Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT?


  • This topic is locked This topic is locked
8 replies to this topic

#1 jets4556

jets4556

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 29 September 2005 - 03:11 PM

this is my log file anyone can help me clear??








Logfile of HijackThis v1.99.1
Scan saved at 12:50:54, on 29/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\Lexmark 3300 Series\lxccmon.exe
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Norton Internet Security\ISSVC.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\OCTAVI~1\CONFIG~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Barra de herramientas de T1msn Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-mx\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barra de herramientas de T1msn Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-mx\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Archivos de programa\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Archivos de programa\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Evidence Eliminator] C:\Archivos de programa\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124843642841
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} - http://kraisoft.com/files/realone/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124846143405
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\ISSVC.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe


Mod Edit: Bump has been removed. Please refer to the Forum Guidelines, at the top of this page, for a detailed explanation.

Edited by Scarlett, 03 October 2005 - 12:40 AM.


BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 03 October 2005 - 09:05 AM

Hi jets4556 and Welcome to the Bleeping Computer!

Please Download SpSeHjfix112:
http://www.derbilk.de/SpSeHjfix112.zip
or
http://www.trojaner-info.de/cgi-bin/downlo...gi?file=sphjfix
Once downloaded,Unzip it and Make sure to Extract All Files!

Please Download CWShredder:
http://cwshredder.net/bin/CWShredder.exe
Make sure you Update this as soon as you download it!


Run SpSeHjfix112

Click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process! (Make sure you Reboot back into Safe Mode!)
The tool creates a log of the fix which will appear in the new folder!
Please Save that Log,I may ask to see it!


Once in Safe Mode-> Run CWShredder

Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit"


Run SpSeHjfix112 again

Click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process!
Save the log it creates also!


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from SpSeHjfix112 and Panda!

#3 jets4556

jets4556
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 05 October 2005 - 04:54 PM

hi cretemonster this is my new HJT log file and SPSeHjFIx before and after reboot, i can not scan whit panda i dont know why, thank you



Logfile of HijackThis v1.99.1
Scan saved at 2:38:38, on 05/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Norton Internet Security\ISSVC.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\Lexmark 3300 Series\lxccmon.exe
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Barra de herramientas de T1msn Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-mx\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barra de herramientas de T1msn Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-mx\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Archivos de programa\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Archivos de programa\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Evidence Eliminator] C:\Archivos de programa\Evidence Eliminator\ee.exe /m
O4 - HKLM\..\RunOnce: [Panda_cleaner_115735] C:\WINDOWS\system32\ActiveScan\pavdr.exe 115735
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124843642841
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} - http://kraisoft.com/files/realone/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124846143405
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\ISSVC.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe





(10/4/05 4:50:46) SPSeHjFix started v1.1.2
(10/4/05 4:50:46) OS: WinXP Service Pack 2 (5.1.2600)
(10/4/05 4:50:46) Language: español
(10/4/05 4:50:46) Win-Path: C:\WINDOWS
(10/4/05 4:50:46) System-Path: C:\WINDOWS\system32
(10/4/05 4:50:46) Temp-Path: C:\DOCUME~1\OCTAVI~1\CONFIG~1\Temp\
(10/4/05 4:51:49) Disinfection started
(10/4/05 4:51:49) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:51:49) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:51:49) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:51:49) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\octavi~1\config~1\temp\se.dll/space.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(10/4/05 4:51:49) Stealth-String not found
(10/4/05 4:51:49) No locked Files to delete. End without Reboot
(10/4/05 4:52:00) Disinfection started
(10/4/05 4:52:00) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:00) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:00) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:00) Bad IE-pages: (none)
(10/4/05 4:52:00) Stealth-String not found
(10/4/05 4:52:00) No locked Files to delete. End without Reboot
(10/4/05 4:52:02) Disinfection started
(10/4/05 4:52:02) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) Bad IE-pages: (none)
(10/4/05 4:52:02) Stealth-String not found
(10/4/05 4:52:02) No locked Files to delete. End without Reboot
(10/4/05 4:52:02) Disinfection started
(10/4/05 4:52:02) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) Bad IE-pages: (none)
(10/4/05 4:52:02) Stealth-String not found
(10/4/05 4:52:02) No locked Files to delete. End without Reboot
(10/4/05 4:52:02) Disinfection started
(10/4/05 4:52:02) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) Bad IE-pages: (none)
(10/4/05 4:52:02) Stealth-String not found
(10/4/05 4:52:02) No locked Files to delete. End without Reboot
(10/4/05 4:52:25) Disinfection started
(10/4/05 4:52:25) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:25) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:25) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:25) Bad IE-pages: (none)
(10/4/05 4:52:25) Stealth-String not found
(10/4/05 4:52:25) No locked Files to delete. End without Reboot
(10/4/05 4:52:26) Disinfection started
(10/4/05 4:52:26) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:26) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:26) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:26) Bad IE-pages: (none)
(10/4/05 4:52:26) Stealth-String not found
(10/4/05 4:52:26) No locked Files to delete. End without Reboot
(10/4/05 4:52:28) Disinfection started
(10/4/05 4:52:28) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:28) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:28) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:28) Bad IE-pages: (none)
(10/4/05 4:52:28) Stealth-String not found
(10/4/05 4:52:28) No locked Files to delete. End without Reboot
(10/4/05 4:52:28) Disinfection started
(10/4/05 4:52:28) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:28) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:28) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:28) Bad IE-pages: (none)
(10/4/05 4:52:28) Stealth-String not found
(10/4/05 4:52:28) No locked Files to delete. End without Reboot
(10/4/05 4:52:29) Disinfection started
(10/4/05 4:52:29) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:29) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:29) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:29) Bad IE-pages: (none)
(10/4/05 4:52:29) Stealth-String not found
(10/4/05 4:52:29) No locked Files to delete. End without Reboot
(10/4/05 4:52:29) Disinfection started
(10/4/05 4:52:29) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:29) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:29) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:29) Bad IE-pages: (none)
(10/4/05 4:52:29) Stealth-String not found
(10/4/05 4:52:29) No locked Files to delete. End without Reboot
(10/4/05 4:53:13) Disinfection started
(10/4/05 4:53:13) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:53:13) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:53:13) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:53:13) Bad IE-pages: (none)
(10/4/05 4:53:13) Stealth-String not found
(10/4/05 4:53:13) No locked Files to delete. End without Reboot


(10/4/05 4:54:54) SPSeHjFix started v1.1.2
(10/4/05 4:54:54) OS: WinXP Service Pack 2 (5.1.2600)
(10/4/05 4:54:54) Language: español
(10/4/05 4:54:54) Win-Path: C:\WINDOWS
(10/4/05 4:54:54) System-Path: C:\WINDOWS\system32
(10/4/05 4:54:54) Temp-Path: C:\DOCUME~1\OCTAVI~1\CONFIG~1\Temp\
(10/4/05 4:54:56) Disinfection started
(10/4/05 4:54:56) Bad-Dll(IEP): (not found)
(10/4/05 4:54:56) Bad-Dll(IEP) in BHO: (not found)
(10/4/05 4:54:56) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:54:56) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:54:56) Bad IE-pages: (none)
(10/4/05 4:54:56) Stealth-String not found
(10/4/05 4:54:56) Not infected->END






