Jump to content

malwarebytes found some virus


ajp

Recommended Posts

Hi, in the first scan i did with malwarebytes it found malware.

Here's the log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Versão da base de dados: 7589

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

28-08-2011 12:48:18

mbam-log-2011-08-28 (12-48-18).txt

Tipo de pesquisa: Completa (C:\|)

Objectos verificados: 387726

Tempo decorrido: 3 hora(s), 8 minuto(s), 14 segundo(s)

Processos de memória infectados: 0

módulos de Memória infectados: 0

Chaves do Registo Infectadas: 3

Valores do Registo infectados: 0

Itens de dados do Registo Infectados: 0

Pastas Infectadas: 0

Ficheiros Infectados: 2

Processos de memória infectados:

(Nenhum item malicioso detectado)

módulos de Memória infectados:

(Nenhum item malicioso detectado)

Chaves do Registo Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (PUP.Casino) -> Not selected for removal.

HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\seneka (Malware.Trace) -> Quarantined and deleted successfully.

Valores do Registo infectados:

(Nenhum item malicioso detectado)

Itens de dados do Registo Infectados:

(Nenhum item malicioso detectado)

Pastas Infectadas:

(Nenhum item malicioso detectado)

Ficheiros Infectados:

c:\documents and settings\André\definições locais\Temp\v766qeuk.tmp\titanpsetup_bff1f9.exe (PUP.Casino) -> Not selected for removal.

c:\Poker\titan poker\_titanpsetup_bff1f9.exe (PUP.Casino) -> Not selected for removal.

How bad is this?

I had some virus problems a year and half ago.

Everytime i started the computer, there was a black box that appeared everytime, it executed msupdte.exe ...

I thought it was ok, so i didn't paid too much attention to it, but one day I googled it, and realized it was virus, so i deleted it as well as the registry key that was associated with it...

I don't know if this now can be related to that.

I had Avast 4.8, but now that I realized that it was out of date, I started to use avast 6 free, don't know if it's good enough?

Is MSE better?

I also have Ad-Aware with Ad-watch live simultaneously. can it create conflict with avast?

Thanks in advance

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7827

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

29-09-2011 14:03:43

mbam-log-2011-09-29 (14-03-43).txt

Scan type: Quick scan

Objects scanned: 215440

Time elapsed: 11 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27

Run by André at 14:15:53 on 2011-09-29

Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2047.1019 [GMT 1:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Programas\Lavasoft\Ad-Aware\AAWService.exe

C:\Programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\Programas\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\vVX1000.exe

C:\Programas\ASUS\AI Suite\AiNap\AiNap.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe

C:\Programas\iTunes\iTunesHelper.exe

C:\Programas\AVAST Software\Avast\avastUI.exe

C:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programas\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Creative\MediaSource\Detector\CTDetect.exe

C:\Programas\Gigabyte\Gigabyte GN-WBKG Wireless USB Adapter\Installer\WINXP\GNConfig.exe

C:\Programas\ASUS\AASP\1.00.59\aaCenter.exe

C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Programas\Logitech\SetPoint\SetPoint.exe

C:\PROGRA~1\Magentic\bin\MgApp.exe

C:\Programas\McAfee Security Scan\2.0.189\SSScheduler.exe

C:\Programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Programas\Ficheiros comuns\Logitech\KHAL\KHALMNPR.EXE

C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Programas\Azureus\Azureus.exe

C:\Programas\Google\Chrome\Application\chrome.exe

C:\Programas\Google\Chrome\Application\chrome.exe

C:\Programas\Google\Chrome\Application\chrome.exe

C:\Programas\Google\Chrome\Application\chrome.exe

C:\Programas\Google\Chrome\Application\chrome.exe

C:\Programas\Google\Chrome\Application\chrome.exe

C:\Programas\Google\Chrome\Application\chrome.exe

C:\Programas\Google\Chrome\Application\chrome.exe

C:\Programas\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\André\Ambiente de trabalho\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.pt/

uSearch Page = hxxp://search.live.com

uInternet Settings,ProxyOverride = local;*.local

mSearchAssistant = hxxp://search.live.com/sphome.aspx

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programas\avast software\avast\aswWebRepIE.dll

BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programas\windows live\toolbar\wltcore.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programas\avast software\avast\aswWebRepIE.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [LDM] c:\programas\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

uRun: [DAEMON Tools] "c:\programas\daemon tools\daemon.exe" -lang 1033

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Creative Detector] c:\programas\creative\mediasource\detector\CTDetect.exe /R

uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c

mRun: [soundMAXPnP] c:\programas\analog devices\core\smax4pnp.exe

mRun: [soundMAX] "c:\programas\analog devices\soundmax\Smax4.exe" /tray

mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe

mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [VX1000] c:\windows\vVX1000.exe

mRun: [Ai Nap] "c:\programas\asus\ai suite\ainap\AiNap.exe"

mRun: [CPU Power Monitor] "c:\programas\asus\ai suite\aigear3\CpuPowerMonitor.exe"

mRun: [Cpu Level Up help] c:\programas\asus\ai suite\CpuLevelUpHelp.exe

mRun: [ASUS Energy Saving] "c:\programas\asus\ai suite\energysaving\PwSave.exe"

mRun: [TkBellExe] "c:\programas\ficheiros comuns\real\update_ob\realsched.exe" -osboot

mRun: [PCSuiteTrayApplication] c:\programas\nokia\nokia pc suite 6\LaunchApplication.exe -startup

mRun: [NeroFilterCheck] c:\programas\ficheiros comuns\ahead\lib\NeroCheck.exe

mRun: [LifeCam] "c:\programas\microsoft lifecam\LifeExp.exe"

mRun: [AppleSyncNotifier] c:\programas\ficheiros comuns\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "c:\programas\ficheiros comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\programas\ficheiros comuns\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\programas\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\programas\itunes\iTunesHelper.exe"

mRun: [avast] "c:\programas\avast software\avast\avastUI.exe" /nogui

dRun: [Nokia.PCSync] c:\programas\nokia\nokia pc suite 6\PcSync2.exe /NoDialog

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\gn-wbk~1.lnk - c:\programas\gigabyte\gigabyte gn-wbkg wireless usb adapter\installer\winxp\GNConfig.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\hppsc1~1.lnk - c:\programas\hewlett-packard\digital imaging\bin\hpohmr08.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\hpoddt~1.lnk - c:\programas\hewlett-packard\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\logite~2.lnk - c:\programas\logitech\desktop messenger\8876480\program\LDMConf.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\logite~1.lnk - c:\programas\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\mcafee~1.lnk - c:\programas\mcafee security scan\2.0.189\SSScheduler.exe

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programas\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://download.autodesk.com/esd/mapguide/SP1/ENG/mgaxctrl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{A91AC0D1-68AF-408D-B6E4-94FAA62256DF} : DhcpNameServer = 192.168.1.254 192.168.1.254

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programas\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\programas\vshare\vshare_toolbar.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\andré\application data\mozilla\firefox\profiles\pdg01mf9.default\

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-18 64512]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-20 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-20 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-20 20568]

R2 avast! Antivirus;avast! Antivirus;c:\programas\avast software\avast\AvastSvc.exe [2011-9-20 44768]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-14 54752]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programas\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Programas/PostgreSQL/8.4/data" -w --> C:/Programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programas\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-5-12 33792]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9f80a462ad686;Serviço Google Update (gupdate1c9f80a462ad686);c:\programas\google\update\GoogleUpdate.exe [2009-6-28 133104]

S3 BS_DEF;BS_DEF;\??\c:\programas\asus\asusupdate\bs_def.sys --> c:\programas\asus\asusupdate\BS_DEF.sys [?]

S3 fsssvc;Serviço Segurança Familiar do Windows Live;c:\programas\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Serviço Google Update (gupdatem);c:\programas\google\update\GoogleUpdate.exe [2009-6-28 133104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programas\mcafee security scan\2.0.189\McCHSvc.exe [2010-9-2 227232]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2008-5-12 27904]

.

=============== Created Last 30 ================

.

2011-09-26 19:17:29 -------- d-----w- c:\documents and settings\andré\.swt

2011-09-23 10:32:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-20 14:42:59 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-20 14:42:39 41184 ----a-w- c:\windows\avastSS.scr

2011-09-20 14:42:21 -------- d-----w- c:\programas\AVAST Software

2011-09-20 14:42:21 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-09-18 17:48:21 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-09-18 17:48:15 -------- d-----w- c:\programas\Lavasoft

2011-09-05 17:04:56 183696 ----a-w- c:\programas\mozilla firefox\plugins\nppdf32.dll

2011-09-05 17:04:56 183696 ----a-w- c:\programas\internet explorer\plugins\nppdf32.dll

2011-09-03 10:17:21 603136 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-02 22:25:59 -------- d-----w- c:\documents and settings\andré\application data\QuickScan

2011-08-31 23:57:57 -------- d-----w- c:\windows\system32\QuickTime

2011-08-31 23:57:29 -------- d-----w- c:\programas\ficheiros comuns\TechSmith Shared

.

