ULWINDOWSEEK!!!!

owenevans · Jun 5, 2006

Hello all.. as it seems most people are having similar problems finding a solution to this one I'm starting a new thread jsut because I've been through many others and had no success. If im double posting without reason I apologize to the moderators/administrators but Im pulling my hair out over this one.

Two windows one titled ULwindow seek and one titles ULwindowURL are poping up sporadicaly and I also beleive they may be responsible for additional pop ups that are more recently becoming a nuisance. the new of the pop ups seem to pose as wizards or removal tools and attemt to mislead the user into installing additional software. I can elaborate if nessecary.

Logfile of HijackThis v1.99.1
Scan saved at 5:55:48 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Serv-U\SERVUD~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\b28f933b.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1135721093\ee\AOLHostManager.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Common Files\AOL\1135721093\ee\AOLServiceHost.exe
C:\Program Files\Serv-U\ServUTray.exe
C:\Program Files\Sizer\sizer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135721093\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [b28f933b.exe] C:\WINDOWS\system32\b28f933b.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Pamela.exe] "C:\Program Files\Pamela\Pamela.exe"
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [b28f933b.exe] C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\b28f933b.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: office.exe
O4 - Global Startup: Sizer.lnk = C:\Program Files\Sizer\sizer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winubh32 - C:\WINDOWS\SYSTEM32\winubh32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\Serv-U\SERVUD~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

-kemisti- · Jun 5, 2006

Hi owenevans

Fix with HjT (do a system scan only, checkmark these and press fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O4 - HKLM\..\Run: [b28f933b.exe] C:\WINDOWS\system32\b28f933b.exe
O4 - HKCU\..\Run: [b28f933b.exe] C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\b28f933b.exe
O4 - Global Startup: office.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O20 - Winlogon Notify: winubh32 - C:\WINDOWS\SYSTEM32\winubh32.dll

Please download ewido anti-malware it is a free version of the program -> http://www.ewido.net/en/download/

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
* Install background guard
* Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates -> http://download.ewido.net/ewido-signatures-full-current.exe Make sure to close Ewido before installing the update.

Once the updates are installed do the following:

Reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Delete if found:

C:\WINDOWS\system32\b28f933b.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\b28f933b.exe
C:\WINDOWS\SYSTEM32\winubh32.dll

Then launch ewido:

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Reboot back to normal mode

Send ewido report and a fresh HjT log.

owenevans · Jun 6, 2006

Done and Done. It did remove a ton of stuff so im hopeful that you've solved my issues. It's amazing that you guyz can be so quick to answer and solve people's problems. Heres the new Hijack This Log and the log from ewido, hopefully all is clean.

[bold]Hijack This[/bold]
Logfile of HijackThis v1.99.1
Scan saved at 7:10:40 PM, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Serv-U\SERVUD~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\AOL\1135721093\ee\AOLHostManager.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Common Files\AOL\1135721093\ee\AOLServiceHost.exe
C:\Program Files\Serv-U\ServUTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Sizer\sizer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135721093\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Pamela.exe] "C:\Program Files\Pamela\Pamela.exe"
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Sizer.lnk = C:\Program Files\Sizer\sizer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winubh32 - winubh32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~1\Serv-U\SERVUD~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[bold]Ewido[/bold]

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:07:49 PM, 6/6/2006
+ Report-Checksum: 4B746E74

+ Scan result:

[244] C:\WINDOWS\system32\winubh32.dll -> Trojan.Agent.qt : Error during cleaning
C:\Program Files\Hijack This\backups\backup-20060606-141933-749-office.exe -> Trojan.KillAV.gf : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Win_whcr\webhancer_winrar.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__winubh32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\WINDOWS\temp\win139.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\temp\win147.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\temp\win14A.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\temp\win151.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\temp\win183.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\temp\win32.tmp.exe -> Downloader.Small.cvw : Cleaned with backup
C:\WINDOWS\temp\winA56.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\temp\winA59.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\temp\winA5F.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\temp\winA62.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\temp\winA66.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup

::Report End

-kemisti- · Jun 6, 2006

Couple leftovers

Fix with HjT (do a system scan only, checkmark these and press fix checked):

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O20 - Winlogon Notify: winubh32 - winubh32.dll (file missing)

Reboot and send a fresh HjT log. How are things running now?

magopro · Jun 18, 2006

ulwindow seek!!!!!!!! what can i do???? its the same problem.

