Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Answer please

Started by petrusvanbasten , Nov 25 2004 02:43 PM

  • Please log in to reply

#1
petrusvanbasten
Posted 25 November 2004 - 02:43 PM

petrusvanbasten

    Member

  • Member
  • PipPip
  • 16 posts
When I start my computer (Windows XP sp2) a message appear saying that "there's an error loading c:\windows\ivmmreg32.dll. The specified module can't be found."
These are the results of HijackThis:

Logfile of HijackThis v1.98.2
Scan saved at 20:05:09, on 18/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Trust\302KS\Mouse\mouse32a.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Trust\302KS\Keyboard\KbdAp32A.exe
C:\Archivos de programa\eDonkey2000\eDonkey2000.exe
C:\WINDOWS\system32\rundll32.exe
C:\ARCHIV~1\Toolbar\TBPS.exe
C:\ARCHIV~1\ARCHIV~1\WinTools\WToolsA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\ARCHIV~1\Toolbar\PIB.exe
C:\Archivos de programa\Archivos comunes\WinTools\WSup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50193
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gencat.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50193
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\ARCHIV~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50193
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\ARCHIV~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\ARCHIV~1\Toolbar\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Archivos de programa\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\ARCHIV~1\ARCHIV~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\ARCHIV~1\Toolbar\toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\ARCHIV~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Archivos de programa\Trust\302KS\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Archivos de programa\Trust\302KS\Keyboard\MMKEYBD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\ivmmreg32.dll,_mainRD
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [eDonkey2000] "C:\Archivos de programa\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\ARCHIV~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TBPS] C:\ARCHIV~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\ARCHIV~1\ARCHIV~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{833BE0D2-9CFC-4E9F-AA96-1F4A803EA75F}: NameServer = 62.151.2.8,62.151.8.100
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\ARCHIV~1\Toolbar\toolbar.dll

What should I do?
  • 0

Advertisements

#2
Metallica
Posted 25 November 2004 - 02:48 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hang on. I'll be back in a sec,

Pieter
  • 0

#3
Metallica
Posted 25 November 2004 - 02:59 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Go to Add/Remove Software and see if you can remove NewDotNet aka New.Net (Domains) there, either way continue with the following.

Halt & Disable the WinTools service:
Click Start > Run and type SERVICES.MSC > click OK
Right-click on the WinTools for IE service and choose Properties. Click the Stop button. Set Startup Type to Disabled.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50193

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50193
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\ARCHIV~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50193
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\ARCHIV~1\Toolbar\toolbar.dll/sa

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\ARCHIV~1\Toolbar\toolbar.dll

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Archivos de programa\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\ARCHIV~1\ARCHIV~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\ARCHIV~1\Toolbar\toolbar.dll

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\ARCHIV~1\Toolbar\toolbar.dll

O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\ivmmreg32.dll,_mainRD
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [eDonkey2000] "C:\Archivos de programa\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\ARCHIV~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [TBPS] C:\ARCHIV~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\ARCHIV~1\ARCHIV~1\WinTools\WToolsA.exe

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\ARCHIV~1\Toolbar\toolbar.dll

Reboot after doing so, preferably into safe mode and delete:
C:\Archivos de programa\Toolbar <= entire folder
C:\Archivos de programa\ARCHIV~1\WinTools <= entire folder
C:\Program Files\webHancer <= entire folder

Click Start Run and type RegEdit > click OK
The registry editor will open. Navigate to:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Expand the "Services" key in the left pane. Delete the WinTools (or similarly named) key.

Reboot normally, run HijackThis again and post a new log.
There will probably be some leftovers to take care ff.

Regards,

Pieter
  • 0

#4
petrusvanbasten
Posted 25 November 2004 - 03:20 PM

petrusvanbasten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ok Pieter,

I removed a New.Net Domain, run Services.msc but I don't understand where I have to right-click. You say in your message "Right-click on the WinTools for IE service and choose Properties". Where should I click? What is IE service..?

Sorry, I am a novice Pc user
  • 0

#5
Metallica
Posted 25 November 2004 - 03:36 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
When you click OK to execute services.msc the Services Window should open.

In the right hand pane there will be a few columns.
In the first one of those look for anything with WinTools in it's name (most likely it will be called WinTools for IE)
That is the one you want to stop. The rightclick should be made on the name of the service in that first column.

No problem by the way. We all had to learn it at one time. <_<

Regards,

Pieter
  • 0

#6
petrusvanbasten
Posted 25 November 2004 - 04:19 PM

petrusvanbasten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
First of all,
My PC language is Spanish and I cannot see anything about WinTools for IE. I look for "herramientas de Windows" or "IE" but I can't find anything...

I suppose u don't know that name in Spanish but still, Could it be possible I don't have that Wintools IE?