(10/4/05 4:50:46) SPSeHjFix started v1.1.2
(10/4/05 4:50:46) OS: WinXP Service Pack 2 (5.1.2600)
(10/4/05 4:50:46) Language: español
(10/4/05 4:50:46) Win-Path: C:\WINDOWS
(10/4/05 4:50:46) System-Path: C:\WINDOWS\system32
(10/4/05 4:50:46) Temp-Path: C:\DOCUME~1\OCTAVI~1\CONFIG~1\Temp\
(10/4/05 4:51:49) Disinfection started
(10/4/05 4:51:49) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:51:49) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:51:49) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:51:49) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\octavi~1\config~1\temp\se.dll/space.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(10/4/05 4:51:49) Stealth-String not found
(10/4/05 4:51:49) No locked Files to delete. End without Reboot
(10/4/05 4:52:00) Disinfection started
(10/4/05 4:52:00) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:00) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:00) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:00) Bad IE-pages: (none)
(10/4/05 4:52:00) Stealth-String not found
(10/4/05 4:52:00) No locked Files to delete. End without Reboot
(10/4/05 4:52:02) Disinfection started
(10/4/05 4:52:02) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) Bad IE-pages: (none)
(10/4/05 4:52:02) Stealth-String not found
(10/4/05 4:52:02) No locked Files to delete. End without Reboot
(10/4/05 4:52:02) Disinfection started
(10/4/05 4:52:02) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) Bad IE-pages: (none)
(10/4/05 4:52:02) Stealth-String not found
(10/4/05 4:52:02) No locked Files to delete. End without Reboot
(10/4/05 4:52:02) Disinfection started
(10/4/05 4:52:02) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:02) Bad IE-pages: (none)
(10/4/05 4:52:02) Stealth-String not found
(10/4/05 4:52:02) No locked Files to delete. End without Reboot
(10/4/05 4:52:25) Disinfection started
(10/4/05 4:52:25) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:25) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:25) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:25) Bad IE-pages: (none)
(10/4/05 4:52:25) Stealth-String not found
(10/4/05 4:52:25) No locked Files to delete. End without Reboot
(10/4/05 4:52:26) Disinfection started
(10/4/05 4:52:26) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:26) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:26) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:26) Bad IE-pages: (none)
(10/4/05 4:52:26) Stealth-String not found
(10/4/05 4:52:26) No locked Files to delete. End without Reboot
(10/4/05 4:52:28) Disinfection started
(10/4/05 4:52:28) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:28) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:28) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:28) Bad IE-pages: (none)
(10/4/05 4:52:28) Stealth-String not found
(10/4/05 4:52:28) No locked Files to delete. End without Reboot
(10/4/05 4:52:28) Disinfection started
(10/4/05 4:52:28) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:28) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:28) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:28) Bad IE-pages: (none)
(10/4/05 4:52:28) Stealth-String not found
(10/4/05 4:52:28) No locked Files to delete. End without Reboot
(10/4/05 4:52:29) Disinfection started
(10/4/05 4:52:29) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:29) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:29) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:29) Bad IE-pages: (none)
(10/4/05 4:52:29) Stealth-String not found
(10/4/05 4:52:29) No locked Files to delete. End without Reboot
(10/4/05 4:52:29) Disinfection started
(10/4/05 4:52:29) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:52:29) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:29) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:52:29) Bad IE-pages: (none)
(10/4/05 4:52:29) Stealth-String not found
(10/4/05 4:52:29) No locked Files to delete. End without Reboot
(10/4/05 4:53:13) Disinfection started
(10/4/05 4:53:13) Bad-Dll(IEP): c:\docume~1\octavi~1\config~1\temp\se.dll
(10/4/05 4:53:13) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:53:13) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:53:13) Bad IE-pages: (none)
(10/4/05 4:53:13) Stealth-String not found
(10/4/05 4:53:13) No locked Files to delete. End without Reboot


(10/4/05 4:54:54) SPSeHjFix started v1.1.2
(10/4/05 4:54:54) OS: WinXP Service Pack 2 (5.1.2600)
(10/4/05 4:54:54) Language: español
(10/4/05 4:54:54) Win-Path: C:\WINDOWS
(10/4/05 4:54:54) System-Path: C:\WINDOWS\system32
(10/4/05 4:54:54) Temp-Path: C:\DOCUME~1\OCTAVI~1\CONFIG~1\Temp\
(10/4/05 4:54:56) Disinfection started
(10/4/05 4:54:56) Bad-Dll(IEP): (not found)
(10/4/05 4:54:56) Bad-Dll(IEP) in BHO: (not found)
(10/4/05 4:54:56) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:54:56) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 4:54:56) Bad IE-pages: (none)
(10/4/05 4:54:56) Stealth-String not found
(10/4/05 4:54:56) Not infected->END


