Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"warning Spyware Dectected" As Background


  • This topic is locked This topic is locked
11 replies to this topic

#1 Chaves

Chaves

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 31 October 2007 - 05:02 PM

Help! Every time i change my desktop that shows up. Also a yellow Yield sign shows up below saying "your computer is running slow due to spy ware"
Iv used SmitFraudFix in safe mode
Iv used Superanispyware in normal and safe mode please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:48, on 31/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Comodo\Firewall\CPF.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\ARCHIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://youtube.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: IntelVideoCodec - {33A12BEB-3219-4CA8-99B4-733192704C62} - C:\WINDOWS\system32\IntelVideoDivX.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Archivos de programa\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\ARCHIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZN
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6811 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 01 November 2007 - 04:13 AM

Hi,

Please perform my instructions in the right order..

First of all, uninstall MyWebsearch via software > add/remove programs.

Then, * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: IntelVideoCodec - {33A12BEB-3219-4CA8-99B4-733192704C62} - C:\WINDOWS\system32\IntelVideoDivX.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\ARCHIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZN


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, * Download ComboFix from here.
**Save it to your desktop**

In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.

In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.


* Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Chaves

Chaves
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 01 November 2007 - 04:14 PM

The "Your infested" background doesn't show up anymore. Thanks heres the Hijack log: Hope im clean now

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:30, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Comodo\Firewall\CPF.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
I:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://youtube.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Archivos de programa\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZN
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4467 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 01 November 2007 - 04:15 PM

Hi,

Can you also post the log from Combofix as requested?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Chaves

Chaves
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 01 November 2007 - 04:59 PM

Im sorry i read the post wrong heres the log: (sorry some parts are in Spanish)

ComboFix 07-11-01.1** - Administrador 2007-11-01 16:35:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.456 [GMT -5:00]
Se ejecuta desde: I:\ComboFix.exe
.

(((((((((((((((((( Archivos creados desde 2007-10-01 - 2007-11-01 )))))))))))))))))))))))))))))))))
.

