Sorry I posted twice, I read that I needed to run Highjack with all the msconfig things checked, and posted that log in a new post. Sorry, sorry, idiot newbie here. I just deleted here the old log and posted the new.
This is my log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:37 p.m., on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\HP\HP Share-to-Web\hpgs2wnf.exe
C:\ARCHIV~1\McAfee\MSC\mcmscsvc.exe
c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe
c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\HP\Digital Imaging\Bin\hpqSTE08.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de programa\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Archivos de programa\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O15 - Trusted Zone: www.hotmail.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
--
End of file - 5436 bytes
Ccleaner unistall list
Actualización de seguridad para Windows XP (KB943055)
Actualización de seguridad para Windows XP (KB946026)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
BufferChm
CCleaner (remove only)
CustomerResearchQFolder
D2300
D2300_Help
DeviceManagementQFolder
Disco de recuerdos de HP
eSupportQFolder
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photo and Imaging 2.3 - Scanjet 4600 Series
HP Photosmart and Deskjet 7.0 Software (esn)
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HPSU306Stub
Intel® Graphics Media Accelerator Driver
MarketResearch
McAfee SecurityCenter
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Software Update for Web Folders (Spanish) 12
Microsoft Text-to-Speech Engine 4.0 (English)
Panda ActiveScan
Readiris Pro 8
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
ShareIns
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Status
Toolbox
TrayApp
Unload
WebFldrs XP
WebReg
WhiteSmoke
Windows Internet Explorer 7
Windows Live Messenger
Just in case anyone else has this problem, I found my mother (it is her computer) had two toolbars: whitesmoke and textaloud. I unistalled them. Apparently, that got rid of the squares. I am still running Panda Online Active Scan, and this is what it found:
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Maggie1\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Maggie1\Cookies\maggie1@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Maggie1\Cookies\maggie1@atdmt[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Maggie1\Cookies\maggie1@bravenet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Maggie1\Cookies\maggie1@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Maggie1\Cookies\maggie1@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Maggie1\Cookies\maggie1@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Maggie1\Cookies\maggie1@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Maggie1\Cookies\maggie1@mediaplex[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Maggie1\Cookies\maggie1@tribalfusion[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Maggie1\Cookies\maggie1@weborama[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Maggie1\Escritorio\Limpieza de virus Magui\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Maggie1\Escritorio\Limpieza de virus Magui\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Maggie1\Escritorio\Limpieza de virus Magui\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Maggie1\Escritorio\Limpieza de virus Magui\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Maggie1\Escritorio\Limpieza de virus Magui\smitRem.exe[smitRem/Process.exe]
Virus:Trj/Agent.HQJ Disinfected C:\temp\svcipa.exe
Virus:Trj/Agent.HQJ Disinfected C:\WINDOWS\system32\245i2JQF.exe
Edited by Chibs, 21 March 2008 - 01:05 PM.
Sign In
Create Account