Logfile of HijackThis v1.99.1
Scan saved at 19:38:29, on 18/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security

Center\SymWSC.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\WinRAR\WinRAR.exe
C:\DOCUME~1\Mauricio\CONFIG~1\Temp\Rar$EX00.767\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://www.google.cl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.google.cl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

res://C:\WINDOWS\system32\grbkr.dll/sp.html#94115
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.cl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\WINDOWS\system32\grbkr.dll/sp.html#94115
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://espanol.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://www.google.cl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://e1.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://espanol.searc

h.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.cl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Vínculos
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\System\msconfig.exe /auto
O8 - Extra context menu item: &Google Search - res://c:\archivos de

programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página -

res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de

programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de

programa\google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de

programa\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Archivos de programa\Internet

Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {00000000-0000-0000-0000-100000000003} -

http://code.trasferimento.biz/l/3a07cc130de7a5eb9ade53fe63439333_35.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/

wuweb_site.cab?1095372953976
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

http://www.symantec.com/techsupp/asa/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winusx32 - C:\WINDOWS\SYSTEM32\winusx32.dll
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec

Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation

- C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -

C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de

programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp

Software GmbH - C:\Archivos de programa\TuneUp Utilities

2006\WinStylerThemeSvc.exe

please help me , regards from chile.

-kemisti- · Jun 18, 2006

Hi magopro

That's not your only problem :/

First of all I need you to download some programs for use later.

Download About:Buster from http://www.malwarebytes.org/AboutBuster.zip here. Once it is downloaded extract it to c:\aboutbuster. Don't use it yet

Download CWShredder from http://www.intermute.com/spysubtract/cwshredder_download.html here, install it, check for updates but again, don't use it yet.

Please download http://www.atribune.org/ccount/click.php?id=1 ATF Cleaner by Atribune and save
it to desktop. Don't use it yet.

Download http://www.ewido.net/en/download Ewido anti-malware].

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
* Install background guard
* Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful").

Don't do anything more yet with Ewido.

Move HijackThis to own folder -> c:\hjt

Make you hidden and system files visible -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Next, go to Start -> Run and type "Services.msc" (without quotes) then hit Ok

Scroll down and find the service called System Startup Service (SvcProc). When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

Please disconnect from the Internet and unplug your modem for the duration of this fix You may want to print the rest of these instructions.

Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE

Open cwshredder that you downloaded in the first step. Close all browser windows and click on the fix/next button.

Now find and delete these files, if you can't find one then don't worry. Just move on to the next one.

C:\WINDOWS\system32\grbkr.dll
C:\WINDOWS\svcproc.exe
C:\WINDOWS\SYSTEM32\winusx32.dll

Open HijackThis, press do a system scan only and checkmark these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\system32\grbkr.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\system32\grbkr.dll/sp.html#94115
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O16 - DPF: {00000000-0000-0000-0000-100000000003} -
http://code.trasferimento.biz/l/3a07cc130de7a5eb9ade53fe63439333_...
O20 - Winlogon Notify: winusx32 - C:\WINDOWS\SYSTEM32\winusx32.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe (file missing)

Close all windows and programs, including browser and press fix checked.

The following step is important as you may have several malware files in your temp directories.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Now navigate to the c:\aboutbuster directory and double-click on AboutBuster.exe. Click Begin Removal to allow AboutBuster to scan. When it has finished, AboutBuster will open a 'Scan Completed' window. Click OK. Another information window will open. Click on Exit. AboutBuster will inform you that a log has been created. Click OK. I will need you to post that log later.

Launch ewido while you're still in safe mode:

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Now reboot back to normal mode and run hijackthis again and post a fresh log along with the about:buster log and the Ewido log.

magopro · Jun 19, 2006

Hi kemisti thanks a lot for your help and sorry my english, all is clean now here attach the reports:

---------------------------------------------------------
ewido anti-malware - Report de exploración
---------------------------------------------------------