2007-11-01 16:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 16:24 <DIR> d-------- C:\Archivos de programa\IObit
2007-10-28 16:12 2,360 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-28 15:45 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-28 15:45 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-28 15:45 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-28 15:45 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-28 15:45 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-28 15:45 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-28 15:44 <DIR> d-------- C:\Archivos de programa\Alwil Software
2007-10-28 15:44 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-28 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2007-10-28 15:39 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2007-10-28 15:39 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2007-10-28 12:12 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-28 12:12 15,616 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-28 12:12 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-28 12:06 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-10-28 12:05 123,911 --a------ C:\WINDOWS\system32\vvgeowbv.exe
2007-10-25 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Datos de programa\TEMP
2007-10-25 18:44 <DIR> d-------- C:\Archivos de programa\ClubDJ Pro
2007-10-25 18:44 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2007-10-25 18:44 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-10-25 18:44 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-10-25 18:44 37,136 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2007-10-25 18:44 24,336 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2007-10-12 18:41 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Ahead
2007-10-12 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Comodo
2007-10-12 18:37 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Comodo
2007-10-12 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Nero
2007-10-12 18:34 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts
2007-10-12 18:33 <DIR> d-------- C:\WINDOWS\pss
2007-10-12 18:32 <DIR> d-------- C:\Archivos de programa\Comodo
2007-10-12 18:29 <DIR> d-------- C:\Archivos de programa\LimeWire
2007-10-12 18:03 391,424 --------- C:\WINDOWS\system32\drivers\alcxsens.sys
2007-10-12 17:44 <DIR> d-------- C:\Archivos de programa\Realtek AC97
2007-10-12 17:44 <DIR> d--h----- C:\Archivos de programa\InstallShield Installation Information
2007-10-12 17:44 <DIR> d-------- C:\Archivos de programa\Archivos comunes\InstallShield
2007-10-12 17:44 208,896 --------- C:\WINDOWS\alcupd.exe
2007-10-12 17:40 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-10-12 17:33 <DIR> d-------- C:\Inetpub
2007-10-12 17:32 <DIR> d-------- C:\Archivos de programa\Stardock
2007-10-12 17:32 <DIR> d-------- C:\Archivos de programa\AIMP Classic
2007-10-12 17:31 <DIR> d-------- C:\WINDOWS\system32\es-es
2007-10-12 17:28 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\TuneUp Software
2007-10-12 17:28 <DIR> d-------- C:\Archivos de programa\TuneUp Utilities 2007
2007-10-12 17:28 <DIR> d-------- C:\Archivos de programa\Nero
2007-10-12 17:28 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2007-10-12 17:28 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Ahead
2007-10-12 17:28 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-10-12 17:28 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2007-10-12 17:28 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-10-12 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Apple Computer
2007-10-12 17:27 <DIR> d-------- C:\Archivos de programa\Windows Media Connect 2
2007-10-12 17:27 <DIR> d-------- C:\Archivos de programa\Real Alternative
2007-10-12 17:27 <DIR> d-------- C:\Archivos de programa\QuickTime Alternative
2007-10-12 17:27 <DIR> d-------- C:\Archivos de programa\Media Player Classic
2007-10-12 17:27 <DIR> d-------- C:\Archivos de programa\CCleaner
2007-10-12 17:27 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-12 17:27 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-12 17:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-12 17:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-12 17:26 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-12 17:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-12 17:25 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\BSplayer PRO
2007-10-12 17:25 <DIR> d-------- C:\Archivos de programa\Webteh
2007-10-12 17:25 <DIR> d-------- C:\Archivos de programa\uTorrent
2007-10-12 17:25 <DIR> d-------- C:\Archivos de programa\Ares
2007-10-12 17:25 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Adobe
2007-10-12 17:24 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-12 17:23 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-12 17:22 <DIR> dr-h----- C:\MSOCache
2007-10-12 17:22 <DIR> d-------- C:\Archivos de programa\Microsoft.NET
2007-10-12 17:22 <DIR> d-------- C:\Archivos de programa\Java
2007-10-12 17:22 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Java
2007-10-12 17:17 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-10-12 17:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-12 17:17 <DIR> d-------- C:\Archivos de programa\Windows Live Safety Center
2007-10-12 17:17 <DIR> d-------- C:\Archivos de programa\MSN Messenger
2007-10-12 17:01 253,744 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe
2007-10-12 17:01 3,584 -----c--- C:\WINDOWS\system32\dllcache\WgaLogon.dll
2007-10-12 17:00 <DIR> dr-h----- C:\Documents and Settings\Administrador\Reciente
2007-10-12 17:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Plantillas
2007-10-12 17:00 <DIR> dr------- C:\Documents and Settings\Administrador\Mis documentos
2007-10-12 17:00 <DIR> dr------- C:\Documents and Settings\Administrador\Menú Inicio
2007-10-12 17:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Impresoras
2007-10-12 17:00 <DIR> dr------- C:\Documents and Settings\Administrador\Favoritos
2007-10-12 17:00 <DIR> d-------- C:\Documents and Settings\Administrador\Escritorio
2007-10-12 17:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Entorno de red
2007-10-12 17:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Datos de programa
2007-10-12 17:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Configuración local
2007-10-12 12:47 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-10-12 12:47 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-10-12 12:47 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-10-12 12:47 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-10-12 12:46 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-10-12 12:46 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-10-12 12:46 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-10-12 12:46 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-10-12 12:46 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 21:58 --------- d-----w C:\Archivos de programa\ELIMINAR INICIO DE PROGRAMAS
2007-10-12 21:58 --------- d-----w C:\Archivos de programa\BUSCAR ACTUALIZACIONES
2007-10-12 21:53 --------- d-----w C:\Archivos de programa\microsoft frontpage
2007-10-12 21:53 --------- d-----w C:\Archivos de programa\Archivos comunes\speechengines
2007-10-12 21:51 --------- d-----w C:\Archivos de programa\Servicios en línea
2007-10-12 21:51 --------- d-----w C:\Archivos de programa\Archivos comunes\MSSoap
.

((((((((((((((((((((((((((((( snapshot@2007-11-01_16.04.26.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-01 21:03:48 219,950 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-11-01 21:07:37 219,949 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 14:54 C:\WINDOWS\soundman.exe]
"COMODO Firewall Pro"="C:\Archivos de programa\Comodo\Firewall\CPF.exe" [2007-10-12 18:32]
"avast!"="C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 10:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Archivos de programa\MSN Messenger\msnmsgr.exe" [2007-01-19 10:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:42]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\ARCHIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe

R2 SMTPSVC;Protocolo simple de transferencia de correo (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 UxTuneUp;TuneUp Ampliación del thema;C:\WINDOWS\System32\svchost.exe -k netsvcs

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts RemoteRegistry upnphost SSDPSRV

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4
.
Contenido de carpeta 'Tareas Programadas'
"2007-11-01 21:30:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Archivos de programa\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2007-11-01 01:00:00 C:\WINDOWS\Tasks\AwcProUpdate.job"
- C:\Archivos de programa\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe
"2007-10-12 22:28:20 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- C:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 16:36:49
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2007-11-01 16:37:25
C:\ComboFix2.txt ... 2007-11-01 16:05
.
--- E O F ---

Edited by Chaves, 01 November 2007 - 05:00 PM.


