Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please help me with this hijack [resolved]

Started by skorpio , Mar 29 2005 05:43 PM

This topic is locked

#1
skorpio

Posted 29 March 2005 - 05:43 PM

New Member

Member
3 posts

This is the hijackthislogs

Logfile of HijackThis v1.99.1
Scan saved at 08:25:35 p.m., on 29/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINXP\System32\inetsrv\inetinfo.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINXP\system32\msez32.exe
C:\ARCHIV~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Archivos de programa\Microsoft IntelliType Pro\type32.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\D-Tools\daemon.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\WINXP\system32\msfm32.exe
C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Archivos de programa\FinePixViewer\QuickDCF.exe
C:\Program files\InterMute\SpySubtract\SpySub.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINXP\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zapro.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {369C0C13-140E-4E44-BDAB-CA3E66D044FF} - C:\WINXP\system32\ipca.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Corel Graphics Suite 1117] C:\Archivos de programa\Corel\Corel Graphics 11\Register\registration.exe /title="Corel Graphics Suite 11" /date=061304 serial=DR11CRD-0012082-DGW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vptray] C:\ARCHIV~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [type32] "C:\Archivos de programa\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Archivos de programa\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=033005 serial=DR12WES-3007622-EUW lang=ES
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [msfm32.exe] C:\WINXP\system32\msfm32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunOnce: [msez32.exe] C:\WINXP\system32\msez32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Archivos de programa\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINXP\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINXP\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} - http://download.ebay...ar/eBayTBar.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancob.../GbPluginBb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B99462FA-EDAB-4A0F-9D9F-47E5FC1038A1}: NameServer = 200.45.191.35 200.45.191.40
O20 - Winlogon Notify: NavLogon - C:\WINXP\System32\NavLogon.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINXP\sysoj32.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINXP\System32\ImapiRox.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINXP\system32\ZONELABS\vsmon.exe

#2
coachwife6

Posted 29 March 2005 - 09:25 PM

SuperStar

Retired Staff
11,413 posts

Download the latest version of Adaware SE here:
http://www.lavasoft....pport/download/
Install it, but don't run it yet.
Click on the globe in the upper right hand corner to get the latest updates.

Please download the CWShredder 2.1 (Standalone version).
http://www.intermute...r_download.html
(don't run it yet we will get to that in a minute)

Download and install APM from here:
http://www.diamondcs...ex.php?page=apm
(don't run it yet we will get to that in a minute)

Press CTRL+SHIFT+ESC , click on the Processes tab, right click the process to be killed and select End Task or End Process.
Search for

sysoj32.exe
msfm32.exe
msez32.exe

Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINXP\system32\gyuod.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINXP\system32\gyuod.dll/sp.html#28129

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {369C0C13-140E-4E44-BDAB-CA3E66D044FF} - C:\WINXP\system32\ipca.dll

O4 - HKLM\..\Run: [msfm32.exe] C:\WINXP\system32\msfm32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunOnce: [msez32.exe] C:\WINXP\system32\msez32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE<<resource hog

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancob.../GbPluginBb.cab

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINXP\sysoj32.exe (file missing)

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

sysoj32.exe
msfm32.exe
msez32.exe

Now, start APM.
In the upper window select explorer.exe

In the current log it is this file but it may have changed names.
It is currently :
C:\WINXP\sysoj32.exe <--This file name

Select Unload DLL, and click OK on the prompts that follow.

Boot into SAFE MODE by tapping the f8 key during boot up.

Run the CWShredder. Let it fix everything it finds.

Scan with AdAware SE to automatically remove the txt and html protocol associations and to clean up the remnants of the hijack.

Run Adaware SE with the following settings:

Configure Ad-aware

Click on the Gear-shaped icon at the top to open the Settings window.

All of the following settings I mention should be enabled (green checkmark). Some settings cannot be enabled in certain versions of Windows. If a setting I mention is grey and can't be enabled, skip it.

General Settings - Automatically save log-file, Automatically quarantine objects prior to removal, and Safe Mode (always request confirmation)

Scanning Settings

Scan Within Archives

Click on 'Click here to select drives + folders' and check next to each hard drive then hit ok.