(10/4/05 5:04:45) SPSeHjFix started v1.1.2
(10/4/05 5:04:45) OS: WinXP Service Pack 2 (5.1.2600)
(10/4/05 5:04:45) Language: español
(10/4/05 5:04:45) Win-Path: C:\WINDOWS
(10/4/05 5:04:45) System-Path: C:\WINDOWS\system32
(10/4/05 5:04:45) Temp-Path: C:\DOCUME~1\OCTAVI~1\CONFIG~1\Temp\
(10/4/05 5:04:51) Disinfection started
(10/4/05 5:04:51) Bad-Dll(IEP): (not found)
(10/4/05 5:04:51) Bad-Dll(IEP) in BHO: (not found)
(10/4/05 5:04:51) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 5:04:51) UBF: 4 - UBB: 4 - UBR: 16
(10/4/05 5:04:51) Bad IE-pages: (none)
(10/4/05 5:04:51) Stealth-String not found
(10/4/05 5:04:51) Not infected->END

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 October 2005 - 05:15 PM

Im about at my wits end with Panda!

Try one of these Online Scans and See what happens

http://www.kaspersky.com/virusscanner
http://support.f-secure.com/enu/home/ols.shtml
http://housecall60.trendmicro.com/en/start_corp.asp?id=scan
http://uk.trendmicro-europe.com/consumer/h...call_launch.php
http://www.bitdefender.com/scan/licence.php
http://www.ravantivirus.com/scan/
http://scan.sygate.com/pretrojanscan.html
http://www.windowsecurity.com/trojanscan/
http://us.mcafee.com/root/mfs/default.asp?cid=9435
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx



As for the log itself,Looking good from here!

Hows the PC acting?

Edited by Cretemonster, 05 October 2005 - 05:17 PM.


#5 jets4556

jets4556
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 07 October 2005 - 12:51 PM

hi cretemonster my comp. work very well no have problems.
and this is log of antivirus check please and thank you for you help


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, October 06, 2005 20:32:53
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/10/2005
Kaspersky Anti-Virus database records: 152756
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 126567
Number of viruses found: 7
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 5781 sec

Infected Object Name - Virus Name
C:\Archivos de programa\hijackthis\backups\backup-20050909-201111-192.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\Documents and Settings\chaguita\Configuración local\Archivos temporales de Internet\Content.IE5\OFLJUMVH\init[1].js Infected: Trojan-Downloader.JS.IstBar.af
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP46\A0014316.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP46\A0014317.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP46\A0014318.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch.ab
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031346.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031347.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031348.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031349.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031350.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031351.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031352.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031353.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031354.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031355.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP70\A0031356.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP75\A0035711.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.p
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP75\A0035712.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{2EFB28C1-1131-4F51-BF4F-C3A4E1DDE920}\RP75\A0036689.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\w.exe Infected: Trojan-Downloader.Win32.Small.amb
C:\WINDOWS\Temp\ASHeuristic\w_exe.vir Infected: Trojan-Downloader.Win32.Small.amb

Scan process completed.



im run spybot s&d, and ad aware se , im clean the comp. thank you again.

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 October 2005 - 03:57 PM

Excellent job!

Lets do a good temp cleaning!

Reboot into SAFE MODE(Tap F8 when restarting)

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingcomputer.com/forums/ind...torial=62#winxp


Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

C:\Temp

C:\Windows\Temp

C:\Windows\System32\Temp

C:\Documents and Settings\Owner\Local Settings\Temp

C:\Documents and Settings\<Your Profile>\Local Settings\Temp

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp

Empty your "Recycle Bin"

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning!!)


Please make sure you delete this folder

C:\WINDOWS\Temp\ASHeuristic


Restart normal and Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Made Easy
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Go ahead and remove any of the tools downloaded that are of no use anymore!

Post back and let me know how things are?

#7 jets4556

jets4556
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 11 October 2005 - 02:35 PM

hi cretemonster im install spywareblaster and clean my comp. everything is right thanks you for you help
and time excuse me my bad english im speack spanish thank you again

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 October 2005 - 02:30 AM

You are doing just fine,been working with the English to Spanish barrier for many years now and still cant speak the first bit of spanish!


Go ahead and renable System Restore to flush out all old nasty restore points and create a nice new fresh one!


If ever you need us again,you know where to find us!


Job well done! :thumbsup:

#9 jets4556

jets4556
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 13 October 2005 - 07:43 PM

ok cretemonster thanks again and good look :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users