Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have A Virus That Slows Down My Connection, I Don't Know What Exactly It Is...


  • This topic is locked This topic is locked
10 replies to this topic

#1 letygonzalez

letygonzalez

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 30 January 2006 - 05:32 PM

I've run like 10 programs to detect spyware, adware, viruses etc, each time they come up with new viruses and even if i delete them, they keep slowing down my computer... i need help!!!

Logfile of HijackThis v1.99.1
Scan saved at 16:17:17, on 30/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\ARCHIV~1\Launch Manager\CtrlVol.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\batserv2.exe
C:\Archivos de programa\winupdates\winupdates.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\System32\sysc.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\LimeWire\LimeWire.exe
C:\Documents and Settings\Lety C\Escritorio\hijackthis_sfx.exe
C:\Documents and Settings\Lety C\Escritorio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CtrlVol] C:\ARCHIV~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Archivos de programa\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [winupdates] C:\Archivos de programa\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunServices: [WinZip Update] WinZip.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] WINIUPDATES.EXE
O4 - HKLM\..\RunServices: [Win service] winsyst3m32.exe
O4 - HKLM\..\RunServices: [autostar.exe] taskme.exe
O4 - HKLM\..\RunServices: [CPU service] wurldsys.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [areslite] "C:\Archivos de programa\Ares Lite Edition\AresLite.exe" -h
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132692991116
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20French.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\
O21 - SSODL: BSteSRZN - {262916F1-8C83-BC5B-CA18-B3B25CAA8E4A} - C:\WINDOWS\System32\ki.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:18 AM

Posted 31 January 2006 - 08:11 AM

Hello,

This is a nasty log. And it looks like it disabled your Antivirus as well.

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/p2pnetwork.bfu

Click Ok
Then click execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

* Please set your system to show all files; please see here if you're unsure how to do this.

* Please download ATF Cleaner by Atribune to your desktop.
Do not use it yet.

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [winupdates] C:\Archivos de programa\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunServices: [WinZip Update] WinZip.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] WINIUPDATES.EXE
O4 - HKLM\..\RunServices: [Win service] winsyst3m32.exe
O4 - HKLM\..\RunServices: [autostar.exe] taskme.exe
O4 - HKLM\..\RunServices: [CPU service] wurldsys.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O20 - Winlogon Notify: msupdate - C:\WINDOWS\
O21 - SSODL: BSteSRZN - {262916F1-8C83-BC5B-CA18-B3B25CAA8E4A} - C:\WINDOWS\System32\ki.dll (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\batserv2.exe
C:\WINDOWS\win32ssr.exe
C:\WINDOWS\System32\sysc.exe
C:\WINDOWS\sysldr32.exe
C:\WINDOWS\System\svwhost.exe <== watch the spelling! This one is present in your system folder and NOT system32-folder, because I don't want you to delete the legit svchost.exe which looks similar!

* Still in safe mode Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

* Open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply
together a fresh HijackThis log and the ewido-log so I can take another look.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 letygonzalez

letygonzalez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 01 February 2006 - 04:43 PM

Hi, thanks for helping me... i did everything you told me to except for the last part about panta activescan.. for some reason when i click on the "Scan your pc" nothing happens, i tried in another computer and it worked fine... here are the logs...

Logfile of HijackThis v1.99.1
Scan saved at 15:15:49, on 01/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\ARCHIV~1\Launch Manager\CtrlVol.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Lety C\Escritorio\antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CtrlVol] C:\ARCHIV~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Archivos de programa\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [Win service] winsyst3m32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132692991116
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20French.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)






HERE IS THE OTHER LOG....





