Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please help me! [RESOLVED]

Started by CaLy , Mar 11 2005 09:10 PM

This topic is locked

#1
CaLy

Posted 11 March 2005 - 09:10 PM

Member

Member
10 posts

Hello, as i explained i have a pentium 3 550 mhz with 320 of ram , windows 2000.
Antivirus = Panda
Antispyware = Spysweeper

I checked and both says i am free of viruses and spywares but i think i have a spyware or something like that...

For example, the url of my Maxthon everytime i open it is http:/// ( i tried a lot of times to use about:blank , automatically it changes to http:/// (maybe that is a spyware, i searched for that but i cant find anything)
Here is my HJT Log :

Logfile of HijackThis v1.99.0
Scan saved at 12:05:27 a.m., on 12/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINNT\Explorer.EXE
C:\Archivos de programa\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINNT\system32\internat.exe
C:\ARCHIV~1\FREEME~1\fmempro.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Archivos de programa\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Archivos de programa\Maxthon\Maxthon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINNT\System32\cidaemon.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPoET] C:\Archivos de programa\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\Run: [Windows Compliant] mqnxnp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\RunServices: [Windows Compliant] mqnxnp.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [Windows Compliant] mqnxnp.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\ARCHIV~1\FREEME~1\fmempro.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Archivos de programa\IrfanView\Ebay\Ebay.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{739A5448-D90B-4695-8E94-04F8FD54004B}: NameServer = 200.45.191.35 200.45.191.40
O23 - Service: Servicio de alerta - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Administración de aplicaciones - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Examinador de equipos - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Cliente DHCP - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\WINNT\System32\dmadmin.exe
O23 - Service: Administrador de discos lógicos - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Cliente DNS - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Registro de sucesos - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Servicio de fax - Unknown - C:\WINNT\system32\faxsvc.exe
O23 - Service: Servidor - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Estación de trabajo - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Servicio de ayuda TCP/IP NetBIOS - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Mensajero - Unknown - C:\WINNT\System32\services.exe
O23 - Service: DDE de red - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM de DDE de red - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: Inicio de sesión en red - Unknown - C:\WINNT\System32\lsass.exe
O23 - Service: Proveedor de asistencia de seguridad LM de Windows NT - Unknown - C:\WINNT\System32\lsass.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
O23 - Service: Plug and Play - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Agente de directivas IPSEC - Unknown - C:\WINNT\System32\lsass.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Almacenamiento protegido - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Administrador de cuentas de seguridad - Unknown - C:\WINNT\system32\lsass.exe
O23 - Service: Sistema de ayuda de tarjeta inteligente - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Tarjeta inteligente - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Programador de tareas - Unknown - C:\WINNT\system32\MSTask.exe
O23 - Service: Servicio RunAs - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Still Image Service - Unknown - C:\WINNT\system32\stisvc.exe
O23 - Service: Registros y alertas de rendimiento - Unknown - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet - Unknown - C:\WINNT\system32\tlntsvr.exe
O23 - Service: Cliente de seguimiento de vinculos distribuidos - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Administrador de utilidades - Unknown - C:\WINNT\System32\UtilMan.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Horario de Windows - Unknown - C:\WINNT\System32\services.exe
O23 - Service: Instrumental de administración de Windows - Unknown - C:\WINNT\System32\WBEM\WinMgmt.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Archivos de programa\iVasion\WinPoET\WrOS.EXE
O23 - Service: Exten. controlador Instrumental de admon. de Windows - Unknown - C:\WINNT\system32\Services.exe

Also, why too many times services.exe ?
Is it normal ? I want to know if i am infected with something coz sometimes when i browse some site, the FreeMem Professional goes and stay in 100% of cpu usage.
Thanks in advance !!!

Carlos

#2
Michelle

Posted 12 March 2005 - 03:02 AM

Malware Removal Goddess

Retired Staff
8,928 posts

Welcome to Geeks to Go, CaLy!

First we'll need you to download the latest version of HiJack This. Click Here to download the latest version (1.99.1). Please save it in a permanent folder (such as C:\HJT). This is to ensure that backups are saved and accessible in the event you should need it.

Make sure you are disconnected from the Internet and all windows and programs are closed. Run HiJack This and post your new log here.

Michelle :tazz:

#3
CaLy

Posted 12 March 2005 - 10:32 AM

Member

Topic Starter
Member
10 posts

Thanks for answering Michelle ! Here is my latest scan (with HJT updated) :

Logfile of HijackThis v1.99.1
Scan saved at 01:25:48 p.m., on 12/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINNT\Explorer.EXE
C:\Archivos de programa\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINNT\system32\internat.exe
C:\ARCHIV~1\FREEME~1\fmempro.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Archivos de programa\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPoET] C:\Archivos de programa\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\Run: [Windows Compliant] mqnxnp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\RunServices: [Windows Compliant] mqnxnp.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [Windows Compliant] mqnxnp.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\ARCHIV~1\FREEME~1\fmempro.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Archivos de programa\IrfanView\Ebay\Ebay.htm
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Archivos de programa\iVasion\WinPoET\WrOS.EXE

#4
CaLy

Posted 14 March 2005 - 06:59 AM

Member

Topic Starter
Member
10 posts

As no one answered should I think its all ok ?