Thanxxxxxxxxxx <_<
  • 0

#7
admin
Posted 25 November 2004 - 10:39 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
It will take a couple tries, but Wintools can be removed by fixing the Hijack This entry, and removing the folder in safe mode.
  • 0

#8
Metallica
Posted 26 November 2004 - 01:22 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Skip that step. It is a bit harder to remove if the service is present, but like admin says, it's possible.

Just post a new HijackThis log when you are done.

Regards,

Pieter
  • 0

#9
petrusvanbasten
Posted 30 November 2004 - 03:19 PM

petrusvanbasten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
:D :o :P
I skipped that step. I checked some of the items you listed but not all of them because they simply were not in the list. I clicked FIX CHECKED and restarted the PC. I tried in SAFE MODE but the mouse wasn't working and I didn't know how to move... :D So I restarted (no SAFE MODE) and I tried to erase those folders:
C:\Archivos de programa\ARCHIV~1\WinTools <= entire folder
C:\Program Files\webHancer <= entire folder

These two above do not exist....

C:\Archivos de programa\Toolbar <= entire folder

This one cannot be erased, a message appears saying that "common.dll cannot be erased since it's being used..." and there is nothing open (no windows, programs...)

I post you a HIjack THis:

Logfile of HijackThis v1.98.2
Scan saved at 22:17:48, on 30/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\PaSSrv.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\PavFnSvr.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\PavProt.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\prevsrv.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\PsImSvc.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Archivos de programa\Trust\302KS\Mouse\mouse32a.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\ARCHIV~1\ARCHIV~1\WinTools\WToolsA.exe
C:\ARCHIV~1\Toolbar\TBPS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Trust\302KS\Keyboard\KbdAp32A.exe
C:\ARCHIV~1\Toolbar\PIB.exe
C:\Archivos de programa\Archivos comunes\WinTools\WSup.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\Archivos de programa\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gencat.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\ARCHIV~1\ARCHIV~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\ARCHIV~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Archivos de programa\Trust\302KS\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Archivos de programa\Trust\302KS\Keyboard\MMKEYBD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WinTools] C:\ARCHIV~1\ARCHIV~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\ARCHIV~1\Toolbar\TBPS.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{833BE0D2-9CFC-4E9F-AA96-1F4A803EA75F}: NameServer = 62.151.2.8,62.151.8.100
O20 - AppInit_DLLs: PAVWAIT.DLL


WHAT TO DO? And please be detailed if you wish... I am a novice <_<

thanxxxxx
  • 0

#10
Smokey
Posted 30 November 2004 - 06:24 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Let's go in there and see if a manual removal will do the trick. You may wish to print out a copy of these instructions to follow while you complete this procedure. Please move Hijack This to a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files:

C:\Archivos de programa\Archivos comunes\WinTools\
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Archivos comunes\Toolbar\

Next, please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\ARCHIV~1\ARCHIV~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinTools] C:\ARCHIV~1\ARCHIV~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\ARCHIV~1\Toolbar\TBPS.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O20 - AppInit_DLLs: PAVWAIT.DLL

If you don't use MSN Messenger, fix these too:
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

Also, you have an unnecessary office process running that is a RAM HOG! For more information and how to disable it, see here:
http://support.micro...spx?kbid=282599

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working. <_<
  • 0

#11
petrusvanbasten
Posted 01 December 2004 - 04:08 PM

petrusvanbasten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
:o :D
I did all those steps. The audio still does not work as it should (there are distorsions, they become more intense when I run an application and a program is loading...). Also it takes a lot of time to load the PC when I start it.
So I do not know if I have solved something... I cannot appreciate a difference :P

Anyway, here is the fresh HijackThis:

Logfile of HijackThis v1.98.2
Scan saved at 23:00:00, on 01/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\PaSSrv.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\PavFnSvr.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\PavProt.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\prevsrv.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\PsImSvc.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Archivos de programa\Trust\302KS\Mouse\mouse32a.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Trust\302KS\Keyboard\KbdAp32A.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gencat.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\ARCHIV~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Archivos de programa\Trust\302KS\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Archivos de programa\Trust\302KS\Keyboard\MMKEYBD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{833BE0D2-9CFC-4E9F-AA96-1F4A803EA75F}: NameServer = 62.151.2.8,62.151.8.100
O20 - AppInit_DLLs: PAVWAIT.DLL

THANXXXXXXXXXXXXXX FOR YOUR TIME and for the detailed instructions...

So, should I do any other homework??? :D :D :D :D :D <_< :D
  • 0

#12
petrusvanbasten
Posted 02 December 2004 - 03:06 PM

petrusvanbasten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
please read the previous message <_<
  • 0

#13
admin
Posted 02 December 2004 - 04:37 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Congratulations! Your system is CLEAN <_<

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP