Tech Support banner

Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter #1
hi, i have runned every cleaner that exists on earth and the f*** popup keeps showing up. i´ve done this scan, and i´d like you to see it. i´ll be as pacient as it needs, but please help me.

Logfile of HijackThis v1.99.1
Scan saved at 03:40:02 a.m., on 04/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Archivos de programa\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Archivos de programa\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\Archivos de programa\iVol\iVol.exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Winamp\winamp.exe
C:\Archivos de programa\Foxie Suite\Firewall.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\DAP\DAP.EXE
C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Romano\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Archivos de programa\Foxie Suite\foxietoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Archivos de programa\Foxie Suite\foxiecore.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Archivos de programa\Foxie Suite\foxiecore.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RAMDrive] "C:\Archivos de programa\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Archivos de programa\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [sunasDTServ] C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [iVolStartup] C:\Archivos de programa\iVol\iVol.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Archivos de programa\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Archivos de programa\Foxie Suite\Resources\HTML\Desktop.htm (HKCU)
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Archivos de programa\Foxie Suite\Cleaner.exe (HKCU)
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Archivos de programa\Foxie Suite\Sweeper.exe (HKCU)
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Archivos de programa\Foxie Suite\Resources\HTML\Infinity.htm (HKCU)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{57EDABD8-5847-4C05-9BD3-2FF8380C4807}: NameServer = 200.42.0.108,200.42.0.109
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~2\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/FoxServ/mysql/bin/mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe

thanks for your help!!! :smile:
 

·
Registered
Joined
·
1,036 Posts
I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".
 

·
Registered
Joined
·
1,036 Posts
Hello and welcome to TSF

BEFORE YOU DO ANYTHING, please disable SpyBot Search&Destroy's TeaTimer by doing the following:
  • Open Spybot Search&Destroy.
  • Go to Tools->Resident.
  • Deselect TeaTimer.

It is true that this tool is important to your protection, but it also won't let us fix your PC now. After we are done and your computer is clean, you may enable it.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.Please do NOT change any of those settings until we finish the fixing process.

Messenger Plus - this program contains a 'sponsor' program. If you installed this 'sponsor' program, please uninstall Messenger Plus and reinstall it back but without the sponsor.

Download Accelerator (DAP) is not technically malware, but it may include malware and allow it into your system. I'd suggest you find another download manager.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)


Please remember to close all other windows, including browsers then click Fix checked.

Reboot your system in Normal Mode.

Please use Panda ActiveScan at http://www.pandasoftware.com/products/activescan. Give us the scan’s log.

Please scan again with HijackThis to get a new log.
Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

On your next reply, please describe the pop ups you get & on which site you get them.
Do you have a pop up blocker? Has Windows Messenger been disabled yet?

Now give us a new HijackThis Analyzer log, along with Panda ActiveScan’s log, so we can make sure your system is clean.
 

·
Registered
Joined
·
7 Posts
Discussion Starter #4
Panda results:

Incident Status Location

Adware:adware/mywebsearch No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6d0bd894-469ea2dd.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6d0bd894-469ea2dd.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6d0bd894-469ea2dd.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6d0bd894-469ea2dd.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-2059524a.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-2059524a.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-2059524a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fa9f21f-2059524a.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3821a986-755a3622.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3821a986-755a3622.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3821a986-755a3622.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3821a986-755a3622.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-3276b800.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-3276b800.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-3276b800.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-3276b800.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-27f12750-2cd66683.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-27f12750-2cd66683.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-27f12750-2cd66683.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-27f12750-2cd66683.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-5ddd3ad4.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-5ddd3ad4.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-5ddd3ad4.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-5ddd3ad4.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69430f0d-6808eb6f.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69430f0d-6808eb6f.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69430f0d-6808eb6f.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-69430f0d-6808eb6f.zip[Beyond.class]
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-1e3595e7.zip[InstallerApplet.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv160.jar-11eb4987-76400f16.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv160.jar-11eb4987-76400f16.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv160.jar-11eb4987-76400f16.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Romano\Datos de programa\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv160.jar-11eb4987-76400f16.zip[Parser.class]