==================== Find3M ====================

.

2011-09-09 09:12:01 603136 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-19 04:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-19 01:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 10:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 10:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 10:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 10:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 17:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 17:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-07-01 17:46:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

.

============= FINISH: 14:24:19,65 ===============

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (Lavasoft and Avast). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

ComboFix 11-10-03.01 - André 03-10-2011 16:40:30.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2047.1416 [GMT 1:00]

Executando de: c:\documents and settings\AndrÚ\Ambiente de trabalho\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\ANDR~1\DEFINI~1\Temp\IadHide5.dll

c:\documents and settings\André\Definições locais\Temp\IadHide5.dll

c:\windows\bwUnin-7.2.0.137-8876480SL.exe

c:\windows\ehome\medctrro.exe

c:\windows\iun6002.exe

c:\windows\system32\CddbCdda.dll

c:\windows\system32\comct332.ocx

c:\windows\system32\d3d9caps.dat

c:\windows\system32\NTOSKRNL.VHCleaner

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-09-03 to 2011-10-03 ))))))))))))))))))))))))))))

.

.

2011-09-26 19:17 . 2011-09-26 19:17 -------- d-----w- c:\documents and settings\André\.swt

2011-09-23 10:32 . 2011-09-23 10:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-20 14:43 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-20 14:43 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-20 14:43 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-20 14:43 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-20 14:42 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-20 14:42 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-09-20 14:42 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-09-20 14:42 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-09-20 14:42 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr

2011-09-20 14:42 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-20 14:42 . 2011-09-20 14:42 -------- d-----w- c:\programas\AVAST Software

2011-09-20 14:42 . 2011-09-20 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\programas\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\programas\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2004-09-21 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 16:00 . 2011-08-28 01:33 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-19 04:05 . 2010-07-09 13:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-19 01:40 . 2010-07-09 13:58 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-15 13:29 . 2004-09-21 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02 . 2004-09-21 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 17:37 . 2011-07-05 17:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 17:37 . 2011-07-05 17:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2007-03-26 05:50 . 2007-03-26 05:50 3647936 ----a-w- c:\programas\mozilla firefox\plugins\MgAxCtrl.dll

2011-09-30 02:01 . 2011-06-15 19:59 134104 ----a-w- c:\programas\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\programas\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="c:\programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-22 32768]

"DAEMON Tools"="c:\programas\DAEMON Tools\daemon.exe" [2007-09-18 171464]

"Creative Detector"="c:\programas\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\programas\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]

"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]

"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"nwiz"="nwiz.exe" [2007-06-28 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]

"Ai Nap"="c:\programas\ASUS\AI Suite\AiNap\AiNap.exe" [2008-01-28 1413120]

"CPU Power Monitor"="c:\programas\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]

"Cpu Level Up help"="c:\programas\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]

"ASUS Energy Saving"="c:\programas\ASUS\AI Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2009-06-28 198160]

"PCSuiteTrayApplication"="c:\programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

"NeroFilterCheck"="c:\programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"LifeCam"="c:\programas\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]

"AppleSyncNotifier"="c:\programas\Ficheiros comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe ARM"="c:\programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\programas\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\programas\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"avast"="c:\programas\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="c:\programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\

GN-WBKG Utility.lnk - c:\programas\Gigabyte\Gigabyte GN-WBKG Wireless USB Adapter\Installer\WINXP\GNConfig.exe [2007-8-17 598016]

hp psc 1000 series.lnk - c:\programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]

hpoddt01.exe.lnk - c:\programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960]

Logitech Desktop Messenger.lnk - c:\programas\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-8-22 450560]

Logitech SetPoint.lnk - c:\programas\Logitech\SetPoint\SetPoint.exe [2007-8-22 434176]

McAfee Security Scan Plus.lnk - c:\programas\McAfee Security Scan\2.0.189\SSScheduler.exe [2010-9-2 255536]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Programas\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Programas\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Neoact\\Carom3D\\carom.exe"=

"c:\\Programas\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Programas\\KONAMI\\Pro Evolution Soccer 2009\\Pes.com.pt Liga Sagres 2009.exe"=