+ Creado en: 21:59:17, 18/06/2006
+ Report-Checksum: C7CE31F7

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{510AB07F-3518-33E9-7A97-2FEAB90306EB} -> Adware.CoolWebSearch : Limpio con backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Limpio con backup
HKLM\SOFTWARE\ohbbackup -> Adware.EliteBar : Limpio con backup
HKLM\SOFTWARE\ohbbackup\EliteSideBar -> Adware.EliteBar : Limpio con backup
HKLM\SOFTWARE\ohbbackup\EliteToolBar -> Adware.EliteBar : Limpio con backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc -> Adware.BetterInternet : Limpio con backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security -> Adware.BetterInternet : Limpio con backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum -> Adware.BetterInternet : Limpio con backup
HKU\S-1-5-21-448539723-1580818891-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{510AB07F-3518-33E9-7A97-2FEAB90306EB} -> Adware.CoolWebSearch : Limpio con backup
HKU\S-1-5-21-448539723-1580818891-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A406068-D45C-40B9-A096-38AC717FB608} -> Adware.WebDir : Limpio con backup
[220] C:\WINDOWS\system32\winusx32.dll -> Trojan.Agent.vg : Limpio con backup
C:\bac2.exe -> Worm.VB.dz : Limpio con backup
C:\WINDOWS\system32\netvh32.dll -> Downloader.Agent.bc : Limpio con backup
C:\WINDOWS\system32\winusx32.dll -> Trojan.Agent.vg : Limpio con backup
C:\WINDOWS\system32\txfdb32.dll -> Downloader.WarSpy.c : Limpio con backup
C:\WINDOWS\system32\srpcsrv32.dll -> Downloader.WarSpy.c : Limpio con backup
C:\WINDOWS\Temp\win15.tmp.exe -> Trojan.Dialer.oy : Limpio con backup
C:\WINDOWS\Temp\win19.tmp.exe -> Trojan.Dialer.oy : Limpio con backup
C:\WINDOWS\Temp\win1C.tmp.exe -> Trojan.Dialer.oy : Limpio con backup
C:\WINDOWS\Temp\win22.tmp.exe -> Trojan.Dialer.oy : Limpio con backup
C:\WINDOWS\Temp\win25.tmp.exe -> Trojan.Dialer.oy : Limpio con backup
C:\WINDOWS\nzylup.dat -> Downloader.Agent.bc : Limpio con backup
C:\WINDOWS\Downloaded Program Files\WinAdServX.dll -> Adware.WinAD : Limpio con backup
C:\WINDOWS\xwhdyc.dat -> Downloader.Agent.bc : Limpio con backup
C:\WINDOWS\wpfabt.dat -> Downloader.Agent.bc : Limpio con backup
C:\WINDOWS\assest.dll -> Trojan.Dialer.bi : Limpio con backup
C:\WINDOWS\sasent.dll -> Trojan.Dialer.bi : Limpio con backup
C:\Documents and Settings\Mauricio\Configuración local\Temp\cliB.tmp -> Trojan.Agent.vg : Limpio con backup
C:\Documents and Settings\Mauricio\Configuración local\Temp\winD.tmp.exe -> Hijacker.Small : Limpio con backup
C:\Documents and Settings\Mauricio\Configuración local\Temp\win14.tmp.exe -> Downloader.Obfuscated.a : Limpio con backup
C:\Documents and Settings\Mauricio\Configuración local\Temp\win10.tmp.exe -> Trojan.Dialer.oy : Limpio con backup
C:\Documents and Settings\Mauricio\Configuración local\Temp\OA.exe -> Downloader.PurityScan.cq : Limpio con backup
C:\Documents and Settings\Mauricio\Configuración local\Temp\cli23.tmp -> Trojan.Agent.vg : Limpio con backup
C:\Documents and Settings\Mauricio\Configuración local\Temp\temp.frEC92 -> Not-A-Virus.Hoax.Win32.Renos.dt : Limpio con backup
C:\Documents and Settings\Mauricio\Configuración local\Archivos temporales de Internet\Content.IE5\Y1VCTC3Q\srvumv[1].exe -> Trojan.Dialer.oy : Limpio con backup
C:\Documents and Settings\Mauricio\Configuración local\Datos de programa\e19b8588.exe -> Downloader.Obfuscated.a : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@com[2].txt -> TrackingCookie.Com : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@image.masterstats[1].txt -> TrackingCookie.Masterstats : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@com[3].txt -> TrackingCookie.Com : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@fastclick[2].txt -> TrackingCookie.Fastclick : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@statcounter[1].txt -> TrackingCookie.Statcounter : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@www.burstnet[1].txt -> TrackingCookie.Burstnet : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@casalemedia[2].txt -> TrackingCookie.Casalemedia : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@starware[2].txt -> TrackingCookie.Starware : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@yadro[1].txt -> TrackingCookie.Yadro : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@tacoda[1].txt -> TrackingCookie.Tacoda : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@yadro[2].txt -> TrackingCookie.Yadro : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@112.2o7[2].txt -> TrackingCookie.2o7 : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@emimusic.122.2o7[1].txt -> TrackingCookie.2o7 : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@c.enhance[1].txt -> TrackingCookie.Enhance : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Limpio con backup
C:\Documents and Settings\Mauricio\Cookies\mauricio@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Limpio con backup
C:\Archivos de programa\Archivos comunes\tasmrmtr\pcrufbfa\ooaptbbd.exe -> Adware.Gator : Limpio con backup
C:\Archivos de programa\Archivos comunes\tasmrmtr\tddudonept\buattadmb.exe -> Adware.Gator : Limpio con backup
C:\bac.exe -> Worm.VB.dz : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP382\A0072799.exe -> Hijacker.StartPage.qp : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP382\A0072795.exe -> Adware.SaveNow : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP382\A0072800.exe -> Hijacker.StartPage.qp : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP382\A0072801.exe -> Hijacker.StartPage.qp : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP382\A0072802.exe -> Hijacker.StartPage.qp : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP382\A0072803.exe -> Hijacker.StartPage.qp : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP382\A0072804.exe -> Hijacker.StartPage.qp : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP382\A0072805.exe -> Hijacker.StartPage.qp : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073841.exe -> Downloader.PurityScan.cq : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073843.exe -> Downloader.PurityScan.cq : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073846.dll -> Not-A-Virus.Hoax.Win32.Renos.dt : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073876.exe -> Downloader.Zlob.ts : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073877.exe -> Downloader.Zlob.tw : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073940.dll -> Adware.Webdir : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073941.dll -> Trojan.Dialer.bi : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073942.dll -> Trojan.Dialer.bi : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073943.exe -> Trojan.Stervis.b : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073944.exe -> Downloader.Obfuscated.a : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073945.exe -> Downloader.Obfuscated.a : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP383\A0073955.exe -> Downloader.Obfuscated.a : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP384\A0073973.exe -> Trojan.Dialer.oy : Limpio con backup
C:\System Volume Information\_restore{827AAD4E-46C2-427F-AFA8-9BCAE9E6932F}\RP384\A0073974.exe -> Trojan.Dialer.oy : Limpio con backup
C:\AntiVirScan.exe -> Worm.VB.dz : Limpio con backup

