Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 5619

Sep 28th, 2004

NEW Hijackthis log and worries

Expand Post »

Earlier last week I had post many hijackthis logs, the last one i posted looked good, but, I saved a new log and some new problems have appeared it seems

Logfile of HijackThis v1.98.2
Scan saved at 12:48:30 PM, on 9/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATLAO32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\BOBBY'S FOLDER\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tqcyu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {D30AC97E-6571-1DC7-4A47-4FD27E4BC8A4} - C:\WINDOWS\SDKZF.DLL
O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IEGR32.EXE] C:\WINDOWS\IEGR32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATLAO32.EXE] C:\WINDOWS\SYSTEM\ATLAO32.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/05419fb1...p/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)

plus in my Windows starter program, which controls what programs start and start-up, I see 2 new things on there, one is ATLAO32.EXE and the other one is IEGR32.EXE

Similar Threads

Helping yourself: What to do before starting a new thread or posting a HiJackThis log in Viruses, Spyware and other Nasties
Help with HiJackThis log, please in Viruses, Spyware and other Nasties
problems with MSIESH.DLL in Viruses, Spyware and other Nasties
hijackthis log in Viruses, Spyware and other Nasties
Stu's Hijackthis log file. in Viruses, Spyware and other Nasties

SilentBob3208

Reputation Points: 10

Solved Threads: 1

Junior Poster

Offline

124 posts
since Apr 2004

Permalink

Sep 28th, 2004

Re: NEW Hijackthis log and worries

I failed to mention also when I open internet explorer and type in a web URL, I get an error message "Explorer has caused an error in INETCPL.CPL Explorer will now close. Furthermore, when I switch to full screen mode in IE (F11) Then when I go back to normal screen, I get this warning message "Load Skin::�?åèçâåñòíîå èñêëþ÷åíèå!"

SilentBob3208

Reputation Points: 10

Solved Threads: 1

Junior Poster

Offline

124 posts
since Apr 2004

Permalink

Sep 29th, 2004

Re: NEW Hijackthis log and worries

Today, I rebooted the computer and I ran Ad-Aware Personal and I did a scan. Below is the log.

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, September 29, 2004 2:37:44 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file

E1R10 28.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):1 total references
404search(TAC index:5):4 total references
BargainBuddy(TAC index:8):2 total references
BlazeFind(TAC index:5):1 total references
BookedSpace(TAC index:10):1 total references
CoolWebSearch(TAC index:10):85 total references
DealHelper(TAC index:7):3 total references
istbar(TAC index:6):2 total references
MRU List(TAC index:0):1 total references
Tracking Cookie(TAC index:3):2 total references
VX2(TAC index:10):2 total references
win32.winshow(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

9-29-2004 2:37:44 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293900415
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294966943
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294964967
Threads : 4
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294862547
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:5 [LEXBCES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294876371
Threads : 6
Priority : Normal
FileVersion : 5,12,00,00
ProductVersion : 5,12,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:6 [RPCSS.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294888115
Threads : 5
Priority : Normal
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
ProductName : Microsoft(R) Windows NT(TM) Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe
#:7 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294796151
Threads : 5
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:8 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294823963
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:9 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294721207
Threads : 19
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
#:10 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294760487
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:11 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294644355
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:12 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294811815
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
404search Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchbar.searchband.1
404search Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchbar.searchband.1
Value :
404search Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchbar.searchband
404search Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchbar.searchband
Value :
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 5

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@serving-sys.com/
Expires : 1-1-2038 4:00:00 AM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 6

Deep scanning and examining files (c

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@serving-sys[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@serving-sys[2].txt
CoolWebSearch Object Recognized!
Type : File
Data : A0005108.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005109.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

BargainBuddy Object Recognized!
Type : File
Data : A0005110.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe

CoolWebSearch Object Recognized!
Type : File
Data : A0005111.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005112.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

BargainBuddy Object Recognized!
Type : File
Data : A0005113.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe

CoolWebSearch Object Recognized!
Type : File
Data : A0005114.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005115.CPY
Category : Malware
Comment : CWS.FullSearch
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005116.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005117.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005118.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005119.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005120.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005121.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005122.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005123.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005124.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005125.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005126.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005127.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005128.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005129.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005130.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005131.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005132.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005133.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005134.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005135.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005136.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005137.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005138.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005139.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005140.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005141.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005142.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005143.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005144.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005145.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005146.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005147.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005148.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : A0005149.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 0, 1, 4, 30
ProductVersion : 0, 1, 4, 30
ProductName : twaintec
CompanyName : Twaintec
FileDescription : www.twain-tech.com
InternalName : twaintec
LegalCopyright : Copyright © 2003
OriginalFilename : twaintec.dll
Comments : www.Twain-Tech.com

istbar Object Recognized!
Type : File
Data : A0005150.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : I5Tactivex Module
FileDescription : 15Tactivex Module
InternalName : 15Tactive_x
LegalCopyright : Copyright 2003
OriginalFilename : I5Tact1vex.DLL

BookedSpace Object Recognized!
Type : File
Data : A0005151.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : BookedSpace.dll
LegalCopyright : TODO: (c) <Company name>. All rights reserved.
OriginalFilename : BookedSpace.dll

istbar Object Recognized!
Type : File
Data : A0005152.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : I5Tactivex Module
FileDescription : 15Tactivex Module
InternalName : 15Tactive_x
LegalCopyright : Copyright 2003
OriginalFilename : I5Tact1vex.DLL

CoolWebSearch Object Recognized!
Type : File
Data : A0005153.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : A0005154.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe

CoolWebSearch Object Recognized!
Type : File
Data : A0005155.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

BlazeFind Object Recognized!
Type : File
Data : A0005156.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.0.0.15
ProductVersion : 1.0.0.0
CompanyName : Kalptaru Infotech Ltd.

win32.winshow Object Recognized!
Type : File
Data : A0005157.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005158.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005159.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005160.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005161.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005162.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005163.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005164.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005165.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005166.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005167.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005168.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005169.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005170.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005171.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005172.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005173.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005174.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005175.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005176.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005177.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005178.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005179.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005180.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005181.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005182.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005183.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005184.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005185.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005186.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005187.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005188.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005189.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005190.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005191.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005192.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005193.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005194.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005195.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005196.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005197.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

180Solutions Object Recognized!
Type : File
Data : A0005198.CPY
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005199.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005200.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

DealHelper Object Recognized!
Type : File
Data : A0005201.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : DealHelper Application
FileDescription : DealHelper
InternalName : DealHelper
LegalCopyright : Copyright (C) 2003
OriginalFilename : DealHelper.EXE

CoolWebSearch Object Recognized!
Type : File
Data : A0005202.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005203.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

win32.winshow Object Recognized!
Type : File
Data : A0005204.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 104

Deep scanning and examining files (d

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 104

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
win32.winshow Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings
Value : Trust Warning Level
win32.winshow Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\microsoft\windows\currentversion\internet settings
Value : Trust Warning Level
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shareddlls
Value : C:\WINDOWS\dhbrwsr.exe
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shareddlls
Value : C:\WINDOWS\dhsvr.exe
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 108
2:42:47 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:02.530
Objects scanned:56783
Objects identified:107
Objects ignored:0
New critical objects:107

Now, when i went to delete these files, a pop up came up saying the following files could not be removed and there are too many files to list but I believe all of the files on the list came from C:\_RESTORE\TEMP\... but i'm not 100% sure of that. IE is still having the problems I stated in the last post.

SilentBob3208

Reputation Points: 10

Solved Threads: 1

Junior Poster

Offline

124 posts
since Apr 2004

Permalink

May 12th, 2005

Re: NEW Hijackthis log and worries

Hi There,

Not that I personally would have a clue about how to deal with this, but I had a similar problem, and managed to find the following advice on how to 'flush' the Restore directory (and thus get rid of the file in question).

See

http://forums.wugnet.com/-_RESTORE-T...ict192182.html

I followed the advice from this link AFTER disinfecting all the rest of the junk on the PC with Ad-Aware, and the computer now seems to be all sparkly clean.

Cheers,

D-Bug.

D-Bug

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

1 posts
since May 2005

Permalink

May 26th, 2005

Re: ARGHHHHH MY DESKTOP HAS BEEN HACKED

Logfile of HijackThis v1.99.1
Scan saved at 07:59:55 a.m., on 26/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\qttask.exe
D:\Archivos de programa\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
D:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
D:\Archivos de programa\Creative\MediaSource\Detector\CTDetect.exe
D:\Archivos de programa\System Mechanic 4 Professional\PopupStopper.exe
D:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rodrigo Llaguno\Escritorio\hijactis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/girlsdigscars
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] C:\windows\system32\qttask.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "d:\Archivos de programa\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CloneCDTray] "D:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Error Nuker] D:\Archivos de programa\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] D:\Archivos de programa\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Archivos de programa\System Mechanic 4 Professional\PopupStopper.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6C6A77C7-B4CC-4792-BB9D-5B50A211F69E} (ProductInformation Control) - http://www.iolo.com/app/ocx/ProductInformation.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Control HouseCall) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B33152D8-04D6-44C1-9BAB-A3C03C5070E1}: NameServer = 200.33.146.194 200.33.146.202
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O21 - SSODL: System - {EF4D11C7-D475-4CEF-8FD0-FCEDEF67AF83} - vr_sys.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe

WHAT CAN I FIX??

llagrod

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

1 posts
since May 2005

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Specialgoods.info infection

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Help me please!

DaniWeb Message

Cancel Changes

User Name
Password