Spyware troubles - please help

Log is clean.

How about firewall ? Please download and install one.

 

download? im using windows security> isnt that secure enuff? anyway thanks a lot. u're so helpful.

 

No, it isn't good enought. Your choise

 

Tapiiri, ever since I removed the files you said I should delete, the FPS on an online game I often play (World of Warcraft) has decreased somewhat... Is that perhaps that I deleted vital files, something else got in and infected my computer, or something completely different?? My log anyways:

-----

Logfile of HijackThis v1.99.1
Scan saved at 20:10:18, on 01/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-europe.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialoffer.com/results.asp?keyword=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialoffer.com/results.asp?keyword=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099485805796
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/sysiasvc32_EN_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_EN_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Please help me out

 

Log's clean.

Please tell more that problem.

 

Well when playing the 'Windows Task Manager' running and it reported that the CPU was working at 100% most of the time, if the computers not working the ebst it can could that cause the game to not play at its best? It also seems like the game is working less and less than what it could too However... most other things like the computer itself are working okay. Did that help? ;P

 

Yes, there is something what use too much resources.

Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/

Boot comp to safemode:
http://www.pchell.com/support/safemode.shtml

Launc Ewido, put to settings "scan every file"
Scan with Ewido complete system scan, save the raport.

Boot normally and send ewido's raport.

 

Okay, I'll do that now

 

On second thought, I'll wait until tomorrow to do the scan and report, got to 37% and go bored... ;P But there was 50+ 'Threats' on my computer up to that point 0_o

By the way, it seems my computer is acting slower... I think, might just be thinking it, it's 10:30 PM and I ain't had much sleep lately ;P

 

Alright , hello everyone , i have a problem and i would appreciate if u can give me some tips , i have this little thingy red icon on my task bar that saids im infected with virus , and a yellow triangle with an exclamation point on it , i have seen that everyone is posting their " hijackthis " log files , so ill post mines , hope everyone can help me out here

Logfile of HijackThis v1.99.1
Scan saved at 12:59:18 AM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\COMMON~1\MBOLS~1\msdtc.exe
C:\Program Files\?dobe\?xplorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JUANSI~1\LOCALS~1\Temp\Rar$EX00.963\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hmcyhcu.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD9ED.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Cdso] "C:\PROGRA~1\COMMON~1\MBOLS~1\msdtc.exe" -vt mt
O4 - HKCU\..\Run: [Kgytm] C:\Program Files\?dobe\?xplorer.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [zuof] C:\PROGRA~1\COMMON~1\zuof\zuofm.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winvew32 - C:\WINDOWS\SYSTEM32\winvew32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: KJEVYEZDBLM - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JUANSI~1\LOCALS~1\Temp\KJEVYEZDBLM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

alright , that was it...
any suggestions ?

 

@UO777:

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)

 

alright , the scan log file shows me this:

SmitFraudFix v2.37

Scan done at 1:21:25.64, Tue 05/02/2006
Run from C:\Documents and Settings\Juan Sierra\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\twain32.dll FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Juan Sierra\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!! Attention, follow keys are not inevitably infected !!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"

[HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\twain32.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\twain32.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

* Move HjT into its own folder -> C:\hjt
* Open HjT, click do a system scan only, checkmark these and press fix checked:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [Cdso] "C:\PROGRA~1\COMMON~1\MBOLS~1\msdtc.exe" -vt mt
O4 - HKCU\..\Run: [Kgytm] C:\Program Files\?dobe\?xplorer.exe
O4 - HKCU\..\Run: [zuof] C:\PROGRA~1\COMMON~1\zuof\zuofm.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O20 - Winlogon Notify: winvew32 - C:\WINDOWS\SYSTEM32\winvew32.dll

Do you have any idea what's this?

O23 - Service: KJEVYEZDBLM - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JUANSI~1\LOCALS~1\Temp\KJEVYEZDBLM.exe

If not, fix it too.

* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Delete these:
C:\PROGRA~1\COMMON~1\MBOLS~1
C:\Program Files\?dobe ? = unknown character, might be A
C:\PROGRA~1\COMMON~1\zuof
C:\WINDOWS\SYSTEM32\winvew32.dll
(C:\DOCUME~1\JUANSI~1\LOCALS~1\Temp\KJEVYEZDBLM.exe)

* Double-click smitfraudfix.cmd
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Reboot, send a fresh HjT log and contents of C:\rapport.txt

 

alright so i did what u told me too and i think the problem was fix because i didnt had the icons on the task bar , but stil , the hijackthis log goes

Logfile of HijackThis v1.99.1
Scan saved at 1:49:40 AM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Juan Sierra\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hmcyhcu.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winvew32 - C:\WINDOWS\SYSTEM32\winvew32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



and the Rapport :

SmitFraudFix v2.37

Scan done at 1:45:27.19, Tue 05/02/2006
Run from C:\Documents and Settings\Juan Sierra\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\twain32.dll Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End


fixed? , any other spyware that i have to remove?

 

Yep, two more left.

Download KillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Unzip,open and select Delete on Reboot
Then copy the line below

C:\WINDOWS\SYSTEM32\winvew32.dll

Click File > Paste from Clipboard
Press Delete (red circle with white X)
Answer yes to any questions and if computer doesn't reboot, reboot it by yourself.

Download Blacklight and save it to ytour desktop http://www.f-secure.com/blacklight/try.shtml
Doubleclick blbeta.exe, accept agreement, click > Scan, then > Next

You'll see a list. There will be log on your desktop named fsbl.xxxxxxx.log (xxxxxxx = random numbers).

Copy and paste that list to your next reply along with a fresh Hjt log.

 

alright so mm , the hijackthis log goes:

Logfile of HijackThis v1.99.1
Scan saved at 2:08:01 AM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Juan Sierra\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hmcyhcu.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winvew32 - winvew32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


and the fsbl list :

05/02/06 02:05:21 [Info]: BlackLight Engine 1.0.36 initialized
05/02/06 02:05:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/02/06 02:05:24 [Note]: 7019 4
05/02/06 02:05:24 [Note]: 7005 0
05/02/06 02:05:30 [Note]: 7006 0
05/02/06 02:05:30 [Note]: 7011 1472
05/02/06 02:05:30 [Note]: 7026 0
05/02/06 02:05:31 [Note]: 7026 0
05/02/06 02:05:42 [Note]: FSRAW library version 1.7.1015
05/02/06 02:07:28 [Note]: 2000 1006
05/02/06 02:07:49 [Note]: 7007 0


i also used to have a problem where a lot of pop-ups were opened , with some freaky faces and stuff, some others asking me to install desktop bars and they tend to drag icons to the desktop , any idea of what that is? , or they're just deleted in all this thingies that i have doned by your instructions...?

 

Ok.

First try to find this file:

hmcyhcu.exe (use Find-function -> all files and folders -> options
and select three upper ones)

Delete if found

Fix these lines:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hmcyhcu.exe
O20 - Winlogon Notify: winvew32 - winvew32.dll (file missing)

Reboot and send a fresh HjT log.

Yes, those were related to eg. PurityScan that you had on your computer.

 

alright here's the Hijack log scan

Logfile of HijackThis v1.99.1
Scan saved at 2:22:55 AM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Juan Sierra\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

still having threads ?

 

@UO777: It's clean now

 

Here's my report, tapiiri, there was 110 'threats'...

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 15:35:31, 02/05/2006
+ Report-Checksum: 36E5293E

+ Scan result:

HKLM\SOFTWARE\Classes\BHO.Adware -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Classes\BHO.Adware\CLSID -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Classes\BHO.Adware\CurVer -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Classes\BHO.Hider -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Classes\BHO.Hider\CLSID -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Classes\BHO.Hider.1 -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Microsoft\Netstat -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Microsoft\Webext -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Netsync -> Adware.Begin2Search : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RsyncMon -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\Bolger -> Adware.VX2 : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4006DCA3-433D-4FC8-AC36-42DA7797DCB7} -> Adware.eZula : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4487598C-2EC7-43A2-870E-6D8D720FDD9F} -> Adware.SafeSurfing : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70230839-555C-4862-8D42-BB1E2352502C} -> Adware.SafeSurfing : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3 -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3\eeennn -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3\kkws -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3\ppops -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3\reel -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3\ssites -> Adware.Begin2Search : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@advertising[1].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@servedby.advertising[2].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored
C:\Documents and Settings\Guest\Cookies\guest@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Ignored
C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Guest\Cookies\guest@cliks[2].txt -> TrackingCookie.Cliks : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@adtech[2].txt -> TrackingCookie.Adtech : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@advertising[2].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@as1.falkag[2].txt -> TrackingCookie.Falkag : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@sextracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@valueclick[1].txt -> TrackingCookie.Valueclick : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@zedo[2].txt -> TrackingCookie.Zedo : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@com[2].txt -> TrackingCookie.Com : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@zedo[2].txt -> TrackingCookie.Zedo : Ignored
C:\Documents and Settings\Liam\Start Menu\NoCreditCard.url -> Adware.UnwantedIcons : Ignored
C:\Documents and Settings\Mo\Cookies\mo@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignored
C:\Documents and Settings\Mo\Cookies\mo@aavalue[2].txt -> TrackingCookie.Aavalue : Ignored
C:\Documents and Settings\Mo\Cookies\mo@as1.falkag[1].txt -> TrackingCookie.Falkag : Ignored
C:\Documents and Settings\Mo\Cookies\mo@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Mo\Cookies\mo@casinotropez[1].txt -> TrackingCookie.Casinotropez : Ignored
C:\Documents and Settings\Mo\Cookies\mo@data3.perf.overture[2].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Mo\Cookies\mo@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Ignored
C:\Documents and Settings\Mo\Cookies\mo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Mo\Cookies\mo@perf.overture[1].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Mo\Cookies\mo@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored
C:\Documents and Settings\Mo\Cookies\mo@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignored
C:\Documents and Settings\Mo\Cookies\mo@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Ignored
C:\Documents and Settings\Mo\Local Settings\Temp\delwbi.tmp -> Dialer.Generic : Ignored
C:\Documents and Settings\Rachel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-593ebb39-534913fa.class -> Downloader.OpenStream.y : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@adtech[2].txt -> TrackingCookie.Adtech : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@advertising[2].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@as1.falkag[2].txt -> TrackingCookie.Falkag : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@ilead.itrack[1].txt -> TrackingCookie.Itrack : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@media.fastclick[2].txt -> TrackingCookie.Fastclick : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignored
C:\HJT\backups\backup-20060428-083256-541.dll -> Trojan.P2E.cl : Ignored
C:\lf_6E8.tmp -> Downloader.Dluca : Ignored
C:\lf_8B4.tmp -> Downloader.Dluca : Ignored
C:\lf_D74.tmp -> Downloader.Dluca : Ignored
C:\lf_F38.tmp -> Downloader.Dluca : Ignored
C:\nj.exe -> Downloader.Small.cpg : Ignored
C:\Program Files\Common Files\WinSoftware\WFF.exe -> Adware.Winfixer : Ignored
C:\Program Files\Microsoft AntiSpyware\Quarantine\CD6564C3-7E31-4ED2-BF75-3AC343\05AF3AA7-BF3E-44D9-BEE9-BD840D -> Trojan.P2E.cl : Ignored
C:\temp\180SAPack.exe -> Downloader.Small.asf : Ignored
C:\WINDOWS\system32\cache32_rtneg2 -> Adware.Begin2Search : Ignored
C:\WINDOWS\system32\cache32_rtneg2\100dsktptr.bin -> Adware.Begin2Search : Ignored
C:\WINDOWS\system32\cache32_rtneg2\msg.bin -> Adware.Begin2Search : Ignored
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Ignored
C:\WINDOWS\system32\drivers\etc\hosts.msn -> Trojan.Qhost.r : Ignored
C:\WINDOWS\system32\drivers\WFF.sys -> Adware.Winfixer : Ignored
C:\WINDOWS\system32\eg_auth_srv_1049.dll -> Trojan.P2E.cl : Ignored
C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Ignored
C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Ignored
C:\WINDOWS\system32\mxwecra.exe -> Adware.NaviPromo : Ignored
C:\WINDOWS\system32\sysiasvc32.dll -> Dialer.EGroup.u : Ignored
C:\WINDOWS\system32\syswbsvc32.dll -> Dialer.InstantAccess.e : Ignored
C:\WINDOWS\Temp\Cookies\kyle@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored
C:\WINDOWS\Temp\Cookies\liam@bfast[1].txt -> TrackingCookie.Bfast : Ignored
C:\WINDOWS\Temp\Cookies\mo@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Ignored
C:\WINDOWS\Temp\Cookies\mo@cliks[2].txt -> TrackingCookie.Cliks : Ignored


::Report End