---------------------------------------------------------
ewido anti-malware - Report de exploración
---------------------------------------------------------

+ Creado en: 22:34:02, 31/01/2006
+ Report-Checksum: 35E24

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Limpio con backup
C:\WINDOWS\system32\oleext.dll -> Trojan.Small.ev : Limpio con backup
C:\WINDOWS\system32\msupdate32.dll -> Backdoor.Delf.ald : Limpio con backup
C:\WINDOWS\system32\paradise.raw.exe -> Trojan.Small : Limpio con backup
C:\WINDOWS\system\svchost.dll -> Backdoor.Small.jo : Limpio con backup
C:\WINDOWS\system\svwhost.dll -> Trojan.Agent.nw : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@com[2].txt -> Spyware.Cookie.Com : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@affiliates.x10[1].txt -> Spyware.Cookie.X10 : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@geizhals.oewabox[1].txt -> Spyware.Cookie.Oewabox : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@burstnet[1].txt -> Spyware.Cookie.Burstnet : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@com[3].txt -> Spyware.Cookie.Com : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@com[4].txt -> Spyware.Cookie.Com : Limpio con backup
C:\Documents and Settings\Leticia Gonzalez\Cookies\leticia gonzalez@burstnet[2].txt -> Spyware.Cookie.Burstnet : Limpio con backup
C:\Documents and Settings\Administrador\Cookies\administrador@com[2].txt -> Spyware.Cookie.Com : Limpio con backup
C:\Documents and Settings\Administrador\Cookies\administrador@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\Administrador\Cookies\administrador@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Limpio con backup
:mozilla.10:C:\Documents and Settings\Lety C\Datos de programa\Mozilla\Firefox\Profiles\3kwli9lb.default\cookies.txt -> Spyware.Cookie.Atdmt : Limpio con backup
:mozilla.21:C:\Documents and Settings\Lety C\Datos de programa\Mozilla\Firefox\Profiles\3kwli9lb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
:mozilla.22:C:\Documents and Settings\Lety C\Datos de programa\Mozilla\Firefox\Profiles\3kwli9lb.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.23:C:\Documents and Settings\Lety C\Datos de programa\Mozilla\Firefox\Profiles\3kwli9lb.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.24:C:\Documents and Settings\Lety C\Datos de programa\Mozilla\Firefox\Profiles\3kwli9lb.default\cookies.txt -> Spyware.Cookie.Adserver : Limpio con backup
:mozilla.25:C:\Documents and Settings\Lety C\Datos de programa\Mozilla\Firefox\Profiles\3kwli9lb.default\cookies.txt -> Spyware.Cookie.Adserver : Limpio con backup
:mozilla.33:C:\Documents and Settings\Lety C\Datos de programa\Mozilla\Firefox\Profiles\3kwli9lb.default\cookies.txt -> Spyware.Cookie.Findwhat : Limpio con backup
:mozilla.34:C:\Documents and Settings\Lety C\Datos de programa\Mozilla\Firefox\Profiles\3kwli9lb.default\cookies.txt -> Spyware.Cookie.Com : Limpio con backup
:mozilla.35:C:\Documents and Settings\Lety C\Datos de programa\Mozilla\Firefox\Profiles\3kwli9lb.default\cookies.txt -> Spyware.Cookie.Com : Limpio con backup
C:\Documents and Settings\Lety C\Shared\Mozilla Firefox 1.0.7.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\PC Tools Softwares.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\NetScream 1.11.14.2005.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\VSO Blindwrite Suite 5.2.23.156.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\South Park Rally.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\V-Rally.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\The Gladiators Of Rome.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Midtown Madness.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Terminator 3 War of the Machines.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\The Sims 1 (8 In One).zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Traktor Racer - RITUEL.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Star Wars Knights of the Old Republic.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\The Sims 2 Christmas Party Pack.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\WinPatrol Plus 9.8.1.0.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Total Video Converter 2.52.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\NetLimiter 2.0.6 Pro.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Norton Antivirus 2005.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\TweakNow PowerPack 2006 Pro.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Online TV Player 2.9.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Need for Speed Most Wanted Black.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Norton 2006.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Windows XP Live Edition 2.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Microsoft Windows XP Media Center 2005.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\The Best Collection of WallPapers Of T.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Microsoft Plus! XP.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Windows Media Player 11.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Swift 3D 4 with Models and Tutorials.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Super Internet TV 6.2.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\NORTON Systemworks Premier 2006 - Orig.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\PC WORLD Magazine February 2006.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Playstation Boot CD.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Warcraft III.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Treesize Professional 3.3.0.245 (EnglishGerman).zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Pop up Blocker Pro 7.0.5.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Power Archiver 2006 9.51.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\TurboFTP 4.60.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Registry Trash Keys Finder 3.7.1 SR2.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\RapidShare Raptor Tools.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\WhereIsIt 3.68 media cataloging software.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Ricochet 3 (Full Game).zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\WinDesign 6.5.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\WinAce 2.6.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\WinMPG Video Convert 5.7.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Spyware And Adware Removal 1.0h.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\eEye Retina Network Security Scanner 5.0.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Reallusion FaceFilter Studio 1.0.51.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Super Proxy Helper 1.05.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\VoIP Hacks Tips &amp; Tools for Internet.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Running Linux.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\PHP Hacks Tips &amp; Tools For Creating.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Practical Troubleshooting of Electrica.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Theory And Problems Of Electric Circui.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\The Big Book of Little Criminals.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Prodigy - Their Law (The Singles 1990-2005) CD2.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\Prodigy - Their Law (The Singles 1990-2005) CD1.zip/Setup.exe -> Worm.VB.an : Limpio con backup
C:\Documents and Settings\Lety C\Complete\VA - Sunshine Live Vol 16 - 3CD - 2.zip/Setup.exe -> Worm.VB.an : Limpio con backup


::Fin Report

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:18 AM

Posted 01 February 2006 - 04:51 PM

Ok, this is already looking a lot better. :thumbsup:

Some leftovers now..


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O4 - HKLM\..\RunServices: [Win service] winsyst3m32.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, go to start > run and copy and paste next command in the field:

sc delete Win32Sr click enter

for some reason when i click on the "Scan your pc" nothing happens


Ok, try this.. Close your internet explorer, go to start > run and copy and paste next command in the field:

regsvr32 jscript.dll click enter

Try the Panda online scan again.

If that still doesn't work, try the Kaspersky Online scan:

Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer"
8. When the scan is complete choose to save the results as "Save as Text"
9. Post the Kaspersky scan results in your next reply together with a new hijackthislog.

Edited by miekiemoes, 01 February 2006 - 04:53 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 letygonzalez

letygonzalez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 01 February 2006 - 09:13 PM

thanks alot again.. i think that worked... my computer is acting pretty normal... :thumbsup: i dont think there are any viruses left, well at least not the nasty ones...

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, February 01, 2006 19:47:27
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 1/02/2006
Kaspersky Anti-Virus database records: 163709
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 61084
Number of viruses found: 12
Number of infected objects: 139
Number of suspicious objects: 2
Duration of the scan process: 2145 sec