HijackThis Analyzer results:
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 09:11:47 p.m., on 04/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\SiSUSBrg.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Archivos de programa\FarStone\VirtualDrive\VDTask.exe
C:\Documents and Settings\Romano\Escritorio\HijackThis.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\Archivos de programa\iVol\iVol.exe
C:\Archivos de programa\CCleaner\ccleaner.exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Archivos de programa\Foxie Suite\foxietoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Archivos de programa\Foxie Suite\foxiecore.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Archivos de programa\Foxie Suite\foxiecore.dll
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RAMDrive] "C:\Archivos de programa\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Archivos de programa\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [sunasDTServ] C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [iVolStartup] C:\Archivos de programa\iVol\iVol.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Archivos de programa\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Archivos de programa\Foxie Suite\Resources\HTML\Desktop.htm (HKCU)
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Archivos de programa\Foxie Suite\Cleaner.exe (HKCU)
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Archivos de programa\Foxie Suite\Sweeper.exe (HKCU)
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Archivos de programa\Foxie Suite\Resources\HTML\Infinity.htm (HKCU)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{57EDABD8-5847-4C05-9BD3-2FF8380C4807}: NameServer = 200.42.0.108,200.42.0.109
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~2\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/FoxServ/mysql/bin/mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: StyleXPService - Unknown owner - C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe


End of KRC HijackThis Analyzer Log.
====================================================================

thanks for answering so fast!!!
 

·
Registered
Joined
·
1,036 Posts
Hello again.
I repeat something you haven't included:
On your next reply, please describe the pop ups you get & on which site you get them.
Do you have a pop up blocker? Has Windows Messenger been disabled yet?
Please answer me.
 

·
Registered
Joined
·
7 Posts
Discussion Starter #6
ads.gameforceads
ad.yieldmanager

the popups appears in every site, in fact, i don´t need to have IE or FireFox open for them to show. windows messenger is disabled. but i have to say that the popups are gradually stopping to appear. they haven stopped at all, but i see them much less :sayyes:
 

·
Registered
Joined
·
1,036 Posts
Hello again.

Follow the instructions outlined here to clear Sun Java's cache.

Please disable Spyware Doctor.

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing


Please remember to close all other windows, including browsers then click Fix checked.

Reboot your system in Normal Mode.

Please use Panda ActiveScan at http://www.pandasoftware.com/products/activescan. Give us the scan’s log.

Now give us a new HijackThis Analyzer log, along with Panda ActiveScan’s log, so we can make sure your system is clean.
 

·
Registered
Joined
·
7 Posts
Discussion Starter #8
Hi, i did the hijack scan, and unfortunelly (¿?) i didn´t find any of these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

The Hijack analyzer gave me this Log:
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 07:35:54 p.m., on 06/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Archivos de programa\FarStone\VirtualDrive\VDTask.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\Archivos de programa\iVol\iVol.exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Foxie Suite\Firewall.exe
C:\Documents and Settings\Romano\Escritorio\hijackthis\HijackThis.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Archivos de programa\Foxie Suite\foxietoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Archivos de programa\Foxie Suite\foxiecore.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Archivos de programa\Foxie Suite\foxiecore.dll
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RAMDrive] "C:\Archivos de programa\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Archivos de programa\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [sunasDTServ] C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [iVolStartup] C:\Archivos de programa\iVol\iVol.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Archivos de programa\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Archivos de programa\Foxie Suite\Resources\HTML\Desktop.htm (HKCU)
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Archivos de programa\Foxie Suite\Cleaner.exe (HKCU)
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Archivos de programa\Foxie Suite\Sweeper.exe (HKCU)
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Archivos de programa\Foxie Suite\Resources\HTML\Infinity.htm (HKCU)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57EDABD8-5847-4C05-9BD3-2FF8380C4807}: NameServer = 200.42.0.108,200.42.0.109
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~2\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/FoxServ/mysql/bin/mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: StyleXPService - Unknown owner - C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe


End of KRC HijackThis Analyzer Log.
====================================================================

Panda scan:

Incident Status Location

Adware:adware/navipromo No disinfected C:\WINDOWS\SYSTEM32\msclock32.dll
Adware:adware/mywebsearch No disinfected Windows Registry
Adware:Adware/NaviPromo No disinfected C:\WINDOWS\system32\msclock32.dll
 

·
Registered
Joined
·
1,036 Posts
Hello again.
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Delete the following File indicated in RED if it still exists:

C:\WINDOWS\system32\msclock32.dll


Right click on http://www.silentrunners.org/Silent Runners.vbs and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on 'Silent Runners' to run it. This will take a few minutes. It will create a file called 'Startup Programs' followed by your computer name and current date. Open up that file and post all the contents here in your next post.