Scan Active Processes

Scan Registry

Deep Scan Registry

Scan my IE favorites for banned URL’s

Scan my Hosts file

Advanced Settings - Enable all four options under 'Log-file Detail level'

Tweak Settings

Under 'Scanning Engine' - Enable 'Unload recognized processes during scanning', 'Include basic Ad-aware settings in logfile', and 'Include additional Ad-aware settings in logfile'

Under ‘Cleaning Engine’ - Enable 'Let Windows remove files in use at next reboot'

Click Proceed

Click on the 'Start' button in the lower right.

Select 'Use custom scanning options', enable 'Activate in-depth scanning', and click Next. The scan will take several minutes to complete. When the scan is complete click Next.

Right click on the list of items and click 'Select all items' then click Next. Press Yes to confirm. The detected items are now quarantined.

Close Ad-aware

If Ad-Aware SE needs to reboot to finish cleaning, please let it.

******************************************************

Please run the following online scan and let it fix everything it finds:
TrendMicro http://housecall.tre.../start_corp.asp

******************************************************

Reboot and post a new Hijackthis log.

(This is a new fix I borrowed from bleepingcomputer.com)

#3
skorpio

Posted 30 March 2005 - 10:44 AM

New Member

Topic Starter
Member
3 posts

Thanks, I think that all is OK now. Thanks again.
This is the hijcackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 01:42:29 p.m., on 30/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINXP\System32\inetsrv\inetinfo.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Archivos de programa\Microsoft IntelliType Pro\type32.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\D-Tools\daemon.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Archivos de programa\FinePixViewer\QuickDCF.exe
C:\Program files\InterMute\SpySubtract\SpySub.exe
C:\WINXP\System32\msiexec.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\System\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Corel Graphics Suite 1117] C:\Archivos de programa\Corel\Corel Graphics 11\Register\registration.exe /title="Corel Graphics Suite 11" /date=061304 serial=DR11CRD-0012082-DGW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [type32] "C:\Archivos de programa\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041405 serial=DR12WES-3007622-EUW lang=ES
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Archivos de programa\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINXP\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINXP\System32\shdocvw.dll
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} - http://download.ebay...ar/eBayTBar.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B99462FA-EDAB-4A0F-9D9F-47E5FC1038A1}: NameServer = 200.45.191.35 200.45.191.40
O20 - Winlogon Notify: NavLogon - C:\WINXP\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINXP\System32\ImapiRox.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINXP\system32\ZONELABS\vsmon.exe

#4
coachwife6

Posted 30 March 2005 - 11:00 AM

SuperStar

Retired Staff
11,413 posts

Check these in Hijack This:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\System\blank.htm

Let me know how it's running and post a new log and we'll see if everything is good to go. :tazz:

#5
skorpio

Posted 30 March 2005 - 11:06 AM

New Member

Topic Starter
Member
3 posts

Hello
I made that you say, all run oK, I think.
This is the new log and thanks again
Logfile of HijackThis v1.99.1
Scan saved at 02:04:48 p.m., on 30/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINXP\System32\inetsrv\inetinfo.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Archivos de programa\Microsoft IntelliType Pro\type32.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\D-Tools\daemon.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Archivos de programa\FinePixViewer\QuickDCF.exe
C:\Program files\InterMute\SpySubtract\SpySub.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Outlook Express\msimn.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Corel Graphics Suite 1117] C:\Archivos de programa\Corel\Corel Graphics 11\Register\registration.exe /title="Corel Graphics Suite 11" /date=061304 serial=DR11CRD-0012082-DGW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [type32] "C:\Archivos de programa\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041405 serial=DR12WES-3007622-EUW lang=ES
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Archivos de programa\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINXP\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINXP\System32\shdocvw.dll
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} - http://download.ebay...ar/eBayTBar.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B99462FA-EDAB-4A0F-9D9F-47E5FC1038A1}: NameServer = 200.45.191.35 200.45.191.40
O20 - Winlogon Notify: NavLogon - C:\WINXP\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINXP\System32\ImapiRox.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINXP\system32\ZONELABS\vsmon.exe

#6
coachwife6

Posted 30 March 2005 - 11:31 AM

SuperStar

Retired Staff
11,413 posts

Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox

.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats.