"Socket error 11004" Need help!!!

**Duldrus** · 04-06-2007, 06:32 PM

Hi!
Each time i restart my computer, a message saying "Socket error 11004" appears. I've already use Spyware Doctor; eTrus EZ Antivirus; Spybot; and AVG Anti Spyware, but the error persists. Finally, i've decided to try HijackThis. I've done a scan, but i don't know what to do next, i don't know where's the problem. So, here's the log. I would be very thankful if someone could help me.

Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 23:57:34, on 06-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\scvhost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe
C:\Windows\Cursors\Rg2catbd.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mjhor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netcount\Netcount.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\fbguad.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rg2catbd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paulo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Rg2catbd] C:\Windows\Cursors\Rg2catbd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [hnrtbr] C:\WINDOWS\mjhor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Netcount] "C:\Program Files\Netcount\Netcount.exe" 0
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - Global Startup: fbguad.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: javsu.exe
O4 - Global Startup: Rg2catbd.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130637954328
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CD3DEDA-A8E5-4CFC-8ADC-666BC5ED5338}: NameServer = 195.23.129.126 194.79.69.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFB5811A-89ED-4053-AAD5-CC1689495FBB}: NameServer = 195.23.129.126,194.79.69.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

**PhilliePhan** · 04-06-2007, 07:15 PM

Originally Posted by Duldrus

I've done a scan, but i don't know what to do next, i don't know where's the problem. So, here's the log. I would be very thankful if someone could help me.

You have a bunch of malware showing in your HJT Log.

Update the definitions for your AVG Anti-spy and Spyware Doctor and run full scans with them.
Also, do the Kaspersky Online Scan and Rename HijackThis as per the instructions in the linky below:

ATTENTION: Read Me Before Posting For Help!!

Please submit the folowing:
-- Kaspersky Scanlog
-- Spyware Doctor Log
-- AVG Anti-spy Log
-- Fresh HJT Scanlog (with HijackThis.exe Renamed)

** Be sure to allow AVG and Spyware Doctor to Clean/Quarantine the baddies they find!

I am sure Judy will check in and help you clean the remaining baddies as time permits.

Cheers

PP

**jholland1964** · 04-06-2007, 10:59 PM

PP is absolutely right on the money. Your log is loaded with malware, etc.
Follow his instructions exactly and submit the logs requested.
Judy

**Duldrus** · 04-07-2007, 06:01 PM

Hi again!
First of all, thank you Judy and PP for the help.
I've done what you told me to and here's the log files. I had difficulties with the Kaspersky Online, so i've used BitDefender. I didn't put the Spyware Doctor log, because he didn't found anything bad.

I hope you can help me
Thanks once more.

Cheers

BitDefender Online Scanner

Scan report generated at: Sat, Apr 07, 2007 - 14:55:18

Statistics

Time

01:48:53

Files

618881

Folders

6412

Boot Sectors

3

Archives

2720

Packed Files

64140

Results

Identified Viruses

6

Infected Files

7

Suspect Files

1

Warnings

0

Disinfected

0

Deleted Files

5

Engines Info

Virus Definitions

463243

Engine build

AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins

14

Archive plugins

38

Unpack plugins

6

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\fbguad.exe

Infected with: DeepScan:Generic.Banker.Delf.C926416E

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\fbguad.exe

Disinfection failed

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\fbguad.exe

Delete failed

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe

Infected with: Trojan.PWS.Banker.CZ

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe

Disinfection failed

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe

Delete failed

C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla\Firefox\Profiles\ma4n2cks.default\XUL .mfl

Clean

C:\Documents and Settings\LocalService\Local Settings\desktop.ini

Clean

C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini

Clean

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini

Clean

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat

Clean

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini

Clean

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHO1834N\desktop.ini

Clean

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Clean

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat=>REMOVED_NULLS

Clean

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OV29GHIV\desktop.ini

Clean

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UV89MTCD\desktop.ini

Clean

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WFGZCJEL\desktop.ini

Clean

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini

Clean

C:\Documents and Settings\LocalService\NTUSER.DAT

Clean

C:\Documents and Settings\LocalService\ntuser.dat.LOG

Clean

C:\Documents and Settings\LocalService\NTUSER.DAT_BAK_35535

Clean

C:\Documents and Settings\LocalService\NTUSER.DAT_BAK_93582

Clean

C:\Documents and Settings\LocalService\NTUSER.DAT_TU_35535.LOG

Clean

C:\Documents and Settings\LocalService\NTUSER.DAT_TU_93582.LOG

Clean

C:\Documents and Settings\LocalService\ntuser.ini

Clean

C:\Documents and Settings\LocalService\ntuser.ini=>(unicode)

Clean

C:\Documents and Settings\LocalService\Start Menu\Programs\Windows Media Player.lnk

Clean

C:\Documents and Settings\NetworkService\Cookies\index.dat

Clean

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Clean

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Clean

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat_BAK_10434

Clean

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat_BAK_45366

Clean

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat_TU_10434.LOG

Clean

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat_TU_45366.LOG

Clean

C:\Documents and Settings\NetworkService\Local Settings\desktop.ini

Clean

C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini

Clean

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini

Clean

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0MET20KE\022-3315.pt[1].dist

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0MET20KE\022-3315.pt[1].dist=>(JAVASCRIPT 1)

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0MET20KE\061-2802.pt[1].dist

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0MET20KE\061-2802.pt[1].dist=>(JAVASCRIPT 1)

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0MET20KE\desktop.ini

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2OSVZY9U\022-3306.pt[1].dist

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2OSVZY9U\022-3306.pt[1].dist=>(JAVASCRIPT 1)

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2OSVZY9U\061-2882.pt[1].dist

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2OSVZY9U\061-2882.pt[1].dist=>(JAVASCRIPT 1)

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2OSVZY9U\desktop.ini

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FYXV48IZ\061-2769.pt[1].dist

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FYXV48IZ\061-2769.pt[1].dist=>(JAVASCRIPT 1)

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FYXV48IZ\desktop.ini

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FYXV48IZ\index-windows-1[1].sucatalog

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9UBGHA3\061-2832.pt[1].dist

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9UBGHA3\061-2832.pt[1].dist=>(JAVASCRIPT 1)

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9UBGHA3\061-2882.pt[1].dist

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9UBGHA3\061-2882.pt[1].dist=>(JAVASCRIPT 1)

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9UBGHA3\desktop.ini

Clean

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini

Clean

C:\Documents and Settings\NetworkService\NTUSER.DAT

Clean

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

Clean

C:\Documents and Settings\NetworkService\NTUSER.DAT_BAK_58832

Clean

C:\Documents and Settings\NetworkService\NTUSER.DAT_BAK_84651

Clean

C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_58832.LOG

Clean

C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_84651.LOG

Clean

C:\Documents and Settings\NetworkService\ntuser.ini

Clean

C:\Documents and Settings\NetworkService\ntuser.ini=>(unicode)

Clean

C:\Documents and Settings\Paulo\.gtk-bookmarks

Clean

C:\Documents and Settings\Paulo\.housecall6.6\8ball.txt

Clean

C:\Documents and Settings\Paulo\.housecall6.6\aucfg.ini

Clean

C:\Documents and Settings\Paulo\.housecall6.6\AU_Log\TmuDump.txt

Clean

C:\Documents and Settings\Paulo\.housecall6.6\BPMNT.dll

Clean

C:\Documents and Settings\Paulo\.housecall6.6\ciussi32.dll

Clean

C:\Documents and Settings\Paulo\.housecall6.6\dsvout.dll

Clean

C:\Documents and Settings\Paulo\.housecall6.6\engine.stat

Clean

C:\Documents and Settings\Paulo\.housecall6.6\getMac.exe

Clean

C:\Documents and Settings\Paulo\.housecall6.6\GetServer.ini

Clean

C:\Documents and Settings\Paulo\.housecall6.6\jsapi.dll

Clean

C:\Documents and Settings\Paulo\.housecall6.6\jupdate.dll

Clean

C:\Documents and Settings\Paulo\.housecall6.6\local.conf

Clean

C:\Documents and Settings\Paulo\.housecall6.6\log\2007-03-27-09-22-21.infections

Clean

C:\Documents and Settings\Paulo\.housecall6.6\log\2007-04-07-12-08-11.pending

Clean

C:\Documents and Settings\Paulo\.housecall6.6\log\dsvout.log

Clean

C:\Documents and Settings\Paulo\.housecall6.6\log\engine0.log

Clean

C:\Documents and Settings\Paulo\.housecall6.6\log\error0.log

Clean

C:\Documents and Settings\Paulo\.housecall6.6\log\execution0.log

Clean

C:\Documents and Settings\Paulo\.housecall6.6\patch.exe

Clean

C:\Documents and Settings\Paulo\.housecall6.6\PATCHW32.DLL

Clean

C:\Documents and Settings\Paulo\.housecall6.6\Pattern\lpt$vpn.371

Clean

C:\Documents and Settings\Paulo\.housecall6.6\Pattern\lpt$vpn.395

Clean

C:\Documents and Settings\Paulo\.housecall6.6\Pattern\tmaptn.473

Clean

C:\Documents and Settings\Paulo\.housecall6.6\Pattern\tmaptn.481

Clean

C:\Documents and Settings\Paulo\.housecall6.6\Pattern\tmvamain.ptn

Clean

C:\Documents and Settings\Paulo\.housecall6.6\Pattern\tsc.ptn

Clean

C:\Documents and Settings\Paulo\.housecall6.6\ssapi32.dll

Clean

C:\Documents and Settings\Paulo\.housecall6.6\ssapiptn.da5

Clean

C:\Documents and Settings\Paulo\.housecall6.6\tmcomm.sys

Clean

C:\Documents and Settings\Paulo\.housecall6.6\TmEngDrv.dll

Clean

C:\Documents and Settings\Paulo\.housecall6.6\TmUpdate.dll

Clean

C:\Documents and Settings\Paulo\.housecall6.6\tsc.exe

Clean

C:\Documents and Settings\Paulo\.housecall6.6\Update\AU_Cache\house call65.trendmicro.com\ini_xml.zip

Clean

C:\Documents and Settings\Paulo\.housecall6.6\Update\AU_Cache\house call65.trendmicro.com\ini_xml.zip.etag

Clean

C:\Documents and Settings\Paulo\.housecall6.6\Update\AU_Cache\house call65.trendmicro.com\server.ini

Clean

C:\Documents and Settings\Paulo\.housecall6.6\Update\AU_Cache\house call65.trendmicro.com\server.ini.etag

Clean

C:\Documents and Settings\Paulo\.housecall6.6\usrbl.dat

Clean

C:\Documents and Settings\Paulo\.housecall6.6\usrwl.dat

Clean

C:\Documents and Settings\Paulo\.housecall6.6\vsapi32.dll

Clean

C:\Documents and Settings\Paulo\.housecall6.6\vscan.dat

Clean

C:\Documents and Settings\Paulo\Application Data\.bittorrent\data\routing_table

Clean

C:\Documents and Settings\Paulo\Application Data\.bittorrent\data\torrent_config

Clean

C:\Documents and Settings\Paulo\Application Data\.bittorrent\data\ui_config

Clean

C:\Documents and Settings\Paulo\Application Data\.bittorrent\data\ui_state

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\19585ggug5gdb0d6t7198877b26u 1ab6a7a73458

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\4tg5b03g9tb8tb043160d1ga97dt dd18tuab8260

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\5157td112u60399tau6t7t7u3574 a0b16553gtg0

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\6dg8bb7042t27u0u885t053t8tg2 9ad7d04596db

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\809td91618894g8ba8bt31249ddu t9t1970184gd

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\935tbaa2a6u7g1t660au409ug722 ug2248g5330u

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\976g8ad0a98dugd83g7819614u1u 7d4g7u1d2863

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\9a848128u8g2t9g00d2du99b4248 u82255234b02

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\aa45t225gg93dt77ag575272u720 g23gt4b57bub

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\gu3tgg447027308g955739t80187 02bg034tbd37

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\datacache\t7g68618991582133213a5804g45 u7g9a1b57gt9

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\alloc.gif

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\black.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\black1.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\blue.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\green.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\green1.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\icon_bt.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\icon_done.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\red.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\white.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\yellow.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\icons\yellow1.ico

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\36camara_de_shaolin.ratDVD.tor rent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\3_filmes_de_camaras_escondidas _em_balnearios_e_vestuarios_femininos.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\4400_SEASON3_Pack1.iso.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\4400_SEASON3_Pack2.ISO.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\4400_SEASON3_Pack3.ISO.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\A.Girls.Guide.To.21st.Century. Sex_4_of_8_[XviD]_-_Peh.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Ainda.ha.pastores.ratDVD-RuShY.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Ass.Parade.10.XviD-NYMPHO.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\A_Girls_Guide_To_21st_Century_ Sex_1_of_8_[XviD]_-_Peh.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\A_Girls_Guide_To_21st_Century_ Sex_2_of_8_[XviD]_-_Peh.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Battlestar_Galactica_-_Season_2.0.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Battlestar_Galactica_-_Season_2.5.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Battlestar_Galactica_-_Season_One.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Battlestar_Galactica_-_The_Movie.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Battlestar_Galactica_-_The_Resistance_-_All_Webisodes.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\bloodsport_dvd_rip.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Britney.Spears.exposed.*****.i n.xxx.upskirt.paparazzi.video.(2).torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Britney[1].Spears.*****.Shots.XXX.Images-NICE*****.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Bruna_Surfistinha_e_Suas_Amiga s_na_Sex_Shop.rar.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\carmen_kinsley_manojob[1].wmv.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Celtic_Woman_-_Celtic_Woman_-_2005.By.NeXinhA.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Da_weasel_-_3_ordm__Cap_tulo.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Desperate.Housewives.S3.PT.DVD 1-EVO.ratDVD.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Desperate.Housewives.Season1.H DTV.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Desperate_Housewives_-_Season_2.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\era_uma_vez_o_espaco_-_ep._21_a_23.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\era_uma_vez_o_espaco_-_episodios_15_a_17.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Era_uma_vez_o_espaco_ep._10-11.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\era_uma_vez_o_espaco_ep._12-13.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\era_uma_vez_o_espa_o_-_ep._18_a_20.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\ESTIGMA.ratDVD.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Frat_House_****fest_4_XXX_DVDR ip_2007.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Futurama_-_Season_1_fix.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Futurama_-_Season_2.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Futurama_-_Season_4_fix.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Futurama_-_Season_5.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Gato.Fedorento.Bloopers.avi.to rrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Gato.Fedorento.Serie.Lopes.da. Silva.D1.PORTUGUESE.PAL.DVDR-TrusT(2).torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Gato.Fedorento.Serie.Lopes.da. Silva.D1.PORTUGUESE.PAL.DVDR-TrusT.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Gato_Fedorento_-_Serie_Lopes_da_Silva_DVD2.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\.BTuga\torrent\Gato_Fedorento_S_rie_Lopes_da_ Silva_-_Extras_DvD_3_DvdRip-_TCK.torrent

Clean

C:\Documents and Settings\Paulo\Application Data\Mozilla\Firefox\Profiles\mtiiwgph.default\Cac he\_CACHE_002_

Suspected of: Trojan.Downloader.Tibs.FW

C:\Documents and Settings\Paulo\Application Data\Mozilla\Firefox\Profiles\mtiiwgph.default\Cac he\_CACHE_002_

Disinfection failed

C:\Documents and Settings\Paulo\Application Data\Mozilla\Firefox\Profiles\mtiiwgph.default\Cac he\_CACHE_002_

Deleted

C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP498\A0814127.exe=>(CAB Sfx r)=>server.exe

Infected with: MemScan:Backdoor.VB.EV

C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP498\A0814127.exe=>(CAB Sfx r)=>server.exe

Disinfection failed

C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP498\A0814127.exe=>(CAB Sfx r)=>server.exe

Deleted

C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP498\A0814127.exe=>(CAB Sfx r)

Update failed

C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP508\A0816871.exe

Infected with: Trojan.Downloader.Cartao.A

C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP508\A0816871.exe

Disinfection failed

C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP508\A0816871.exe

Deleted

C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP509\A0817110.exe

Infected with: Dropped:Backdoor.Nucleroot.A

C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP509\A0817110.exe

Disinfection failed

C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP509\A0817110.exe

Deleted

C:\WINDOWS\scvhost.exe

Infected with: MemScan:Backdoor.VB.EV

C:\WINDOWS\scvhost.exe

Disinfection failed

C:\WINDOWS\scvhost.exe

Delete failed

C:\WINDOWS\system32\ii

Infected with: Generic.Botget.93990DAA

C:\WINDOWS\system32\ii

Deleted

---------------------------------------------------------
AVG Anti-Spyware - Relatório de verificação
---------------------------------------------------------

+ Criação: 17:07:04 07-04-2007

+ Resultado da verificação:

HKU\S-1-5-21-1482476501-413027322-839522115-1003\Software\Internet Security -> Adware.IntCodec : Ignorado.
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP509\A0817191.exe -> Logger.Banker.ces : Ignorado.
:mozilla.107:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.2o7 : Ignorado.
:mozilla.30:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.2o7 : Ignorado.
:mozilla.51:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Ignorado.
:mozilla.52:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Ignorado.
:mozilla.53:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Ignorado.
:mozilla.20:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Ignorado.
:mozilla.21:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Ignorado.
:mozilla.22:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Ignorado.
:mozilla.23:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Ignorado.
:mozilla.18:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Atdmt : Ignorado.
:mozilla.154:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Casalemedia : Ignorado.
:mozilla.155:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Casalemedia : Ignorado.
:mozilla.156:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Casalemedia : Ignorado.
:mozilla.252:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.254:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.257:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.611:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.612:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.613:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.85:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.86:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.87:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.88:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.89:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.90:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.91:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Ignorado.
:mozilla.26:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Doubleclick : Ignorado.
:mozilla.526:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Fortunecity : Ignorado.
:mozilla.527:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Fortunecity : Ignorado.
:mozilla.250:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Imrworldwide : Ignorado.
:mozilla.251:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Imrworldwide : Ignorado.
:mozilla.151:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Information : Ignorado.
:mozilla.152:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Information : Ignorado.
:mozilla.153:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Information : Ignorado.
:mozilla.60:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Netflame : Ignorado.
:mozilla.61:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Netflame : Ignorado.
:mozilla.184:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Paypal : Ignorado.
:mozilla.31:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Ignorado.
:mozilla.32:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Ignorado.
:mozilla.33:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Ignorado.
:mozilla.34:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Ignorado.
:mozilla.499:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Realmedia : Ignorado.
:mozilla.500:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Realmedia : Ignorado.
:mozilla.501:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Realmedia : Ignorado.
:mozilla.149:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revenue : Ignorado.
:mozilla.16:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.17:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.19:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.25:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.27:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.28:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.29:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Ignorado.
:mozilla.11:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Ignorado.
:mozilla.12:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Ignorado.
:mozilla.7:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Ignorado.
:mozilla.9:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Ignorado.
:mozilla.591:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Toplist : Ignorado.
:mozilla.80:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Weborama : Ignorado.
:mozilla.62:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Webtrends : Ignorado.
:mozilla.13:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Webtrendslive : Ignorado.
:mozilla.14:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Webtrendslive : Ignorado.

::Fim do relatório

Logfile of HijackThis v1.99.1
Scan saved at 23:33:38, on 07-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe
C:\Windows\Cursors\Rg2catbd.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netcount\Netcount.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rg2catbd.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\hjtscan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Rg2catbd] C:\Windows\Cursors\Rg2catbd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [hnrtbr] C:\WINDOWS\mjhor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Netcount] "C:\Program Files\Netcount\Netcount.exe" 0
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: javsu.exe
O4 - Global Startup: Rg2catbd.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130637954328
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFB5811A-89ED-4053-AAD5-CC1689495FBB}: NameServer = 195.23.129.126,194.79.69.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

**jholland1964** · 04-07-2007, 07:55 PM

May I ask why you didn't fix things found with the AVG Anti-spy? Or I don't believe you did, English is my only language.

**Duldrus** · 04-08-2007, 06:42 AM

Hi judy,
Here's another HijackThis, and AVG Anti-spy log (this time I've fixed things). Sorry about the language. Here's a little translation from portuguese to english:

Limpo - Clean
Limpo com backup (em quarentena). - Clean with backup (in quarantine).

Thanks for the help.

Cheers

---------------------------------------------------------
AVG Anti-Spyware - Relatório de verificação
---------------------------------------------------------

+ Criação: 12:09:39 08-04-2007

+ Resultado da verificação:

HKU\S-1-5-21-1482476501-413027322-839522115-1003\Software\Internet Security -> Adware.IntCodec : Limpo com backup (em quarentena).
C:\System Volume Information\_restore{016FEF87-EFC8-46C4-B8F6-A72F79B0D36C}\RP509\A0817191.exe -> Logger.Banker.ces : Limpo com backup (em quarentena).
:mozilla.326:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.2o7 : Limpo.
:mozilla.363:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.2o7 : Limpo.
:mozilla.115:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Limpo.
:mozilla.116:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Limpo.
:mozilla.125:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Limpo.
:mozilla.215:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Limpo.
:mozilla.216:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Limpo.
:mozilla.306:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Limpo.
:mozilla.310:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Adbrite : Limpo.
:mozilla.173:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Limpo.
:mozilla.174:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Limpo.
:mozilla.175:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Limpo.
:mozilla.178:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Limpo.
:mozilla.179:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Advertising : Limpo.
:mozilla.147:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Atdmt : Limpo.
:mozilla.314:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Bfast : Limpo.
:mozilla.210:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Burstnet : Limpo.
:mozilla.211:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Burstnet : Limpo.
:mozilla.212:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Burstnet : Limpo.
:mozilla.375:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Casalemedia : Limpo.
:mozilla.376:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Casalemedia : Limpo.
:mozilla.377:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Casalemedia : Limpo.
:mozilla.217:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Clickzs : Limpo.
:mozilla.218:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Clickzs : Limpo.
:mozilla.307:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Clickzs : Limpo.
:mozilla.308:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Clickzs : Limpo.
:mozilla.309:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Clickzs : Limpo.
:mozilla.311:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Clickzs : Limpo.
:mozilla.29:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.30:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.31:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.32:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.33:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.34:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.35:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.36:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.37:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.42:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.46:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.47:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.50:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.51:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.57:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.770:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.771:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Connextra : Limpo.
:mozilla.20:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Doubleclick : Limpo.
:mozilla.239:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Fastclick : Limpo.
:mozilla.241:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Fastclick : Limpo.
:mozilla.685:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Fortunecity : Limpo.
:mozilla.686:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Fortunecity : Limpo.
:mozilla.242:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Goclick : Limpo.
:mozilla.243:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Goclick : Limpo.
:mozilla.188:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Googleadservices : Limpo.
:mozilla.195:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Googleadservices : Limpo.
:mozilla.438:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Imrworldwide : Limpo.
:mozilla.439:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Imrworldwide : Limpo.
:mozilla.374:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Information : Limpo.
:mozilla.213:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Masterstats : Limpo.
:mozilla.349:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Netflame : Limpo.
:mozilla.350:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Netflame : Limpo.
:mozilla.245:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Paycounter : Limpo.
:mozilla.303:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Paypal : Limpo.
:mozilla.327:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Limpo.
:mozilla.328:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Limpo.
:mozilla.329:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Limpo.
:mozilla.330:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Pointroll : Limpo.
:mozilla.263:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Realmedia : Limpo.
:mozilla.264:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Realmedia : Limpo.
:mozilla.265:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Realmedia : Limpo.
:mozilla.373:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revenue : Limpo.
:mozilla.318:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Limpo.
:mozilla.319:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Limpo.
:mozilla.320:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Limpo.
:mozilla.322:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Limpo.
:mozilla.323:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Limpo.
:mozilla.324:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Limpo.
:mozilla.325:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Revsci : Limpo.
:mozilla.22:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Serving-sys : Limpo.
:mozilla.23:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Serving-sys : Limpo.
:mozilla.24:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Serving-sys : Limpo.
:mozilla.25:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Serving-sys : Limpo.
:mozilla.26:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Serving-sys : Limpo.
:mozilla.27:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Serving-sys : Limpo.
:mozilla.113:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sexcounter : Limpo.
:mozilla.114:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sexcounter : Limpo.
:mozilla.135:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sexlist : Limpo.
:mozilla.120:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Limpo.
:mozilla.121:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Limpo.
:mozilla.122:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Limpo.
:mozilla.123:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Limpo.
:mozilla.124:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Sextracker : Limpo.
:mozilla.100:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Specificclick : Limpo.
:mozilla.101:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Specificclick : Limpo.
:mozilla.102:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Specificclick : Limpo.
:mozilla.99:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Specificclick : Limpo.
:mozilla.107:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Statcounter : Limpo.
:mozilla.108:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Statcounter : Limpo.
:mozilla.109:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Statcounter : Limpo.
:mozilla.110:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Statcounter : Limpo.
:mozilla.111:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Statcounter : Limpo.
:mozilla.112:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Statcounter : Limpo.
:mozilla.750:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Toplist : Limpo.
:mozilla.13:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Weborama : Limpo.
:mozilla.21:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Weborama : Limpo.
:mozilla.146:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Webtrends : Limpo.
:mozilla.315:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Webtrendslive : Limpo.
:mozilla.316:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Webtrendslive : Limpo.
:mozilla.191:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Yieldmanager : Limpo.
:mozilla.192:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Yieldmanager : Limpo.
:mozilla.193:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Yieldmanager : Limpo.
:mozilla.194:C:\Documents and Settings\Paulo\My Documents\cookies.txt -> TrackingCookie.Yieldmanager : Limpo.