#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 01 November 2007 - 05:37 PM

Hi,

Please move Combofix.exe to your desktop as I requested earlier, because I see Combofix is currently present on your I drive.

Then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\vvgeowbv.exe

Folder::
C:\WINDOWS\system32\acespy

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 01 November 2007 - 05:57 PM

Hi,

In case you didn't perform my instructions yet..

Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:

C:\WINDOWS\system32\vvgeowbv.exe

Select it and click ok:
Then click the Send File button below.

In case you already performed my instructions, then you won't find above file in your C:\Windows\system32-folder, but you'll find it in next folder
C:\Qoobox\quarantine\C\Windows\system32\ with the name vvgeowbv.exe.vir
Upload that one instead. :blink:

Then post the logs I asked :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Chaves

Chaves
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 01 November 2007 - 06:19 PM

Alright i summited vvgeowbv.exe.vir

Heres my log:

ComboFix 07-11-01.1** - Administrador 2007-11-01 18:02:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.445 [GMT -5:00]
Se ejecuta desde: C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrador\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración

FILE::
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\vvgeowbv.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\vvgeowbv.exe

.
(((((((((((((((((( Archivos creados desde 2007-10-01 - 2007-11-01 )))))))))))))))))))))))))))))))))
.

2007-11-01 16:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 16:24 <DIR> d-------- C:\Archivos de programa\IObit
2007-10-28 16:12 2,360 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-28 15:45 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-28 15:45 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-28 15:45 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-28 15:45 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-28 15:45 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-28 15:45 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-28 15:44 <DIR> d-------- C:\Archivos de programa\Alwil Software
2007-10-28 15:44 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-28 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2007-10-28 15:39 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2007-10-28 15:39 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2007-10-25 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Datos de programa\TEMP
2007-10-25 18:44 <DIR> d-------- C:\Archivos de programa\ClubDJ Pro
2007-10-25 18:44 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2007-10-25 18:44 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-10-25 18:44 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-10-25 18:44 37,136 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2007-10-25 18:44 24,336 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2007-10-12 18:41 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Ahead
2007-10-12 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Comodo
2007-10-12 18:37 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Comodo
2007-10-12 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Nero
2007-10-12 18:34 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts
2007-10-12 18:33 <DIR> d-------- C:\WINDOWS\pss
2007-10-12 18:32 <DIR> d-------- C:\Archivos de programa\Comodo
2007-10-12 18:29 <DIR> d-------- C:\Archivos de programa\LimeWire
2007-10-12 18:03 391,424 --------- C:\WINDOWS\system32\drivers\alcxsens.sys
2007-10-12 17:44 <DIR> d-------- C:\Archivos de programa\Realtek AC97
2007-10-12 17:44 <DIR> d--h----- C:\Archivos de programa\InstallShield Installation Information
2007-10-12 17:44 <DIR> d-------- C:\Archivos de programa\Archivos comunes\InstallShield
2007-10-12 17:44 208,896 --------- C:\WINDOWS\alcupd.exe
2007-10-12 17:40 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-10-12 17:33 <DIR> d-------- C:\Inetpub
2007-10-12 17:32 <DIR> d-------- C:\Archivos de programa\Stardock
2007-10-12 17:32 <DIR> d-------- C:\Archivos de programa\AIMP Classic
2007-10-12 17:31 <DIR> d-------- C:\WINDOWS\system32\es-es
2007-10-12 17:28 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\TuneUp Software
2007-10-12 17:28 <DIR> d-------- C:\Archivos de programa\TuneUp Utilities 2007
2007-10-12 17:28 <DIR> d-------- C:\Archivos de programa\Nero
2007-10-12 17:28 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2007-10-12 17:28 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Ahead
2007-10-12 17:28 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-10-12 17:28 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2007-10-12 17:28 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-10-12 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Apple Computer
2007-10-12 17:27 <DIR> d-------- C:\Archivos de programa\Windows Media Connect 2
2007-10-12 17:27 <DIR> d-------- C:\Archivos de programa\Real Alternative
2007-10-12 17:27 <DIR> d-------- C:\Archivos de programa\QuickTime Alternative
2007-10-12 17:27 <DIR> d-------- C:\Archivos de programa\Media Player Classic
2007-10-12 17:27 <DIR> d-------- C:\Archivos de programa\CCleaner
2007-10-12 17:27 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-12 17:27 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-12 17:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-12 17:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-12 17:26 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-12 17:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-12 17:25 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\BSplayer PRO
2007-10-12 17:25 <DIR> d-------- C:\Archivos de programa\Webteh
2007-10-12 17:25 <DIR> d-------- C:\Archivos de programa\uTorrent
2007-10-12 17:25 <DIR> d-------- C:\Archivos de programa\Ares
2007-10-12 17:25 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Adobe
2007-10-12 17:24 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-12 17:23 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-12 17:22 <DIR> dr-h----- C:\MSOCache
2007-10-12 17:22 <DIR> d-------- C:\Archivos de programa\Microsoft.NET
2007-10-12 17:22 <DIR> d-------- C:\Archivos de programa\Java
2007-10-12 17:22 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Java
2007-10-12 17:17 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-10-12 17:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-12 17:17 <DIR> d-------- C:\Archivos de programa\Windows Live Safety Center
2007-10-12 17:17 <DIR> d-------- C:\Archivos de programa\MSN Messenger
2007-10-12 17:01 253,744 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe
2007-10-12 17:01 3,584 -----c--- C:\WINDOWS\system32\dllcache\WgaLogon.dll
2007-10-12 17:00 <DIR> dr-h----- C:\Documents and Settings\Administrador\Reciente
2007-10-12 17:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Plantillas
2007-10-12 17:00 <DIR> dr------- C:\Documents and Settings\Administrador\Mis documentos
2007-10-12 17:00 <DIR> dr------- C:\Documents and Settings\Administrador\Menú Inicio
2007-10-12 17:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Impresoras
2007-10-12 17:00 <DIR> dr------- C:\Documents and Settings\Administrador\Favoritos
2007-10-12 17:00 <DIR> d-------- C:\Documents and Settings\Administrador\Escritorio
2007-10-12 17:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Entorno de red
2007-10-12 17:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Datos de programa
2007-10-12 17:00 <DIR> d--h----- C:\Documents and Settings\Administrador\Configuración local
2007-10-12 12:47 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-10-12 12:47 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-10-12 12:47 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-10-12 12:47 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-10-12 12:46 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-10-12 12:46 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-10-12 12:46 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-10-12 12:46 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-10-12 12:46 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-10-12 12:46 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-10-12 12:46 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-10-12 12:46 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-10-12 12:45 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-12 12:45 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 21:58 --------- d-----w C:\Archivos de programa\ELIMINAR INICIO DE PROGRAMAS
2007-10-12 21:58 --------- d-----w C:\Archivos de programa\BUSCAR ACTUALIZACIONES
2007-10-12 21:53 --------- d-----w C:\Archivos de programa\microsoft frontpage
2007-10-12 21:53 --------- d-----w C:\Archivos de programa\Archivos comunes\speechengines
2007-10-12 21:51 --------- d-----w C:\Archivos de programa\Servicios en línea
2007-10-12 21:51 --------- d-----w C:\Archivos de programa\Archivos comunes\MSSoap
.