"c:\\Programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Programas\\SopCast\\SopCast.exe"=

"c:\\Programas\\TVAnts\\Tvants.exe"=

"c:\\Programas\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programas\\wamp\\Apache2\\bin\\httpd.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programas\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Programas\\Safari\\Safari.exe"=

"c:\\Programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

"c:\\Documents and Settings\\André\\Kitserver2010\\pes2010.exe"=

"c:\\Programas\\Ficheiros comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Programas\\iTunes\\iTunes.exe"=

"c:\\Programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Programas\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

"c:\\Programas\\eMule\\emule.exe"=

"c:\\Programas\\Magentic\\bin\\Magentic.exe"=

"c:\\Programas\\Magentic\\bin\\MgApp.exe"=

"c:\\Programas\\Azureus\\Azureus.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"5432:TCP"= 5432:TCP:*:Disabled:postgres

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18-08-2007 2:05 685816]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20-09-2011 15:42 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20-09-2011 15:43 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20-09-2011 15:43 20568]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Programas/PostgreSQL/8.4/data" -w --> C:/Programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [12-05-2008 22:57 33792]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 14:16 130384]

S2 gupdate1c9f80a462ad686;Serviço Google Update (gupdate1c9f80a462ad686);c:\programas\Google\Update\GoogleUpdate.exe [28-06-2009 17:05 133104]

S3 BS_DEF;BS_DEF;\??\c:\programas\ASUS\ASUSUpdate\BS_DEF.sys --> c:\programas\ASUS\ASUSUpdate\BS_DEF.sys [?]

S3 gupdatem;Serviço Google Update (gupdatem);c:\programas\Google\Update\GoogleUpdate.exe [28-06-2009 17:05 133104]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programas\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programas\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programas\McAfee Security Scan\2.0.189\McCHSvc.exe [02-09-2010 20:18 227232]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 14:16 753504]

S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [12-05-2008 23:27 27904]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programas\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]

.

2010-10-16 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21275265618.job

- c:\programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 19:38]

.

2011-09-30 c:\windows\Tasks\FRU Task $ContextID$.job

- c:\programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 19:38]

.

2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-06-28 16:05]

.

2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-06-28 16:05]

.

2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{45A78E16-E342-41BF-9B0D-0D027E14E4AC}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.pt/

uInternet Settings,ProxyOverride = local;*.local

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\André\Application Data\Mozilla\Firefox\Profiles\pdg01mf9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/ig?hl=pt-PT

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-Nvidia Omega Drivers for Windows 2k-XPv1.6693 - c:\windows\iun6002.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-03 16:55

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.4]

"ImagePath"="C:/Programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programas/PostgreSQL/8.4/data\" -w"

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.4]

"ImagePath"="C:/Programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programas/PostgreSQL/8.4/data\" -w"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-1035525444-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:d2,2c,40,98,e5,53,0f,05,74,bb,10,e4,f1,e7,e6,b3,31,4e,8e,49,65,

e8,15,24,16,a0,c0,57,5c,3e,7f,16,1f,a7,82,50,4c,1e,cb,d6,ae,d3,4e,0d,dd,b3,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'explorer.exe'(1924)

c:\programas\Logitech\SetPoint\GameHook.dll

c:\programas\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\msi.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\programas\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\programas\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_por.nlr

c:\programas\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\programas\AVAST Software\Avast\AvastSvc.exe

c:\programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programas\Bonjour\mDNSResponder.exe

c:\windows\system32\CTsvcCDA.exe

c:\programas\Java\jre6\bin\jqs.exe

c:\windows\system32\libusbd-nt.exe

c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programas\Microsoft LifeCam\MSCamS32.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\programas\PostgreSQL\8.4\bin\pg_ctl.exe

c:\programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\programas\PostgreSQL\8.4\bin\postgres.exe

c:\programas\PostgreSQL\8.4\bin\postgres.exe

c:\programas\PostgreSQL\8.4\bin\postgres.exe

c:\programas\PostgreSQL\8.4\bin\postgres.exe

c:\programas\PostgreSQL\8.4\bin\postgres.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\programas\ASUS\AASP\1.00.59\aaCenter.exe

c:\programas\iPod\bin\iPodService.exe

c:\programas\Ficheiros comuns\Logitech\KHAL\KHALMNPR.EXE

c:\programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-10-03 17:14:16 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-10-03 16:14

.