::Fim do relatório

Logfile of HijackThis v1.99.1
Scan saved at 12

45, on 08-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe
C:\Windows\Cursors\Rg2catbd.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mjhor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netcount\Netcount.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rg2catbd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\hjtscan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Rg2catbd] C:\Windows\Cursors\Rg2catbd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [hnrtbr] C:\WINDOWS\mjhor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Netcount] "C:\Program Files\Netcount\Netcount.exe" 0
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: javsu.exe
O4 - Global Startup: Rg2catbd.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130637954328
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFB5811A-89ED-4053-AAD5-CC1689495FBB}: NameServer = 195.23.129.126,194.79.69.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

**jholland1964** · 04-08-2007, 11:23 AM

Can you attempt the Kaspersky scan once more?

**jholland1964** · 04-08-2007, 12:10 PM

Your logs show that you are infected with numerous trojans. Some of them being password stealing programs having to do with online banking.
It will monitor access to internet banking websites and try to get information regarding username and passwords.
This trojan will mostly target Austrian Banks:

Anetbanking.at
raiffeisen.at
elba.at
hypo.at
vkb-bank.at

As well Citibank.de and common sites as:

amazon.com
ebay.com
paypal.com

Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

May I ask, did you run AVG Anti-spy in SAFE MODE?

**jholland1964** · 04-08-2007, 12:35 PM

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

**Duldrus** · 04-08-2007, 02:21 PM

I've run SDFix.exe in Safe Mode and after that, in normal mode i've run Catchme. Finally i've done a new scan with HijackThis (Enabling the Viewing of Hidden Files). Here are the logs

Thanks for the support Judy.

SDFix: Version 1.77

Run by Paulo - 08-04-2007 - 19:54:05,20

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\Program Files\Setup.exe - Deleted
C:\WINDOWS\offlog.txt - Deleted
C:\WINDOWS\system32\TFTP1876 - Deleted
C:\WINDOWS\system32\TFTP3004 - Deleted

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr .exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\h elpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\BTuga Revolution\\btuga.exe"="C:\\Program Files\\BTuga Revolution\\btuga.exe:*:Enabled:btuga"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\All Users\\start menu\\programs\\startup\\fbguad.exe"="C:\\Document s and Settings\\All Users\\Start Menu\\Programs\\Startup\\fbguad.exe:*:Enabled:mbbo lax"
"C:\\Documents and Settings\\All Users\\start menu\\programs\\startup\\javsu.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\javsu.exe:*:Enabled:bllor xz"
"C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.e xe:*:Enabled:Microsoft Windows"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\9ACBD6C83C.sys
C:\WINDOWS\system32\DF72A9CF4D.sys
C:\WINDOWS\system32\KGyGaAvL.sys

Finished

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Logfile of HijackThis v1.99.1
Scan saved at 20:08:58, on 08-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe
C:\Windows\Cursors\Rg2catbd.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mjhor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netcount\Netcount.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\javsu.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rg2catbd.exe
C:\Program Files\HijackThis\hjtscan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Rg2catbd] C:\Windows\Cursors\Rg2catbd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hnrtbr] C:\WINDOWS\mjhor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Netcount] "C:\Program Files\Netcount\Netcount.exe" 0
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: javsu.exe
O4 - Global Startup: Rg2catbd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130637954328
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFB5811A-89ED-4053-AAD5-CC1689495FBB}: NameServer = 195.23.129.126,194.79.69.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

Thread: "Socket error 11004" Need help!!!

Thread Tools

Display

Hybrid View

"Socket error 11004" Need help!!!

Thread Information

Users Browsing this Thread

Posting Permissions