::Fin Report

ATF -cleaner no report, run time error '339':component comctl32.ocx or one of its dependencies not correctly registered: a file missing or invalid".

Logfile of HijackThis v1.99.1
Scan saved at 23:56:03, on 19/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security

Center\SymWSC.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mauricio\Mis documentos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://www.google.cl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.cl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://www.google.cl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://e1.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://espanol.searc

h.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.cl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Vínculos
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\System\msconfig.exe /auto
O8 - Extra context menu item: &Google Search - res://c:\archivos de

programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página -

res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de

programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de

programa\google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de

programa\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Archivos de programa\Internet

Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/

wuweb_site.cab?1095372953976
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

http://www.symantec.com/techsupp/asa/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de

programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec

Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation

- C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de

programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp

Software GmbH - C:\Archivos de programa\TuneUp Utilities

2006\WinStylerThemeSvc.exe

Another thing the tuneup utilities 2006 is really necesary?

Thanks for all regards. MAGO.

-kemisti- · Jun 19, 2006

@magopro: Do you mean that about:buster didn't work?

If so, get that missing file from here -> http://www.ascentive.com/support/new/support_dll.phtml?dllname=COMCTL32.OCX
and try again running about:buster

Send a fresh HjT log and about:buster logfile.

If you succeeded in running about:buster, please send its log here

magopro · Jun 20, 2006

Hi Kemisti fixed the trouble:
R E P O R T S

cwshredder:

**** Run Keys ****

**** Browser Helper Objects ****

**** IE Toolbars ****

**** IE Extensions ****

IEExt: [Messenger] C:\Archivos de programa\Messenger\msmsgs.exe

**** Hosts File Entries ****

**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://home.microsoft.com/search/search.asp
Local Page: www.google.cl
Search Bar: http://home.microsoft.com/search/search.asp
Search Page: http://home.microsoft.com/search/search.asp

**** IE Context Menu (Right click) ****

IEContext: [&Google Search] res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsearch.html
IEContext: [Instantánea de caché de la página] res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
IEContext: [Páginas similares] res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsimilar.html
IEContext: [Páginas vinculadas] res://c:\archivos de programa\google\GoogleToolbar1.dll/cmbacklinks.html

**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C7EAA47-9690-4E41-BF3B-98D42DA498CC}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C7EAA47-9690-4E41-BF3B-98D42DA498CC}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9ECD8337-D07D-4EA9-80D4-85DB61DC768D}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9ECD8337-D07D-4EA9-80D4-85DB61DC768D}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A066E814-E309-4B1A-B1B5-33D993B45D9D}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A066E814-E309-4B1A-B1B5-33D993B45D9D}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{899E7590-0785-4B4D-AC7C-2E7B93E21B56}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{899E7590-0785-4B4D-AC7C-2E7B93E21B56}] DATAGRAM 2

