Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did I Get Infected?


  • This topic is locked This topic is locked
2 replies to this topic

#1 LoMayok

LoMayok

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 04 May 2008 - 10:43 PM

Overnight, I was downloading something using bitcomet. The next morning and to my surprise, the icons on my desktop are rearranged and there are error messages and that comodo firewall have to shutdown. I want to run the nod32 scanner but I can not open the window. I rebooted and everything seems to be working fine.

After this event I scanned my pc using nod32 v3, AVG, spyware doctor, webroot spysweeper and ad aware. I run ccleaner using default options. The antivirus found nothing but the antispyware found some minor things.

The scanning and cleaning did not help that much. Internet browing was very sluggish, skype will not work right anymore (can't hear the other person on the side even after closing all applications and I have 1.3mb connection and after a few minutes an internal error message and will shut down).

ComboFix was suggested from another forum. Downloaded it including windows xp bootdisk and hijackthis. I run combofix then hijackthis then restarted.

Please somebody tell what was wrong with my pc and if there is something that I must do to make it right. Thanks. Here is the Log:

ComboFix 08-05-01.3 - Administrator 2008-05-05 8:12:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.52 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 08:11 . 2008-05-05 08:11 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-04 08:07 . 2008-05-04 08:08 1,024 --a------ C:\WINDOWS\system32\AutoPartNt.let
2008-05-04 08:06 . 2008-05-04 08:06 1,882,904 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2008-05-04 06:51 . 2008-05-04 07:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Acronis
2008-05-04 06:34 . 2008-05-04 06:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2008-05-04 06:30 . 2008-05-04 06:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-05-04 06:30 . 2008-05-04 06:30 441,760 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-05-04 06:30 . 2008-05-04 06:30 368,544 --a------ C:\WINDOWS\system32\drivers\tdrpman.sys
2008-05-04 06:30 . 2008-05-04 06:30 129,248 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-05-04 06:30 . 2008-05-04 06:30 44,384 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-05-04 06:29 . 2008-05-04 06:29 <DIR> d-------- C:\Program Files\Common Files\Acronis
2008-05-04 06:29 . 2008-05-04 06:29 <DIR> d-------- C:\Program Files\Acronis
2008-05-03 05:44 . 2008-05-03 05:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-28 04:04 . 2008-04-28 04:04 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_71990.LOG
2008-04-28 04:04 . 2008-04-28 04:04 0 --ah----- C:\Documents and Settings\LocalService\ntuser.dat_TU_71069.LOG
2008-04-28 04:04 . 2008-04-28 04:04 0 --ah----- C:\Documents and Settings\Administrator\ntuser.dat_TU_82508.LOG
2008-04-22 11:54 . 2003-08-19 19:36 65,536 --a------ C:\WINDOWS\system32\Audio3D.dll
2008-04-22 08:58 . 2008-05-04 20:22 88,566 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-22 08:57 . 2008-04-22 09:00 <DIR> d-------- C:\WINDOWS\nview
2008-04-22 08:57 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-22 08:57 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-22 08:57 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-22 08:56 . 2008-04-22 08:56 <DIR> d-------- C:\NVIDIA
2008-04-22 08:46 . 2008-04-22 08:46 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-20 14:59 . 2008-04-20 14:59 <DIR> d-------- C:\Program Files\ArmyMenRTS
2008-04-20 14:32 . 2008-04-23 06:01 <DIR> d-------- C:\Program Files\MagicISO
2008-04-20 10:31 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-04-20 10:10 . 2008-04-20 10:10 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-19 00:31 . 2008-05-05 08:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-04-18 20:50 . 2008-04-18 20:50 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-18 20:43 . 2006-10-22 12:22 4,527,488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-04-18 20:43 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-04-18 20:43 . 2006-10-22 12:22 3,994,624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-04-18 20:43 . 2006-10-22 12:22 3,994,624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-04-18 20:43 . 2004-08-03 23:07 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2008-04-18 20:43 . 2004-08-03 23:07 42,368 --a--c--- C:\WINDOWS\system32\dllcache\agp440.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 16:20 --------- d-----w C:\Program Files\cFosSpeed
2008-05-05 16:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-05-04 21:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-05-04 18:28 --------- d-----w C:\Program Files\AvRack
2008-05-04 18:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MiniLyrics
2008-05-03 17:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-03 15:18 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-02 16:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-05-01 20:22 --------- d-----w C:\Program Files\BitComet
2008-04-29 17:09 --------- d-----w C:\Program Files\Skype
2008-04-29 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-26 19:48 --------- d-----w C:\Program Files\ESET
2008-04-23 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-04-23 16:35 --------- d-----w C:\Program Files\RegVac Registry Cleaner
2008-04-20 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-19 19:33 87,312 ----a-w C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-04-19 19:33 23,824 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-04-13 01:59 --------- d-----w C:\Program Files\Warcraft III
2008-04-07 00:41 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-04 04:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-03-31 21:00 --------- d-----w C:\Program Files\LogMeIn
2008-03-31 02:49 --------- d-----w C:\Program Files\The KMPlayer
2008-03-29 17:31 --------- d-----w C:\Program Files\epson
