Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - nilton


  • Please log in to reply
9 replies to this topic

#1 nilton

nilton

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 06 March 2005 - 11:57 AM

my computer doesnt work after using many program, I used the Ad-Aware SE but without success and it is my first time using hijackThis. Please, help me

Logfile of HijackThis v1.99.1
Scan saved at 10:47:57 a.m., on 06/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\rpcss_pl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\atlan.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
D:\Archivos de programa\MsgPlus.exe
C:\Archivos de programa\MindSoft\MindSoft Utilities XP 8 Beta 5\taskaccl.exe
C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es-la\msnappau.exe
D:\Archivos de programa\Winamp2\winampa.exe
C:\WINDOWS\system32\appam32.exe
C:\Program Files\Ybseq\Hzzort.exe
C:\WINDOWS\System32\wauctlxp4.exe
C:\WINDOWS\System32\perfcl.exe
C:\WINDOWS\System32\svcsysreg.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuactl2.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
D:\ARCHIV~1\WINZIP\winzip32.exe
C:\Documents and Settings\nilton\Configuración local\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\svqtv.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\svqtv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\svqtv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\svqtv.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\svqtv.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\svqtv.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\svqtv.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOPORTE TECNICO: percy_hurtado@hotmail.com, 57-61-37, 57-27-22
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 198.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0E234239-88FF-11D2-8446-D7234234421F} - C:\WINDOWS\System32\msasmsn7.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es-la\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Archivos de programa\MsgPlus.exe"
O4 - HKLM\..\Run: [biasokayprocstore] C:\Documents and Settings\All Users\Datos de programa\FlapRectBiasOkay\BagsLoud.exe
O4 - HKLM\..\Run: [MindSoft Task Accelerator] C:\Archivos de programa\MindSoft\MindSoft Utilities XP 8 Beta 5\taskaccl.exe /T
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es-la\msnappau.exe"
O4 - HKLM\..\Run: [pijfigzkwxzru] C:\WINDOWS\System32\xqkypab.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Archivos de programa\Winamp2\winampa.exe
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [appam32.exe] C:\WINDOWS\system32\appam32.exe
O4 - HKLM\..\Run: [Juvlowp] C:\Program Files\Ybseq\Hzzort.exe
O4 - HKLM\..\Run: [SndPnpMix] C:\WINDOWS\System32\wauctlxp4.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [Svcsys Registry Manager] C:\WINDOWS\System32\svcsysreg.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\opcional\CONFIG~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunOnce: [atlan.exe] C:\WINDOWS\atlan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Archivos de programa\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Date Manager.lnk = C:\Archivos de programa\Date Manager\DateManager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Archivos de programa\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing)
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\mcm-pillamusica\entrar.html (file missing)
O9 - Extra button: Corel Network monitor worker - {EEB7923A-9177-4D52-8D57-8CDDC93D9716} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {EEB7923A-9177-4D52-8D57-8CDDC93D9716} - C:\WINDOWS\System32\intlmain.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing) (HKCU)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03A89EFD-E023-4606-A22D-45F77558EB4C} (ILINCInstall73 Class) - http://lm-learnlinc.ilinc.com/download/iLinc73i.dll
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_ES_XP.cab
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_ES_XP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/d.../beta/appdl.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_ES_XP.cab
O16 - DPF: {51641EF3-8A7A-4D84-8659-B0911E947CC8} - http://www.contenidospc.com/instalador.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusca.com/s/toolbar/install/interbusca.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CE736832-F8A9-11D4-80C4-0050DA680987} (HearMe (Firewall, Spanish) Voice Control) - http://www.terra.com/chatvoz/hmvcfs.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EC..._1012_ES_XP.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: RPC+ Service Provider (RPCSS+) - Unknown owner - C:\WINDOWS\System32\rpcss_pl.exe
O23 - Service: Workstation NetLogon Service ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\d3jg.exe (file missing)

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:02 AM

Posted 06 March 2005 - 11:02 PM

Download the attached zip file and unzip it to your desktop.

http://www.mvps.org/winhelp2002/DelDomains.inf

Right-click on the deldomains.inf file and select 'Install'

Download cwshredder 2.12 from here:

http://cwshredder.net/bin/CWShredder.exe

Run the file after it is downloaded and click on the fix button. Let it do its thing and when its done, even if it crashes.

