Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

about:blank


  • This topic is locked This topic is locked
11 replies to this topic

#1 bairradino

bairradino

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 05 January 2005 - 05:18 PM

When I open Internet Explorer it goes, automatically, to the page "about:blank"
Here's the HijackThis log file:

Logfile of HijackThis v1.99.0
Scan saved at 22:17:15, on 05-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programas\Analog Devices\SoundMAX\Smtray.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\Ficheiros comuns\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\eMule\emule.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
F:\Downloads\Diversos\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NexusServer] "C:\Programas\Ficheiros comuns\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011905 serial=DR12WTP-5968829-JWE lang=BP
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\RunOnce: [0007 - C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0"
O4 - HKCU\..\Run: [MCW Startup] "C:\Programas\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Programas\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E6C49A-65C6-47DF-B48D-51C2F882FA5B}: NameServer = 194.65.100.117
O23 - Service: Adobe LM Service - Unknown - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Ccsoasf - Symantec Corporation - (no file)
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Programas\Symantec AntiVirus\DefWatch.exe
O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PMJ151 AutoLaunch Service - Matsubleepa Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: SAVRoam - symantec - C:\Programas\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programas\Symantec AntiVirus\Rtvscan.exe


Any help?

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:09:11 PM

Posted 06 January 2005 - 07:41 AM

Did you set your homepage in internet explorer ?

Update Sun Java: latest version = J2SE v 1.4.2_06 JRE - http://java.sun.com/j2se/1.4.2/download.html

You can fix this with hijackthis:

Run HijackThis!, press Scan, and put a check mark next to all these:

O15 - Trusted Zone: http://linktrader.cyberspacehq.com

Close all other windows and browsers, and press the Fix Checked button.

There is nothing else suspect in your log.

Edited by cryo, 06 January 2005 - 07:42 AM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 09 January 2005 - 01:28 PM

I was out for this weekend. That's why my replay take so long...

It din't work out.
I still have the same problem.
I runned HJT in Safe Mode and the resulting log is:

Logfile of HijackThis v1.99.0
Scan saved at 17:39:19, on 09-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\Downloads\Diversos\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NexusServer] "C:\Programas\Ficheiros comuns\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011905 serial=DR12WTP-5968829-JWE lang=BP
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\RunOnce: [0007 - C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Programas\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Adobe LM Service - Unknown - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Ccsoasf - Symantec Corporation - (no file)
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Programas\Symantec AntiVirus\DefWatch.exe
O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PMJ151 AutoLaunch Service - Matsubleepa Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: SAVRoam - symantec - C:\Programas\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programas\Symantec AntiVirus\Rtvscan.exe

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:09:11 PM

Posted 09 January 2005 - 02:30 PM

Please run in in normal mode. Do you still have the about:blank problem ?
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 09 January 2005 - 04:23 PM

Yes. I still have it.
Here's the log in "normal mode":

Logfile of HijackThis v1.99.0
Scan saved at 21:21:53, on 09-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programas\Analog Devices\SoundMAX\Smtray.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\Ficheiros comuns\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\FICHEI~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\Internet Explorer\iexplore.exe
F:\Downloads\Diversos\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NexusServer] "C:\Programas\Ficheiros comuns\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011905 serial=DR12WTP-5968829-JWE lang=BP
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\RunOnce: [0007 - C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0"
O4 - HKCU\..\Run: [MCW Startup] "C:\Programas\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Programas\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E6C49A-65C6-47DF-B48D-51C2F882FA5B}: NameServer = 194.65.100.117
O23 - Service: Adobe LM Service - Unknown - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Ccsoasf - Symantec Corporation - (no file)
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Programas\Symantec AntiVirus\DefWatch.exe
O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Programas\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PMJ151 AutoLaunch Service - Matsubleepa Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: SAVRoam - symantec - C:\Programas\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programas\Symantec AntiVirus\Rtvscan.exe

#6 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:09:11 PM

Posted 09 January 2005 - 04:31 PM

You have the new CoolWebSearch. This new variant is a virus.

Download the following file:

Download FindHalox.zip

Save the file to your desktop and extract it there. Then double-click on the findhalox folder and then double-click on the findhalox.bat file. Select option 1 and wait until a notepad is opened.

Paste the contents of that notepad as a reply to this topic
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#7 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 09 January 2005 - 04:55 PM

OK. Here's the result of the test:

This log will contain a series of tests. Some of the files that are found
could be legitimate so do not delete anything without supervision.

Please provide the output of this listing as a reply to the topic #
where you are receiving help. #


---- Test 1: Files that contain the string getc.php? ----


---- Test 2: Files that contain the string xaloH ----


---- Test 3: Files that are packed with UPX ----
testing C:\WINDOWS\SYSTEM32\avisynth.dll [OK]
testing C:\WINDOWS\SYSTEM32\devil.dll [OK]


---- Test 4: Files in C:\WINDOWS\SYSTEM32 matching *.da0 ----
O volume na unidade C nÆo tem nome
O n£mero de s‚rie do volume ‚ C815-7CCD

Direct¢rio de C:\WINDOWS\system32



---- Test 5: Files in C:\WINDOWS\SYSTEM32 matching *.cfg ----
O volume na unidade C nÆo tem nome
O n£mero de s‚rie do volume ‚ C815-7CCD

Direct¢rio de C:\WINDOWS\system32

#8 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:09:11 PM

Posted 09 January 2005 - 05:13 PM

Let's try this.

Download the free trial: eTrust Antivirus v7.1 for Windows
http://www3.ca.com/Solutions/Collateral.asp?CID=39914

Disable temporarily your Norton AntiVirus.

Install eTrust, update the signatures and scan your computer (full scan).

If eTrust will not install because your Symantec Software, download Kaspersky Anti-Virus Personal 5.0 Trial
http://www.kaspersky.com/trials?chapter=146481750

Disable temporarily your Norton AntiVirus.

Install Kaspersky. Update the signatures. Open the program --> go to Settings --> Configure Updater --> select from Internet - extended databases --> OK --> click the Protection tab and click Scan My Computer.

Please report back if it found the infection.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#9 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 10 January 2005 - 05:13 PM

I had some problems... but it's DONE.
Many thanks.

#10 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:09:11 PM

Posted 10 January 2005 - 05:26 PM

eTrust has done the job ?
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#11 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 11 January 2005 - 06:32 AM

I used Kasperky.

#12 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:09:11 PM

Posted 11 January 2005 - 08:38 AM

Interesting ... I couldn't remove it with Kaspersky AV, but eTrust did the trick.


Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Edited by Daisuke, 31 January 2005 - 02:51 AM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users