((((((((((((((((((((((((((((( snapshot@2007-11-01_16.04.26.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-01 21:03:48 219,950 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-11-01 23:04:46 219,949 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-11-01 23:04:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c0.dat
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 14:54 C:\WINDOWS\soundman.exe]
"COMODO Firewall Pro"="C:\Archivos de programa\Comodo\Firewall\CPF.exe" [2007-10-12 18:32]
"avast!"="C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 10:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Archivos de programa\MSN Messenger\msnmsgr.exe" [2007-01-19 10:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:42]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts RemoteRegistry upnphost SSDPSRV

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4
.
Contenido de carpeta 'Tareas Programadas'
"2007-11-01 21:30:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Archivos de programa\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2007-11-01 01:00:00 C:\WINDOWS\Tasks\AwcProUpdate.job"
- C:\Archivos de programa\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe
"2007-10-12 22:28:20 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- C:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 18:04:41
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2007-11-01 18:06:22 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-01 16:37
C:\ComboFix3.txt ... 2007-11-01 16:05
.
--- E O F ---

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 01 November 2007 - 06:45 PM

Hi,

Thanks for the file.

Navigate to and delete the following files if still present:

C:\Windows\absolute key logger.lnk
C:\Windows\aconti.ini
C:\Windows\aconti.log
C:\Windows\aconti.sdb
C:\Windows\acontidialer.txt
C:\Windows\default.htm
C:\Windows\System32\sznf.ascii

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now...
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Chaves

Chaves
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 02 November 2007 - 05:19 PM

Everything seems to be working fine.

Thanks ALOT you have been a GREAT help. THanks again

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 02 November 2007 - 05:22 PM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 04 November 2007 - 04:30 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users