Infected Object Name - Virus Name
C:\WINDOWS\system32\wininet.dll Infected: Virus.Win32.Nsag.b
C:\WINDOWS\system32\kernels64.exe Infected: Trojan-Downloader.Win32.Tibs.ca
C:\WINDOWS\system32\6ez\redroses Infected: Backdoor.IRC.Zapchast
C:\WINDOWS\inet20004\mm4.exe.bak Infected: Trojan-Proxy.Win32.Delf.an
C:\WINDOWS\inet20004\mm4.exe Infected: Trojan-Proxy.Win32.Delf.an
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip/svchost.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Lety C\.housecall\Quarantine\wininet.dll.bac_a01820 Infected: Virus.Win32.Nsag.b
C:\Documents and Settings\Lety C\.housecall\Quarantine\services.exe.bac_a01820 Infected: Trojan-Downloader.Win32.CWS.s
C:\Documents and Settings\Lety C\.housecall\Quarantine\sachostx.exe.bac_a01820 Infected: Email-Worm.Win32.Locksky.ab
C:\Documents and Settings\Lety C\.housecall\Quarantine\symsvcsa.exe.bac_a01820 Infected: Packed.Win32.Klone.b
C:\Documents and Settings\Lety C\.housecall\Quarantine\msvcp.exe.bac_a01820 Infected: Backdoor.Win32.Codbot.bh
C:\Documents and Settings\Lety C\.housecall\Quarantine\msvcrl.dll.bac_a01820 Infected: Email-Worm.Win32.Locksky.p
C:\Documents and Settings\Lety C\.housecall\Quarantine\sachostp.exe.bac_a01820 Infected: Email-Worm.Win32.Locksky.ab
C:\Documents and Settings\Lety C\.housecall\Quarantine\oleext.dll.bac_a01820 Infected: Trojan.Win32.Small.ev
C:\Documents and Settings\Lety C\.housecall\Quarantine\200 Winks and Moods for MSN 7.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\200 Winks and Moods for MSN 7.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\2Pac - The Prophet Returns.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\2Pac - The Prophet Returns.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\3D Cafe Vip Lounge Models.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\3D Cafe Vip Lounge Models.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\3D Driving-School.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\3D Driving-School.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\420 Rare Winks for MSN 7.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\420 Rare Winks for MSN 7.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\50 N-gage Games.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\50 N-gage Games.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\66 National Geographic Wallpapers.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\66 National Geographic Wallpapers.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\700 Flash Games in 1 94 MB File.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\700 Flash Games in 1 94 MB File.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\ABC Pronunciary American English Pron.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\ABC Pronunciary American English Pron.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Acoustica Audio Converter Pro 1.0.22.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Acoustica Audio Converter Pro 1.0.22.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Acronis Bootable CD.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Acronis Bootable CD.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Acronis Disk Director Suite 9.0.549.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Acronis Disk Director Suite 9.0.549.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Active Download Accelerator 5.7.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Active Download Accelerator 5.7.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Adobe Reader 7.03.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Adobe Reader 7.03.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Ashampoo Suite 2006.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Ashampoo Suite 2006.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Atani 3.43.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Atani 3.43.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Audio Editor Gold 2006 7.6.2.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Audio Editor Gold 2006 7.6.2.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Avid Xpress Pro HD 5.2.2.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Avid Xpress Pro HD 5.2.2.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Battlefield 1942.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Battlefield 1942.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Bill Gates Toolkit Reloaded.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Bill Gates Toolkit Reloaded.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Bin Laden Behind The Mask Of The Terro.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Bin Laden Behind The Mask Of The Terro.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Blitzkrieg II.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Blitzkrieg II.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Bracket 2006 3.0.2.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Bracket 2006 3.0.2.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\C in a Nutshell (In a Nutshell).zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\C in a Nutshell (In a Nutshell).zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Call Of Duty 2.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Call Of Duty 2.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Carrara.Pro 5.0.1.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Carrara.Pro 5.0.1.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Chimera Virtual Desktop Professional.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Chimera Virtual Desktop Professional.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\ColorShade 2.51.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\ColorShade 2.51.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Corel Painter 9.0.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Corel Painter 9.0.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Crime Killer.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Crime Killer.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Cute CD DVD Burner 2.5.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Cute CD DVD Burner 2.5.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\DJ Sava - Gone away.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\DJ Sava - Gone away.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\DVDIdle 5.95.6 DVD Region CSS Free 5.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\DVDIdle 5.95.6 DVD Region CSS Free 5.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Daytona USA -Deluxe.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Daytona USA -Deluxe.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Dig Dug Deeper.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Dig Dug Deeper.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Doom Collector`s.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Doom Collector`s.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Dr. DivX 2.0.0 Beta 3.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Dr. DivX 2.0.0 Beta 3.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\EditPlus 2.21.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\EditPlus 2.21.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Elprime Clock Pro 2.33.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Elprime Clock Pro 2.33.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Falcon 4.0 Allied Force.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Falcon 4.0 Allied Force.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Firefox AIO.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Firefox AIO.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\FlashGet 1.71.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\FlashGet 1.71.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\French Kiss 2 - La Selection Glamour.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\French Kiss 2 - La Selection Glamour.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Fruity Loops 4.1 Studio.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Fruity Loops 4.1 Studio.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Ghostys Phone Games AIO.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Ghostys Phone Games AIO.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Grand Theft Auto 2 (GTA2).zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Grand Theft Auto 2 (GTA2).zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Heavy Gunner Vietnam.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Heavy Gunner Vietnam.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Hot clips.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Hot clips.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\IncrediMail Xe.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\IncrediMail Xe.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Industrial Engineering AND Manufacturi.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Industrial Engineering AND Manufacturi.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\JAM Software TreeSize Professional 3.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\JAM Software TreeSize Professional 3.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Kiss Pinball.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Kiss Pinball.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Lego Star Wars.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Lego Star Wars.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Limewire Pro 4.10.0.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Limewire Pro 4.10.0.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Luis Royo Wallpapers.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Luis Royo Wallpapers.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\MS Windows Server 2003 Enterprise English.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\MS Windows Server 2003 Enterprise English.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\MacroMachine 3.1.0.0.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\MacroMachine 3.1.0.0.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Mad Dog McCree.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Mad Dog McCree.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Madonna - Confessions On A Dance Floor.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Madonna - Confessions On A Dance Floor.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Magic Tweak 3.10.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Magic Tweak 3.10.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Magix Audio Cleaning Lab Deluxe 10.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Magix Audio Cleaning Lab Deluxe 10.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Magix Music Maker 2005 Deluxe.zip.bac_a01820/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\Lety C\.housecall\Quarantine\Magix Music Maker 2005 Deluxe.zip.bac_a01820 Infected: Email-Worm.Win32.VB.an
C:\Archivos de programa\mirc\redroses Infected: Backdoor.IRC.Zapchast
C:\boot.inx Infected: Trojan-Downloader.Win32.Tibs.ca

Scan process completed.





------------------------------------------------------------------
the other log.....







Logfile of HijackThis v1.99.1
Scan saved at 20:04:54, on 01/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\ARCHIV~1\Launch Manager\CtrlVol.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Lety C\Escritorio\antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Archivos de programa\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CtrlVol] C:\ARCHIV~1\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Archivos de programa\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Archivos de programa\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132692991116
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20French.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:18 AM

Posted 02 February 2006 - 01:22 AM

Almost there..

I see your wininet.dll is infected. Don't delete that one! Because that file is needed, so we have to restore it. We'll use a tool for that.

First delete next files:

C:\Archivos de programa\mirc\redroses
C:\boot.inx
C:\WINDOWS\system32\kernels64.exe
C:\WINDOWS\system32\6ez\redroses
C:\WINDOWS\inet20004 <== folder

* Download smitRem and save the file to your desktop.
Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

REBOOT!! Important!!!!!

After reboot, post the log from smitrem, which will be present on your C:\ with the name smitfiles.txt in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 letygonzalez

letygonzalez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 02 February 2006 - 04:02 PM

here's the last log...



smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Versi¢n 5.1.2600]

Running from
C:\Documents and Settings\Lety C\Escritorio\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

SharedTaskScheduler exporter by Grinler

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precargador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demonio de caché de las categorías de componente"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key

WinHound.com key present!



Running WinHound.com fix!



WinHound.com key was successfully removed! :thumbsup:

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

svcp.csv


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1020 'explorer.exe'
Killing PID 1020 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

SharedTaskScheduler exporter by Grinler

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precargador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demonio de caché de las categorías de componente"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :flowers: Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! :huh: ~~~~

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:18 AM

Posted 02 February 2006 - 04:05 PM

Great! Wininet.dll is fixed now. :thumbsup:

How are things running now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 letygonzalez

letygonzalez
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 02 February 2006 - 07:52 PM

perfect!!! :thumbsup: i think everything is ok, thank you

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:18 AM

Posted 02 February 2006 - 08:01 PM

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates, so visit asap: http://windowsupdate.microsoft.com/ to update to SP2!

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:18 AM

Posted 04 February 2006 - 10:41 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users