Pré-execução: 33.248.817.152 bytes livres

Pós execução: 33.232.977.920 bytes livres

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 5046C5A8BA2D46DE7764A7856B9278EC

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27

Run by André at 17:23:10 on 2011-10-03

Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2047.1455 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programas\ASUS\AI Suite\AiNap\AiNap.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\ASUS\AASP\1.00.59\aaCenter.exe

C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe

C:\Programas\iTunes\iTunesHelper.exe

C:\Programas\AVAST Software\Avast\avastUI.exe

C:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programas\DAEMON Tools\daemon.exe

C:\Programas\Creative\MediaSource\Detector\CTDetect.exe

C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Programas\iPod\bin\iPodService.exe

C:\Programas\Logitech\SetPoint\SetPoint.exe

C:\Programas\McAfee Security Scan\2.0.189\SSScheduler.exe

C:\Programas\Ficheiros comuns\Logitech\KHAL\KHALMNPR.EXE

C:\Programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.pt/

uInternet Settings,ProxyOverride = local;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programas\avast software\avast\aswWebRepIE.dll

BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programas\windows live\toolbar\wltcore.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programas\avast software\avast\aswWebRepIE.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [LDM] c:\programas\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

uRun: [DAEMON Tools] "c:\programas\daemon tools\daemon.exe" -lang 1033

uRun: [Creative Detector] c:\programas\creative\mediasource\detector\CTDetect.exe /R

mRun: [soundMAXPnP] c:\programas\analog devices\core\smax4pnp.exe

mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe

mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [VX1000] c:\windows\vVX1000.exe

mRun: [Ai Nap] "c:\programas\asus\ai suite\ainap\AiNap.exe"

mRun: [CPU Power Monitor] "c:\programas\asus\ai suite\aigear3\CpuPowerMonitor.exe"

mRun: [Cpu Level Up help] c:\programas\asus\ai suite\CpuLevelUpHelp.exe

mRun: [ASUS Energy Saving] "c:\programas\asus\ai suite\energysaving\PwSave.exe"

mRun: [TkBellExe] "c:\programas\ficheiros comuns\real\update_ob\realsched.exe" -osboot

mRun: [PCSuiteTrayApplication] c:\programas\nokia\nokia pc suite 6\LaunchApplication.exe -startup

mRun: [NeroFilterCheck] c:\programas\ficheiros comuns\ahead\lib\NeroCheck.exe

mRun: [LifeCam] "c:\programas\microsoft lifecam\LifeExp.exe"

mRun: [AppleSyncNotifier] c:\programas\ficheiros comuns\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "c:\programas\ficheiros comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\programas\ficheiros comuns\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\programas\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\programas\itunes\iTunesHelper.exe"

mRun: [avast] "c:\programas\avast software\avast\avastUI.exe" /nogui

dRun: [Nokia.PCSync] c:\programas\nokia\nokia pc suite 6\PcSync2.exe /NoDialog

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\gn-wbk~1.lnk - c:\programas\gigabyte\gigabyte gn-wbkg wireless usb adapter\installer\winxp\GNConfig.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\hppsc1~1.lnk - c:\programas\hewlett-packard\digital imaging\bin\hpohmr08.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\hpoddt~1.lnk - c:\programas\hewlett-packard\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\logite~2.lnk - c:\programas\logitech\desktop messenger\8876480\program\LDMConf.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\logite~1.lnk - c:\programas\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\mcafee~1.lnk - c:\programas\mcafee security scan\2.0.189\SSScheduler.exe

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programas\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab

DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://download.autodesk.com/esd/mapguide/SP1/ENG/mgaxctrl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{A91AC0D1-68AF-408D-B6E4-94FAA62256DF} : DhcpNameServer = 192.168.1.254 192.168.1.254

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programas\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\andré\application data\mozilla\firefox\profiles\pdg01mf9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/ig?hl=pt-PT

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-20 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-20 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-20 20568]

R2 avast! Antivirus;avast! Antivirus;c:\programas\avast software\avast\AvastSvc.exe [2011-9-20 44768]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-14 54752]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Programas/PostgreSQL/8.4/data" -w --> C:/Programas/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-5-12 33792]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9f80a462ad686;Serviço Google Update (gupdate1c9f80a462ad686);c:\programas\google\update\GoogleUpdate.exe [2009-6-28 133104]

S3 BS_DEF;BS_DEF;\??\c:\programas\asus\asusupdate\bs_def.sys --> c:\programas\asus\asusupdate\BS_DEF.sys [?]