Please add another HJT post.
 

·
Registered
Joined
·
7 Posts
Discussion Starter #10
I deleted the dll file. Here are the scan logs.



"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"STYLEXP" = "C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]
"iVolStartup" = "C:\Archivos de programa\iVol\iVol.exe" [empty string]
"ccleaner" = ""C:\Archivos de programa\CCleaner\ccleaner.exe" /AUTO" ["CCleaner.com"]
"googletalk" = ""C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart" ["Google"]
"MessengerPlus3" = ""C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"Spyware Doctor" = ""C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q" ["PCTools"]
"msnmsgr" = ""C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"PCTVOICE" = "pctspk.exe" [empty string]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data]
"FastUser" = "C:\WINDOWS\system32\fast.exe" [MS]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Archivos de programa\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" ["Google Inc."]
"SunJavaUpdateSched" = "C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\Archivos de programa\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"RAMDrive" = ""C:\Archivos de programa\FarStone\VirtualDrive\VHD\RDTask.exe"" [empty string]
"VirtualDrive" = ""C:\Archivos de programa\FarStone\VirtualDrive\VDTask.exe" /AutoRestore" ["FarStone Technology Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"nod32kui" = ""C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"sunasDTServ" = "C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasDTServ.exe" ["Sunbelt Software Inc."]
"sunasServ" = "C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasServ.exe" ["Sunbelt Software Inc."]
"MessengerPlus3" = ""C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]
"(Default)" = (empty string)

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{432CAE3B-690F-4C3B-BD97-070EBDA210D5}\(Default) = "FoxieToolbar Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Archivos de programa\Foxie Suite\foxietoolbar.dll" ["Team Foxie"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\ARCHIV~1\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{C333CF63-767F-4831-94AC-E683D962C63C}\(Default) = "CoTGT_BHO Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll" [null data]
{C65185B1-D52B-44A9-861F-8201B50D1F37}\(Default) = "FoxieSecurityModule Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Archivos de programa\Foxie Suite\foxiecore.dll" ["Team Foxie"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensión de paneo de pantalla del Panel de control"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

--------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 03:16:19 p.m., on 07/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Archivos de programa\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\Archivos de programa\iVol\iVol.exe
C:\Archivos de programa\Google\Google Talk\googletalk.exe
C:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Fede\Instaladores\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Archivos de programa\Foxie Suite\foxietoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Archivos de programa\Foxie Suite\foxiecore.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Archivos de programa\Foxie Suite\foxiecore.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RAMDrive] "C:\Archivos de programa\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Archivos de programa\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [sunasDTServ] C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Archivos de programa\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [iVolStartup] C:\Archivos de programa\iVol\iVol.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Archivos de programa\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [googletalk] "C:\Archivos de programa\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Archivos de programa\Foxie Suite\Resources\HTML\Desktop.htm (HKCU)
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Archivos de programa\Foxie Suite\Cleaner.exe (HKCU)
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Archivos de programa\Foxie Suite\Sweeper.exe (HKCU)
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Archivos de programa\Foxie Suite\Resources\HTML\Infinity.htm (HKCU)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57EDABD8-5847-4C05-9BD3-2FF8380C4807}: NameServer = 200.42.0.108,200.42.0.109
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~2\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/FoxServ/mysql/bin/mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
 

·
Registered
Joined
·
1,036 Posts
Hello again.
Your log seems clean, congratulations! Are there any further problems now? If not, you should be set to go. If there ARE any problems, skip the next instructions and let me know about your problems so we can solve them out!

Turn off System Restore by Clicking Start > right-click My Computer and then click Properties. Click the System Restore tab > Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. Click OK.

Reboot your System.

To turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.
 
1 - 11 of 11 Posts
Status
Not open for further replies.
Top