When its done run hijackthis again post a new log

#3 nilton

nilton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 22 March 2005 - 02:03 PM

hi Grinler, i did both things after to run an antivirus but the problem is that there is a webpage which open itself. This is www.jimbutt and a window message tha warm a spyware in my computer. This is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 01:44:22 p.m., on 22/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\rpcss_pl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Persystems\Perav\PERVAC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Archivos de programa\MsgPlus.exe
D:\Archivos de programa\Winamp2\winampa.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\Persystems\Perav\PAV.EXE
C:\ARCHIV~1\PERSYS~1\Perav\pertsk.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOPORTE TECNICO: percy_hurtado@hotmail.com, 57-61-37, 57-27-22
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 198.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {314ADA77-A869-4404-A282-FAE9C380A8A4} - C:\WINDOWS\System32\pbbo.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es-la\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Archivos de programa\MsgPlus.exe"
O4 - HKLM\..\Run: [biasokayprocstore] C:\Documents and Settings\All Users\Datos de programa\FlapRectBiasOkay\BagsLoud.exe
O4 - HKLM\..\Run: [MindSoft Task Accelerator] C:\Archivos de programa\MindSoft\MindSoft Utilities XP 8 Beta 5\taskaccl.exe /T
O4 - HKLM\..\Run: [pijfigzkwxzru] C:\WINDOWS\System32\xqkypab.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Archivos de programa\Winamp2\winampa.exe
O4 - HKLM\..\Run: [appam32.exe] C:\WINDOWS\system32\appam32.exe
O4 - HKLM\..\Run: [Juvlowp] C:\Program Files\Ybseq\Hzzort.exe
O4 - HKLM\..\Run: [SndPnpMix] C:\WINDOWS\System32\wauctlxp4.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [Svcsys Registry Manager] C:\WINDOWS\System32\svcsysreg.exe
O4 - HKLM\..\Run: [sysfu.exe] C:\WINDOWS\system32\sysfu.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DENIS\CONFIG~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Archivos de programa\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Date Manager.lnk = C:\Archivos de programa\Date Manager\DateManager.exe
O4 - Global Startup: Actualización de PER Antivirus.lnk = C:\Archivos de programa\Persystems\Perav\PERUPD.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Archivos de programa\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {17BC0F65-4B53-4663-A52A-CD4254FBA8EA} - (no file)
O9 - Extra button: (no name) - {21C203E7-D9D8-4633-80CE-6EFB591085F1} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing)
O9 - Extra button: (no name) - {2AB277CB-6B08-4F78-A330-FFB1BC991493} - (no file)
O9 - Extra button: (no name) - {88986A97-3089-460F-8B2C-11CCDC8CDA5A} - (no file)
O9 - Extra button: (no name) - {96812398-D903-46E6-A70D-7A387CF84CA0} - (no file)
O9 - Extra button: (no name) - {A5A13E58-84BC-4131-AECE-33CB98391711} - (no file)
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\mcm-pillamusica\entrar.html (file missing)
O9 - Extra button: Corel Network monitor worker - {EEB7923A-9177-4D52-8D57-8CDDC93D9716} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {EEB7923A-9177-4D52-8D57-8CDDC93D9716} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {2AB277CB-6B08-4F78-A330-FFB1BC991493} - (no file) (HKCU)
O9 - Extra button: (no name) - {88986A97-3089-460F-8B2C-11CCDC8CDA5A} - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03A89EFD-E023-4606-A22D-45F77558EB4C} (ILINCInstall73 Class) - http://lm-learnlinc.ilinc.com/download/iLinc73i.dll
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_ES_XP.cab
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_ES_XP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/d.../beta/appdl.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_ES_XP.cab
O16 - DPF: {50D10167-EEA3-26FB-0506-1511171BD267} - http://67.19.99.165/1/rdgPE871.exe
O16 - DPF: {51641EF3-8A7A-4D84-8659-B0911E947CC8} - http://www.contenidospc.com/instalador.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusca.com/s/toolbar/install/interbusca.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CE736832-F8A9-11D4-80C4-0050DA680987} (HearMe (Firewall, Spanish) Voice Control) - http://www.terra.com/chatvoz/hmvcfs.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EC..._1012_ES_XP.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: PER Antivirus Security Service (pav_security) - PER SYSTEMS S.A. - C:\Archivos de programa\Persystems\Perav\PAVSS.EXE
O23 - Service: PER Antivirus (pav_service) - PER Systems S.A. - C:\Archivos de programa\Persystems\Perav\PERVAC.EXE
O23 - Service: RPC+ Service Provider (RPCSS+) - Unknown owner - C:\WINDOWS\System32\rpcss_pl.exe

#4 Efwis

Efwis

    The Spyware Killing Dragon


  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:Iowa, USA
  • Local time:09:02 AM

Posted 22 March 2005 - 04:00 PM

1. Click Here to download TheKillbox. Extract TheKillBox.exe from the zip file.

Note: If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run: http://www.javacoolsoftware.net/downloads/...ngfilesetup.exe. Then try TheKillbox again.

2. download Restore.reg and save it to your desktop. you can download this from http://www.bleepingcomputer.com/forums/ind...e=post&id=78601

********************************************************************
The fix

You amy want to print these instructions out for easier reference.

1. use the following command:

sc config rpcss depend= ""

Note: The space after the depend= is necessary.

2. start killbox up and put the below listed file In the 'Enter Full Path and Filename to Delete' box, copy and paste these entries one by one, clicking 'Find and Kill This File' after each one:

C:\WINDOWS\System32\rpcss_pl.exe
c:\windows\system32\systr.dll


Click 'Exit' when done.

Then double click on restore.reg
Posted Image
if you like what I have done please consider making a donation to help fight spyware Posted Image

#5 nilton

nilton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 23 March 2005 - 02:16 AM

the problem was solved, but my system doesnt work properly. I cant open folders, my control panel , no sound. Maybe because i did something wrong before, the result of the virus scanning showed some damaged files. Despite all of this i can run programs which they are in my desk and the last log is:

Logfile of HijackThis v1.99.1
Scan saved at 12:43:40 a.m., on 23/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\Archivos de programa\Persystems\Perav\PERVAC.EXE
C:\WINDOWS\Explorer.EXE
D:\Archivos de programa\MsgPlus.exe
D:\Archivos de programa\Winamp2\winampa.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
D:\Archivos de programa\Netscape\Netscape\Netscp.exe
D:\ARCHIV~1\WINZIP\winzip32.exe
C:\Archivos de programa\MindSoft\MindSoft Utilities XP 8 Beta 5\taskaccl.exe
C:\hjt\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\nilton\CONFIG~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\nilton\CONFIG~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOPORTE TECNICO: percy_hurtado@hotmail.com, 57-61-37, 57-27-22
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 198.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {314ADA77-A869-4404-A282-FAE9C380A8A4} - C:\WINDOWS\System32\pbbo.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es-la\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Archivos de programa\MsgPlus.exe"
O4 - HKLM\..\Run: [biasokayprocstore] C:\Documents and Settings\All Users\Datos de programa\FlapRectBiasOkay\BagsLoud.exe
O4 - HKLM\..\Run: [MindSoft Task Accelerator] C:\Archivos de programa\MindSoft\MindSoft Utilities XP 8 Beta 5\taskaccl.exe /T
O4 - HKLM\..\Run: [pijfigzkwxzru] C:\WINDOWS\System32\xqkypab.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Archivos de programa\Winamp2\winampa.exe
O4 - HKLM\..\Run: [appam32.exe] C:\WINDOWS\system32\appam32.exe
O4 - HKLM\..\Run: [Juvlowp] C:\Program Files\Ybseq\Hzzort.exe
O4 - HKLM\..\Run: [SndPnpMix] C:\WINDOWS\System32\wauctlxp4.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [Svcsys Registry Manager] C:\WINDOWS\System32\svcsysreg.exe
O4 - HKLM\..\Run: [sysfu.exe] C:\WINDOWS\system32\sysfu.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DENIS\CONFIG~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Archivos de programa\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Date Manager.lnk = C:\Archivos de programa\Date Manager\DateManager.exe
O4 - Global Startup: Actualización de PER Antivirus.lnk = C:\Archivos de programa\Persystems\Perav\PERUPD.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Archivos de programa\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {17BC0F65-4B53-4663-A52A-CD4254FBA8EA} - (no file)
O9 - Extra button: (no name) - {21C203E7-D9D8-4633-80CE-6EFB591085F1} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing)
O9 - Extra button: (no name) - {2AB277CB-6B08-4F78-A330-FFB1BC991493} - (no file)
O9 - Extra button: (no name) - {88986A97-3089-460F-8B2C-11CCDC8CDA5A} - (no file)
O9 - Extra button: (no name) - {96812398-D903-46E6-A70D-7A387CF84CA0} - (no file)
O9 - Extra button: (no name) - {A5A13E58-84BC-4131-AECE-33CB98391711} - (no file)
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\mcm-pillamusica\entrar.html (file missing)
O9 - Extra button: Corel Network monitor worker - {EEB7923A-9177-4D52-8D57-8CDDC93D9716} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {EEB7923A-9177-4D52-8D57-8CDDC93D9716} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {2AB277CB-6B08-4F78-A330-FFB1BC991493} - (no file) (HKCU)
O9 - Extra button: (no name) - {88986A97-3089-460F-8B2C-11CCDC8CDA5A} - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03A89EFD-E023-4606-A22D-45F77558EB4C} (ILINCInstall73 Class) - http://lm-learnlinc.ilinc.com/download/iLinc73i.dll
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_ES_XP.cab
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_ES_XP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/d.../beta/appdl.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_ES_XP.cab
O16 - DPF: {50D10167-EEA3-26FB-0506-1511171BD267} - http://67.19.99.165/1/rdgPE871.exe
O16 - DPF: {51641EF3-8A7A-4D84-8659-B0911E947CC8} - http://www.contenidospc.com/instalador.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusca.com/s/toolbar/install/interbusca.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CE736832-F8A9-11D4-80C4-0050DA680987} (HearMe (Firewall, Spanish) Voice Control) - http://www.terra.com/chatvoz/hmvcfs.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EC..._1012_ES_XP.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Filter: text/html - {65EA6CCF-107F-4282-84E0-8010D40ECED6} - C:\WINDOWS\System32\pbbo.dll
O18 - Filter: text/plain - {65EA6CCF-107F-4282-84E0-8010D40ECED6} - C:\WINDOWS\System32\pbbo.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: PER Antivirus Security Service (pav_security) - PER SYSTEMS S.A. - C:\Archivos de programa\Persystems\Perav\PAVSS.EXE
O23 - Service: PER Antivirus (pav_service) - PER Systems S.A. - C:\Archivos de programa\Persystems\Perav\PERVAC.EXE
O23 - Service: RPC+ Service Provider (RPCSS+) - Unknown owner - C:\WINDOWS\System32\rpcss_pl.exe (file missing)

#6 Efwis

Efwis

    The Spyware Killing Dragon


  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:Iowa, USA
  • Local time:09:02 AM

Posted 23 March 2005 - 10:26 AM

You have a nasty About:Blank infection. This fix requires several tools that need to be downloaded. Please download these now, we will run them later.