S3 fsssvc;Serviço Segurança Familiar do Windows Live;c:\programas\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Serviço Google Update (gupdatem);c:\programas\google\update\GoogleUpdate.exe [2009-6-28 133104]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programas\lavasoft\ad-aware\kernexplorer.sys --> c:\programas\lavasoft\ad-aware\KernExplorer.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programas\mcafee security scan\2.0.189\McCHSvc.exe [2010-9-2 227232]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2008-5-12 27904]

.

=============== Created Last 30 ================

.

2011-10-03 15:35:32 -------- d-sha-r- C:\cmdcons

2011-10-03 15:31:14 98816 ----a-w- c:\windows\sed.exe

2011-10-03 15:31:14 518144 ----a-w- c:\windows\SWREG.exe

2011-10-03 15:31:14 256000 ----a-w- c:\windows\PEV.exe

2011-10-03 15:31:14 208896 ----a-w- c:\windows\MBR.exe

2011-09-26 19:17:29 -------- d-----w- c:\documents and settings\andré\.swt

2011-09-23 10:32:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-20 14:42:59 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-20 14:42:39 41184 ----a-w- c:\windows\avastSS.scr

2011-09-20 14:42:21 -------- d-----w- c:\programas\AVAST Software

2011-09-20 14:42:21 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-09-05 17:04:56 183696 ----a-w- c:\programas\mozilla firefox\plugins\nppdf32.dll

2011-09-05 17:04:56 183696 ----a-w- c:\programas\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:01 603136 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-19 04:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-19 01:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 10:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 10:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 10:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 10:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-05 17:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 17:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 17:23:51,35 ===============

Notes:

1 - I had the avast free antivirus, plus ad-aware, which is a anti-spyware program, not an anti virus, i thought i could have both.

Can't we complement the antivirus with an antispyware?

2 - After finishing the 50 stages and before preparing the log report, combofix made my computer reboot. Is this normal?

I'm just asking because it wasn't referenced in the guide of combofix.

3 - Should i uninstall combofix now?

Link to post
Share on other sites

  • Staff

Hi,

1) Lavasoft bundles antivirus with their anti-spyware now, so I would say they are not compatible. MBAM has no antivirus component and would run well alongside your antivirus.

2) Yes this is normal.

3) Not yet.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=7dfa647a8e21fd4d82c412f1e9bed97b

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-10-06 07:44:40

# local_time=2011-10-06 08:44:40 (+0000, Hora de Verão de GMT)

# country="Portugal"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 130475766 130475766 0 0

# compatibility_mode=1026 16777214 0 2 80803205 80803205 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=175118

# found=0

# cleaned=0

# scan_time=31529

Results of screen317's Security Check version 0.99.21

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

avast! Free Antivirus

ESET Online Scanner v3

McAfee Security Scan Plus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 27

Autodesk MapGuide Viewer, Java Edition

Flash Player Out of Date!

Adobe Reader X (10.1.1)

Mozilla Firefox (Player..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

``````````End of Log````````````

1. I use eset online scanner to do online scans on my computer, but normally it takes 2 hours to finish the scan... This time it took 8h45min to finish! Is this normal?

2. I know the security check says that my flash player is out of date, but i have just checked it manually, and it is updated... So why security check says it ins't?

3. what's the best antivirus? Eset Nod32, smart security, or kaspersky pure?

How about a good firewall? Windows firewall is good?

Link to post
Share on other sites

  • Staff

Hi,

Looks like there were only malware traces left which were removed.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

These are the antiviruses I recommend; be sure to only install one:

Microsoft Security Essentials (what I use)

AntiVir

avast!.

I use MSE and the PRO version of MBAM, and I've never had an issue.

Here are my firewall recommendations:

Sunbelt Personal Firewall

Comodo

Outpost

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

It's likely why your issue began in the first place.

This goes for Limewire and anything else you may have installed.

Link to post
Share on other sites

Ok, i have never actually used limewire. So I'll just uninstall it.

But is there a problem for the fact that I have some icons that doesn't show up in the folder C:\Documents and Settings\André\Ambiente de trabalho ?

Also, what is that left component of combofix? file NircmdB.exe

Link to post
Share on other sites

  • Staff

Hi,

NoScript can be very useful for protecting you.

I would run a scan once a week. :)

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.