#5
Michelle

Posted 14 March 2005 - 10:46 AM

Malware Removal Goddess

Retired Staff
8,928 posts

Thank you for your patience. Actually your log is not clean (you have a nasty worm). We need to get rid of that worm first.

Download Stinger from HERE

Once you have downloaded this:

Enable show hidden files/folders.
Windows 2000

* Open My Computer.

* Select the Tools menu and click Folder Options.

* Select the View Tab.

* Under the Hidden files and folders heading select "Show hidden files and
folders."

* Uncheck the Hide protected operating system files (recommended) option.

* Click Yes to confirm.

* Click OK.

Reboot into Safe Mode (you can get into safe mode by restarting your computer, then continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then press enter.)
Scan with Stinger.
Remove any entries it finds.
Run your Panda Anti-Virus as well.

Reboot normally and post your new log here.

Michelle :tazz:

#6
CaLy

Posted 14 March 2005 - 12:36 PM

Member

Topic Starter
Member
10 posts

Thanks for answering Michelle i will do that now :tazz:

#7
CaLy

Posted 14 March 2005 - 03:29 PM

Member

Topic Starter
Member
10 posts

I did the scan with Stinger , u said "Remove any entries it finds." but it didnt show anything, it remove automatically?
I have this setting: "On virus detection : delete"

I scanned with Stinger, then with Panda, and here is the log (again):

Logfile of HijackThis v1.99.1
Scan saved at 06:22:42 p.m., on 14/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINNT\Explorer.EXE
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Archivos de programa\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINNT\system32\internat.exe
C:\ARCHIV~1\FREEME~1\fmempro.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Archivos de programa\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPoET] C:\Archivos de programa\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\Run: [Windows Compliant] mqnxnp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\RunServices: [Windows Compliant] mqnxnp.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [Windows Compliant] mqnxnp.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\ARCHIV~1\FREEME~1\fmempro.exe" autostart
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Archivos de programa\IrfanView\Ebay\Ebay.htm
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Archivos de programa\iVasion\WinPoET\WrOS.EXE

#8
Guest_thatman_*

Posted 17 March 2005 - 12:31 PM

Guest

Hi CaLy

Welcome to geekstogo

Please read through the instructions before you start (you may want to print this out).The following items are malware and must be fixed

Please set your system to show all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKLM\..\Run: [Windows Compliant] mqnxnp.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsf.exe
O4 - HKCU\..\Run: [Windows Compliant] mqnxnp.exe
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

ntsf.exe<--Delete this file
mqnxnp.exe<--Delete this file

Exit Explorer.

Reboot into normal mode.
Don't use the anti-virus program on your system.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:

#9
CaLy

Posted 17 March 2005 - 04:07 PM

Member

Topic Starter
Member
10 posts

Thanks for answering ! I did what u said, but i cant save any log of housecall coz i didnt saw that option .... :tazz:

But it found one thing and removed ...

here is the log of Panda :
Incident Status Location

Adware:Adware/CWS.Aboutblank No disinfected Windows Registry

#10
CaLy

Posted 17 March 2005 - 04:12 PM

Member

Topic Starter
Member
10 posts

Sorry here is the new log of HJT :

Logfile of HijackThis v1.99.1
Scan saved at 07:08:48 p.m., on 17/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Archivos de programa\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Archivos de programa\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINNT\system32\internat.exe
C:\ARCHIV~1\FREEME~1\fmempro.exe
C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINNT\System32\cidaemon.exe
C:\Archivos de programa\Maxthon\Maxthon.exe
C:\totalcmd\TOTALCMD.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinPoET] C:\Archivos de programa\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\ARCHIV~1\FREEME~1\fmempro.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{739A5448-D90B-4695-8E94-04F8FD54004B}: NameServer = 200.45.191.35 200.45.191.40
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\pavsrv50.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Archivos de programa\iVasion\WinPoET\WrOS.EXE

One question: Why the Panda online found it and not spysweeper and or the Titanium i have running?

#11
Guest_thatman_*

Posted 17 March 2005 - 04:31 PM

Guest

Hi CaLy

One question: Why the Panda online found it and not spysweeper and or the Titanium i have running? most malware attacks dissable anti-virus and other defences.

Download the ccleaner
I use this Program and is setup like this all boxs are check. Then chose Auto start.

Clean out all temp files in Mozilla, Internet Explorer.
Internet Explorer: Tools/ Internet Options/ General/ Temporary internet files/ Delete Files (NOTE, that this may take very long!). You can also set the memory limit to about 80 MB at the Settings.

Mozilla: Edit/ Options/ Extended/ Cache/ Clear Cache

Turn of system restore
Disabling or enabling Windows XP System Restore

Defrag your hard drive turn system restore back on and create a new restore point.

Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here
QUOTE
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here http://windowsupdate.microsoft.com/ to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox user posted image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

After doing all these, your system will be thoroughly protected from future threats.