1) About:Buster - Download it and extract it to C:/aboutbuster.
2) CleanUp! - Download it and install it.
3) CWShredder 2.11 - Download it and save it to your desktop.
4) Ad-ware - Download, install, and update.

Enable hidden files and folders: http://www.bleepingcomputer.com/forums/ind...torial=62#winme

During the fix do NOT connect to the internet. Unless you can memorize these instructions, it would be a good idea to print them out.

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Run AboutBuster
-Click Start to begin the process
-Click OK on the Buster Report dialogue box to start the scan
AboutBuster scans the computer for malicious files and deletes them.
Save the report (copy and paste into Notepad and save as a .txt file) to post a copy for review.

Run CWShredder
-Next, click on the: ‘Fix’ button
-Follow the prompts, and press OK

Run CleanUp
-Make sure it is on Standard Mode
-Click the "CleanUp!" button

Run Ad-Aware
-Configure Ad-Aware for a full system scan
-Run it

Clean Up the left overs

Run HJT, close any open windows, and fix the following items (if they are still there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\nilton\CONFIG~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\nilton\CONFIG~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {314ADA77-A869-4404-A282-FAE9C380A8A4} - C:\WINDOWS\System32\pbbo.dll
O4 - HKLM\..\Run: [pijfigzkwxzru] C:\WINDOWS\System32\xqkypab.exe
O4 - HKLM\..\Run: [appam32.exe] C:\WINDOWS\system32\appam32.exe
O4 - HKLM\..\Run: [Juvlowp] C:\Program Files\Ybseq\Hzzort.exe
O4 - HKLM\..\Run: [Svcsys Registry Manager] C:\WINDOWS\System32\svcsysreg.exe
O4 - HKLM\..\Run: [sysfu.exe] C:\WINDOWS\system32\sysfu.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DENIS\CONFIG~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O9 - Extra button: (no name) - {17BC0F65-4B53-4663-A52A-CD4254FBA8EA} - (no file)
O9 - Extra button: (no name) - {21C203E7-D9D8-4633-80CE-6EFB591085F1} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing)
O9 - Extra button: (no name) - {2AB277CB-6B08-4F78-A330-FFB1BC991493} - (no file)
O9 - Extra button: (no name) - {88986A97-3089-460F-8B2C-11CCDC8CDA5A} - (no file)
O9 - Extra button: (no name) - {96812398-D903-46E6-A70D-7A387CF84CA0} - (no file)
O9 - Extra button: (no name) - {A5A13E58-84BC-4131-AECE-33CB98391711} - (no file)
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\mcm-pillamusica\entrar.html (file missing)
O9 - Extra button: Corel Network monitor worker - {EEB7923A-9177-4D52-8D57-8CDDC93D9716} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {EEB7923A-9177-4D52-8D57-8CDDC93D9716} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {2AB277CB-6B08-4F78-A330-FFB1BC991493} - (no file) (HKCU)
O9 - Extra button: (no name) - {88986A97-3089-460F-8B2C-11CCDC8CDA5A} - (no file) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_ES_XP.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/d.../beta/appdl.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_ES_XP.cab
O16 - DPF: {50D10167-EEA3-26FB-0506-1511171BD267} - http://67.19.99.165/1/rdgPE871.exe
O16 - DPF: {51641EF3-8A7A-4D84-8659-B0911E947CC8} - http://www.contenidospc.com/instalador.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EC..._1012_ES_XP.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O18 - Filter: text/html - {65EA6CCF-107F-4282-84E0-8010D40ECED6} - C:\WINDOWS\System32\pbbo.dll
O18 - Filter: text/plain - {65EA6CCF-107F-4282-84E0-8010D40ECED6} - C:\WINDOWS\System32\pbbo.dll
O23 - Service: RPC+ Service Provider (RPCSS+) - Unknown owner - C:\WINDOWS\System32\rpcss_pl.exe (file missing)[/b]


Then delete the following files (if they exist):

C:\DOCUME~1\nilton\CONFIG~1\Temp\se.dll
C:\WINDOWS\System32\pbbo.dll
C:\WINDOWS\System32\xqkypab.exe
C:\WINDOWS\system32\appam32.exe
C:\Program Files\Ybseq\Hzzort.exe
C:\WINDOWS\System32\svcsysreg.exe
C:\WINDOWS\system32\sysfu.exe
C:\WINDOWS\System32\P2P Networking
C:\WINDOWS\remove_me.dll


Reboot into normal mode (simply restart your computer as you normally would), and run the following free, online virus scans:

http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/co...n_principal.htm
http://housecall.trendmicro.com/housecall/start_corp.asp
Posted Image
if you like what I have done please consider making a donation to help fight spyware Posted Image

#7 nilton

nilton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 24 March 2005 - 12:49 PM

well its done, but some features of my system isnt ok, for example the sound doesnt work.. I wanted to update my windows xp and it appeard a message saying that some necessary files that makes my system run correctly were replaced by unknown version. It says that windows should restore the original versions of those files in order to maintein the system´s stability. In this case i had to insert my cd-rom of windows xp home edition, but it has to wait because i dont have that cd in this moment.

One question, could i fix the line about window title: SOPORTE TECNICO??? i really hate to see it in all pages of internet explorer.

this is the last log

Logfile of HijackThis v1.99.1
Scan saved at 12:25:17 p.m., on 24/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\Archivos de programa\Persystems\Perav\PERVAC.EXE
C:\Archivos de programa\Persystems\Perfw\PFWSVC.EXE
C:\WINDOWS\Explorer.EXE
D:\Archivos de programa\MsgPlus.exe
D:\Archivos de programa\Winamp2\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Persystems\Perav\PAV.EXE
C:\ARCHIV~1\PERSYS~1\Perav\pertsk.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
D:\Archivos de programa\Paltalk\paltalk.exe
D:\Archivos de programa\Netscape\Netscape\Netscp.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOPORTE TECNICO: percy_hurtado@hotmail.com, 57-61-37, 57-27-22
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 198.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F3 - REG:win.ini: run=
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.3000.1001\es-la\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Archivos de programa\MsgPlus.exe"
O4 - HKLM\..\Run: [biasokayprocstore] C:\Documents and Settings\All Users\Datos de programa\FlapRectBiasOkay\BagsLoud.exe
O4 - HKLM\..\Run: [MindSoft Task Accelerator] C:\Archivos de programa\MindSoft\MindSoft Utilities XP 8 Beta 5\taskaccl.exe /T
O4 - HKLM\..\Run: [WinampAgent] D:\Archivos de programa\Winamp2\winampa.exe
O4 - HKLM\..\Run: [SndPnpMix] C:\WINDOWS\System32\wauctlxp4.exe
O4 - HKLM\..\Run: [PerformCl] C:\WINDOWS\System32\perfcl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Archivos de programa\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Date Manager.lnk = C:\Archivos de programa\Date Manager\DateManager.exe
O4 - Global Startup: Actualización de PER Antivirus.lnk = C:\Archivos de programa\Persystems\Perav\PERUPD.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'lsphook.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03A89EFD-E023-4606-A22D-45F77558EB4C} (ILINCInstall73 Class) - http://lm-learnlinc.ilinc.com/download/iLinc73i.dll
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_ES_XP.cab
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusca.com/s/toolbar/install/interbusca.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CE736832-F8A9-11D4-80C4-0050DA680987} (HearMe (Firewall, Spanish) Voice Control) - http://www.terra.com/chatvoz/hmvcfs.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: PER Antivirus Security Service (pav_security) - PER SYSTEMS S.A. - C:\Archivos de programa\Persystems\Perav\PAVSS.EXE
O23 - Service: PER Antivirus (pav_service) - PER Systems S.A. - C:\Archivos de programa\Persystems\Perav\PERVAC.EXE
O23 - Service: PER Firewall Security Service (pfw_security) - PER SYSTEMS S.A. - C:\Archivos de programa\Persystems\Perfw\PFWSS.EXE
O23 - Service: PER Firewall (pfw_service) - PER SYSTEMS S.A. - C:\Archivos de programa\Persystems\Perfw\PFWSVC.EXE

#8 Efwis

Efwis

    The Spyware Killing Dragon


  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:Iowa, USA
  • Local time:09:02 AM

Posted 24 March 2005 - 01:13 PM

first off, yes you can fix that line if you wish. just use Hijack this to fix that.

Second off, we need to fix another problem that occured.

Please Download LSPFix from http://www.downloads.subratam.org/lspfix.zip and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of lsphook.dll. Reboot.

Next to help you along on the path of getting SP2 do the following:

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: [url=http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx]http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx[/b]
Apply the update, reboot, and post a fresh Hijack This log.
Posted Image
if you like what I have done please consider making a donation to help fight spyware Posted Image

#9 nilton

nilton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 27 March 2005 - 08:30 AM

i couldnt install sp1aexpress downloaded from the page you gave me, because says it coudnt prove the integrity of the Update.inf file, another thing , that sp1a has only 1.93MB and i expected 30MB. what should i do?

Logfile of HijackThis v1.99.1
Scan saved at 07:58:29 a.m., on 27/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
C:\Archivos de programa\Persystems\Perav\PERVAC.EXE
C:\Archivos de programa\Persystems\Perfw\PFWSVC.EXE
C:\WINDOWS\Explorer.EXE
D:\Archivos de programa\Winamp2\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
D:\Archivos de programa\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\taskmgr.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 198.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F3 - REG:win.ini: run=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [biasokayprocstore] C:\Documents and Settings\All Users\Datos de programa\FlapRectBiasOkay\BagsLoud.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] D:\Archivos de programa\Winamp2\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Actualización de PER Antivirus.lnk = C:\Archivos de programa\Persystems\Perav\PERUPD.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03A89EFD-E023-4606-A22D-45F77558EB4C} (ILINCInstall73 Class) - http://lm-learnlinc.ilinc.com/download/iLinc73i.dll
O16 - DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} (ChatCLientDownloadCtrl Class) - http://download.howudodat.com/chatterbox/download/ccdl.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusca.com/s/toolbar/install/interbusca.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CE736832-F8A9-11D4-80C4-0050DA680987} (HearMe (Firewall, Spanish) Voice Control) - http://www.terra.com/chatvoz/hmvcfs.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Archivos de programa\Archivos comunes\EPSON\EBAPI\SAgent2.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: PER Antivirus Security Service (pav_security) - PER SYSTEMS S.A. - C:\Archivos de programa\Persystems\Perav\PAVSS.EXE
O23 - Service: PER Antivirus (pav_service) - PER Systems S.A. - C:\Archivos de programa\Persystems\Perav\PERVAC.EXE
O23 - Service: PER Firewall Security Service (pfw_security) - PER SYSTEMS S.A. - C:\Archivos de programa\Persystems\Perfw\PFWSS.EXE
O23 - Service: PER Firewall (pfw_service) - PER SYSTEMS S.A. - C:\Archivos de programa\Persystems\Perfw\PFWSVC.EXE

#10 nilton

nilton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 27 March 2005 - 08:35 PM

THIS is part of the adaware log, the adaware always scan this critical object----- AltnetBDE , i tried to remove it using "Registrar Lite", but it shows "ACCESS DENIED", ARE THERE ANOTHER WAY TO REMOVE IT???

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

11:58:16 a.m. Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:01.157
Objects scanned:158616
Objects identified:1
Objects ignored:0
New critical objects:1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users