NEW Hijackthis log and worries

Question

SilentBob3208 0 Junior Poster

19 Years Ago

Earlier last week I had post many hijackthis logs, the last one i posted looked good, but, I saved a new log and some new problems have appeared it seems

Logfile of HijackThis v1.98.2
Scan saved at 12:48:30 PM, on 9/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATLAO32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\BOBBY'S FOLDER\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tqcyu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {D30AC97E-6571-1DC7-4A47-4FD27E4BC8A4} - C:\WINDOWS\SDKZF.DLL
O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IEGR32.EXE] C:\WINDOWS\IEGR32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATLAO32.EXE] C:\WINDOWS\SYSTEM\ATLAO32.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/05419fb1e7b47ee54019/netzip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)

plus in my Windows starter program, which controls what programs start and start-up, I see 2 new things on there, one is ATLAO32.EXE and the other one is IEGR32.EXE

windows-virus

3 Contributors
4 Replies
157 Views
7 Months Discussion Span
Latest Post 18 Years Ago Latest Post by llagrod

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

SilentBob3208 0 Junior Poster · Answer 1 · 2004-09-28T22:57:34+00:00

I failed to mention also when I open internet explorer and type in a web URL, I get an error message "Explorer has caused an error in INETCPL.CPL Explorer will now close. Furthermore, when I switch to full screen mode in IE (F11) Then when I go back to normal screen, I get this warning message "Load Skin::åèçâåñòíîå èñêëþ÷åíèå!"

SilentBob3208 0 Junior Poster · Answer 2 · 2004-09-30T00:48:47+00:00

Today, I rebooted the computer and I ran Ad-Aware Personal and I did a scan. Below is the log.

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, September 29, 2004 2:37:44 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R10 28.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):1 total references
404search(TAC index:5):4 total references
BargainBuddy(TAC index:8):2 total references
BlazeFind(TAC index:5):1 total references
BookedSpace(TAC index:10):1 total references
CoolWebSearch(TAC index:10):85 total references
DealHelper(TAC index:7):3 total references
istbar(TAC index:6):2 total references
MRU List(TAC index:0):1 total references
Tracking Cookie(TAC index:3):2 total references
VX2(TAC index:10):2 total references
win32.winshow(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

9-29-2004 2:37:44 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293900415
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294966943
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294964967
Threads : 4
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294862547
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:5 [LEXBCES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294876371
Threads : 6
Priority : Normal
FileVersion : 5,12,00,00
ProductVersion : 5,12,00,00
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2000 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:6 [RPCSS.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294888115
Threads : 5
Priority : Normal
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
ProductName : Microsoft(R) Windows NT(TM) Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe
#:7 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294796151
Threads : 5
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:8 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294823963
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:9 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294721207
Threads : 19
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
#:10 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294760487
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:11 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294644355
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:12 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294811815
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
404search Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchbar.searchband.1
404search Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchbar.searchband.1
Value :
404search Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchbar.searchband
404search Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchbar.searchband
Value :
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 5

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email="default@serving-sys"]default@serving-sys[/email][2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@serving-sys.com/
Expires : 1-1-2038 4:00:00 AM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 6

Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email="default@serving-sys"]default@serving-sys[/email][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@serving-sys[2].txt
CoolWebSearch Object Recognized!
Type : File
Data : A0005108.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005109.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

BargainBuddy Object Recognized!
Type : File
Data : A0005110.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : Download Module
CompanyName : eXact Advertising
FileDescription : Download Module
InternalName : Download Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exdl.exe

CoolWebSearch Object Recognized!
Type : File
Data : A0005111.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005112.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

BargainBuddy Object Recognized!
Type : File
Data : A0005113.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Upload Module
CompanyName : eXact Advertising
FileDescription : Upload Module
InternalName : Upload Utility
LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : exul.exe

CoolWebSearch Object Recognized!
Type : File
Data : A0005114.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005115.CPY
Category : Malware
Comment : CWS.FullSearch
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005116.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005117.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005118.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005119.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005120.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005121.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005122.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005123.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005124.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005125.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005126.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005127.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005128.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005129.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005130.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005131.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005132.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005133.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005134.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005135.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005136.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005137.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005138.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005139.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005140.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005141.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005142.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005143.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005144.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005145.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005146.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005147.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005148.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : A0005149.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 0, 1, 4, 30
ProductVersion : 0, 1, 4, 30
ProductName : twaintec
CompanyName : Twaintec
FileDescription : www.twain-tech.com
InternalName : twaintec
LegalCopyright : Copyright © 2003
OriginalFilename : twaintec.dll
Comments : www.Twain-Tech.com

istbar Object Recognized!
Type : File
Data : A0005150.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : I5Tactivex Module
FileDescription : 15Tactivex Module
InternalName : 15Tactive_x
LegalCopyright : Copyright 2003
OriginalFilename : I5Tact1vex.DLL

BookedSpace Object Recognized!
Type : File
Data : A0005151.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : BookedSpace.dll
LegalCopyright : TODO: (c) <Company name>. All rights reserved.
OriginalFilename : BookedSpace.dll

istbar Object Recognized!
Type : File
Data : A0005152.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : I5Tactivex Module
FileDescription : 15Tactivex Module
InternalName : 15Tactive_x
LegalCopyright : Copyright 2003
OriginalFilename : I5Tact1vex.DLL

CoolWebSearch Object Recognized!
Type : File
Data : A0005153.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

VX2 Object Recognized!
Type : File
Data : A0005154.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calling Home
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
LegalCopyright : callinghome.biz © 2004
OriginalFilename : Caller.exe

CoolWebSearch Object Recognized!
Type : File
Data : A0005155.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

BlazeFind Object Recognized!
Type : File
Data : A0005156.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.0.0.15
ProductVersion : 1.0.0.0
CompanyName : Kalptaru Infotech Ltd.

win32.winshow Object Recognized!
Type : File
Data : A0005157.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005158.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005159.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005160.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005161.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005162.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005163.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005164.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005165.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005166.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005167.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005168.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005169.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005170.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005171.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005172.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005173.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005174.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005175.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005176.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005177.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005178.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005179.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005180.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005181.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005182.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005183.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005184.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005185.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005186.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005187.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005188.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005189.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005190.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005191.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005192.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005193.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005194.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005195.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005196.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005197.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

180Solutions Object Recognized!
Type : File
Data : A0005198.CPY
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005199.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005200.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

DealHelper Object Recognized!
Type : File
Data : A0005201.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : DealHelper Application
FileDescription : DealHelper
InternalName : DealHelper
LegalCopyright : Copyright (C) 2003
OriginalFilename : DealHelper.EXE

CoolWebSearch Object Recognized!
Type : File
Data : A0005202.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

CoolWebSearch Object Recognized!
Type : File
Data : A0005203.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

win32.winshow Object Recognized!
Type : File
Data : A0005204.CPY
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 104

Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 104

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
win32.winshow Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings
Value : Trust Warning Level
win32.winshow Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\microsoft\windows\currentversion\internet settings
Value : Trust Warning Level
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shareddlls
Value : C:\WINDOWS\dhbrwsr.exe
DealHelper Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shareddlls
Value : C:\WINDOWS\dhsvr.exe
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 108
2:42:47 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:02.530
Objects scanned:56783
Objects identified:107
Objects ignored:0
New critical objects:107

Now, when i went to delete these files, a pop up came up saying the following files could not be removed and there are too many files to list but I believe all of the files on the list came from C:\_RESTORE\TEMP\... but i'm not 100% sure of that. IE is still having the problems I stated in the last post.

D-Bug 0 Newbie Poster · Answer 3 · 2005-05-12T18:31:52+00:00

Hi There,

Not that I personally would have a clue about how to deal with this, but I had a similar problem, and managed to find the following advice on how to 'flush' the Restore directory (and thus get rid of the file in question).

See

http://forums.wugnet.com/-_RESTORE-TEMP-A0132717.CPY-ftopict192182.html

I followed the advice from this link AFTER disinfecting all the rest of the junk on the PC with Ad-Aware, and the computer now seems to be all sparkly clean.

Cheers,

D-Bug.

llagrod 0 Newbie Poster · Answer 4 · 2005-05-26T19:00:39+00:00

Logfile of HijackThis v1.99.1
Scan saved at 07:59:55 a.m., on 26/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\qttask.exe
D:\Archivos de programa\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
D:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
D:\Archivos de programa\Creative\MediaSource\Detector\CTDetect.exe
D:\Archivos de programa\System Mechanic 4 Professional\PopupStopper.exe
D:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rodrigo Llaguno\Escritorio\hijactis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/girlsdigscars
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] C:\windows\system32\qttask.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "d:\Archivos de programa\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CloneCDTray] "D:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Error Nuker] D:\Archivos de programa\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] D:\Archivos de programa\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Archivos de programa\System Mechanic 4 Professional\PopupStopper.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6C6A77C7-B4CC-4792-BB9D-5B50A211F69E} (ProductInformation Control) - http://www.iolo.com/app/ocx/ProductInformation.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Control HouseCall) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B33152D8-04D6-44C1-9BAB-A3C03C5070E1}: NameServer = 200.33.146.194 200.33.146.202
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O21 - SSODL: System - {EF4D11C7-D475-4CEF-8FD0-FCEDEF67AF83} - vr_sys.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe

WHAT CAN I FIX??