**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No

**** Downloaded Program Files ****

{0000000A-9980-0010-8000-00AA00389B71} [http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab]
{00000162-9980-0010-8000-00AA00389B71} [http://codecs.microsoft.com/codecs/i386/wma9dmo.cab]
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} [http://www.symantec.com/techsupp/asa/LSSupCtl.cab] C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll
{33564D57-0000-0010-8000-00AA00389B71} [http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB]
{33564D57-9980-0010-8000-00AA00389B71} [http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab] C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
{6414512B-B978-451D-A0D8-FCFDF33E833C} [http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095372953976]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_15-windows-i586.cab]
{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_15-windows-i586.cab]
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} [http://www.symantec.com/techsupp/asa/SymAData.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]

**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[ewido security suite control] C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[navapsvc] C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SBService] C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SNDSrvc] "C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe"
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{1E085F2C-39ED-41CD-AA23-4EEF99DF51CD}
[SymWSC] C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[TUWinStylerThemeSvc] "C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe"
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs

**** Custom IE Search Items ****

SEARCH: []
SEARCH: [CustomizeSearch] http://www.google.cl
SEARCH: [SearchAssistant] http://home.microsoft.com/search/search.asp
SEARCH: [SearchAssistant] http://home.microsoft.com/search/search.asp
SEARCH: [CustomizeSearch] http://www.google.com/preferences?hl={SUB_RFC1766}
SEARCH: []

**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] www.google.cl
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Check_Associations] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use FormSuggest] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Use Search Asst]
IEOPT: [hpnt]
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Start Page] http://www.google.cl/
IEOPT: [SearchURL]
IEOPT: [FirstHomePage] http://www.google.cl
IEOPT: [HistoryViewType]
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [AutoSearch]
IEOPT: [NscSingleExpand]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [Force Offscreen Composition]
IEOPT: [FavIntelliMenus] no
IEOPT: [UseThemes]
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [AllowWindowReuse]
IEOPT: [ShowGoButton] yes
IEOPT: [Friendly http errors] yes
IEOPT: [SmoothScroll]
IEOPT: [Print_Background] no
IEOPT: [Play_Animations] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Show image placeholders]
IEOPT: [Display Inline Videos] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [BandRest]
IEOPT: [Enable Browser Extensions] yes
IEOPT: [LastCheckedHi]
IEOPT: [Use Custom Search URL]
IEOPT: [Search Page] http://home.microsoft.com/search/search.asp
IEOPT: [Search Bar] http://home.microsoft.com/search/search.asp
IEOPT: [Default_Page_URL] http://home.microsoft.com/search/search.asp
IEOPT: [SearchAssistant] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [HomeOldSP] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [AddClsutid] z‚¯A://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [FullScreen] no
IEOPT: [AddClsReg]
IEOPT: [AddClsID]
IEOPT: [AClsBnxt] 9¶A
IEOPT: [AddClsADtid]
IEOPT: [SearchURL]
IEOPT: [FirstHomePage] http://www.google.cl
IEOPT: [Enable Browser Extensions] yes
IEOPT: [Search Page] http://home.microsoft.com/search/search.asp
IEOPT: [BandRest]
IEOPT: [Search Bar] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://home.microsoft.com/search/search.asp
IEOPT: [SearchAssistant] http://home.microsoft.com/search/search.asp
IEOPT: [HomeOldSP] http://home.microsoft.com/search/search.asp
----------------------------------------------------------------------

BUSTER REPORT:

AboutBuster 6.02
Scan started on [20/06/2006] at [21:00:07]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 21:02:16
----------------------------------------------------------------------

HIJACKTHIS REPORT:

Logfile of HijackThis v1.99.1
Scan saved at 21:15:09, on 20/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mauricio\Mis documentos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.cl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.cl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://e1.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://espanol.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.cl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095372953976
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe

----------------------------------------------------------------------

Thanks a lot again all is clean and safe.

-kemisti- · Jun 20, 2006

@magopro: Yes, logs are ok and you're welcome

Log in or Sign up

ULWINDOWSEEK!!!!

owenevans Member

-kemisti- Active member

owenevans Member

-kemisti- Active member

magopro Member

-kemisti- Active member

magopro Member

-kemisti- Active member

magopro Member

-kemisti- Active member

Share This Page

Log in or Sign up

ULWINDOWSEEK!!!!

owenevans Member

-kemisti- Active member

owenevans Member

-kemisti- Active member

magopro Member

-kemisti- Active member

magopro Member

-kemisti- Active member

magopro Member

-kemisti- Active member

Share This Page

Useful Searches