2008-03-28 05:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\EPSON
2008-03-22 15:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-22 15:11 --------- d-----w C:\Program Files\Webroot
2008-03-22 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-22 15:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2008-03-22 15:09 164 ----a-w C:\install.dat
2008-03-17 17:05 --------- d-----w C:\Program Files\Opera
2008-03-14 20:12 --------- d-----w C:\Program Files\Minilyrics
2008-03-14 00:52 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-03-14 00:52 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-03-14 00:52 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-03-14 00:44 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-14 00:43 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-03-13 16:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ESET
2008-03-13 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-03-13 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-05 14:26 --------- d-----w C:\Program Files\Java
2008-03-05 14:16 --------- d-----w C:\Program Files\Common Files\Java
2008-01-22 23:27 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-21 13:02 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2006-09-27 00:53 9,265,152 ------w C:\Program Files\nbalive07.exe
2006-09-06 20:42 921,654 ----a-w C:\Program Files\00000000.256
2006-09-06 20:42 344,064 ----a-w C:\Program Files\eauninstall.exe
2006-07-25 19:55 65,632 ----a-w C:\Program Files\loadbar.fsh
2006-07-25 19:54 41,472 ----a-w C:\Program Files\DrvMgt.dll
2006-07-25 19:54 27 ----a-w C:\Program Files\GDPerf.vxd
2006-07-25 19:54 12,400 ----a-w C:\Program Files\SECDRV.SYS
2007-11-27 15:34 8 --sh--r C:\WINDOWS\system32\7E6C58BEDC.sys
2007-12-01 14:05 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-04-20 04:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 08:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-04-06 16:41 360064 b1d637a5585af8932c635976ff9d8981 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-04-06 16:41 360064 b1d637a5585af8932c635976ff9d8981 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
2008-02-27 18:01 1555480 --a------ C:\Program Files\Best_Security_Tips\tbBes1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "C:\Program Files\Best_Security_Tips\tbBes1.dll" [2008-02-27 18:01 1555480]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= C:\Program Files\Best_Security_Tips\tbBes1.dll [2008-02-27 18:01 1555480]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2008-03-13 16:48 1443072 C:\Program Files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\muBlinder]
--a------ 2008-03-27 19:29 1406464 E:\Download Tools\Windows For\Mublinder\muBlinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"PDExchange"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"idsvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"MSIServer"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"US30Service"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"LogMeIn"=3 (0x3)
"LMIMaint"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"NVSvc"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"aawservice"=3 (0x3)
"PD91Engine"=3 (0x3)
"PD91Agent"=3 (0x3)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"cmdAgent"=2 (0x2)
"cFosSpeedS"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"muBlinder"=E:\Download Tools\Windows For\Mublinder\muBlinder.exe -startup
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"SoundMan"=SOUNDMAN.EXE
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" -h
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9179:TCP"= 9179:TCP:BitComet 9179 TCP
"9179:UDP"= 9179:UDP:BitComet 9179 UDP

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 13:27]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-05-04 06:30]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-19 11:33]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-19 11:33]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:00]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S4 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-01-16 10:52]
S4 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-01-16 10:52]
S4 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 20:51]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-15 09:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 23:40:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-05 16:21:18 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-01 19:46:32 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 08:22:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-05-05 8:25:28 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-05-05 16:25:11

Pre-Run: 12,064,014,336 bytes free
Post-Run: 12,148,830,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

258


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:00 AM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedtest.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdat...=1&ln=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\IDM2\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cFosSpeed] "C:\Program Files\cFosSpeed\cFosSpeed.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\IDM2\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\IDM2\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\IDM2\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196063158515
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196063121656
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7921 bytes

BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 28 May 2008 - 06:37 AM

Hello, and welcome to the forum :thumbsup:

I'm sorry for the delay, the forums are very busy. If you still need help, please post a new HijackThis log and give a description of how your computer is currently running.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 03 June 2008 - 10:25 AM

Due to inactivity this topic will be closed.

If you need help please start a new thread and post a new HijackThis log.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users