/21/2009 2:20 PM 33440]
.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Menendez\Application Data\Mozilla\Firefox\Profiles\94wlakj8.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-06 13:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED6077 9-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):79,2d,fb,6b,6a,0e,84,28,12,31,aa,5 8,77,57,e3,fc,64,07,dd,fd,e7,
cb,f7,38,f0,ab,59,b1,90,f4,1b,61,a9,4f,bc,c7,25,2b ,9c,29,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f9259ea 1-4baa-40fe-a6be-5331616f9785}]
@Denied: (Full) (Everyone)
"Model"=dword:00000070
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5 ,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe ,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(328)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3044)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WLTRAY.EXE
c:\windows\system32\rundll32.exe
c:\docume~1\Menendez\LOCALS~1\temp\RtkBtMnt.EXE
.
************************************************** ************************
.
Completion time: 2009-10-06 14:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-06 22:04
ComboFix2.txt 2009-10-06 01:53

Pre-Run: 8,572,358,656 bytes free
Post-Run: 8,503,181,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

220 --- E O F --- 2009-10-03 08:15

=======================================
=======================================

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:19 PM, on 10/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\DOCUME~1\Menendez\LOCALS~1\Temp\RtkBtMnt.EXE
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\iexplorer72.exe
O4 - HKLM\..\Run: [Window Proxy Service] C:\WINDOWS\System32\winpsvc.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\system32\firewall.exe
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\Menendez\restorer32_a.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5470 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 06-10-2009, 11:12 PM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,268
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Malware all over my computer. HJT logs Pls help.
Before we do anything...is the wireless gone again after running Combofix?
How about wired connection?
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 06-10-2009, 11:47 PM
Valued Member
New Recruit
  
Join Date: Sep 2004
Posts: 108
FreakY Is a beginner here at D-A-L
re: [Resolved] Malware all over my computer. HJT logs Pls help.
Sorry I didn't reported that.

Negative, neither wireless nor wired connections will connect to the internet.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 4 1 234

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Resolved] Malware in my AV! xero Spyware, Adware, Viruses and HijackThis Logs 23 18-08-2009 12:52 AM
*hjt logs =/*(RESOLVED) k-sparky-k Spyware, Adware, Viruses and HijackThis Logs 21 26-11-2007 07:34 PM
weird computer issue - hijack this logs (RESOLVED) csmaster2005 Spyware, Adware, Viruses and HijackThis Logs 10 24-05-2006 10:25 PM
My logs - something wrong (RESOLVED) k-sparky-k Spyware, Adware, Viruses and HijackThis Logs 21 18-03-2006 01:18 PM
Hijack this logs (Resolved) ifish2good Spyware, Adware, Viruses and HijackThis Logs 14 21-08-2004 03:48 PM


All times are GMT +1. The time now is 12:58 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav