Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cws_ns3

Started by rasta11 , Oct 01 2004 01:46 PM

  • Please log in to reply

#16
rasta11
Posted 02 October 2004 - 09:28 AM

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :sábado, 2 de Outubro de 2004 16:22:15
Created with Ad-aware Personal, free for private use.
Using reference-file :01R342 25.09.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R342 25.09.2004
Internal build : 276
File location : C:\Programas\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1347890 Bytes
Signature data size : 1325938 Bytes
Reference data size : 21888 Bytes
Signatures total : 29315
Target categories : 10
Target families : 558

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:54 %
Total physical memory:261616 kb
Available physical memory:138868 kb
Total page file size:632064 kb
Available on page file:543460 kb
Total virtual memory:2097024 kb
Available virtual memory:2056492 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


02-10-2004 16:22:15 - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 02-10-2004 15:22:02
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 15:22:05
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 15:22:05
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Aplica
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 15:22:05
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 15:22:06
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 15:22:06
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:7 [incdsrv.exe]
FilePath : C:\Programas\Ahead\InCD\
ThreadCreationTime : 02-10-2004 15:22:06
BasePriority : Normal
FileSize : 784 KB
FileVersion : 4, 1, 0, 1
ProductVersion : 4, 1, 0, 1
Copyright : Copyright
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
OriginalFilename : incdsrv.exe
ProductName : AHEAD Software incdsrv
Created on : 23-07-2004 10:08:52
Last accessed : 02-10-2004 14:59:16
Last modified : 13-12-2003 4:43:02

#:8 [logonui.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 15:22:06
BasePriority : Normal
FileSize : 493 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Interface de utilizador de in
InternalName : LOGONUI
OriginalFilename : LOGONUI.EXE
ProductName : Sistema operativo Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 15:22:08
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:10 [mdm.exe]
FilePath : C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\
ThreadCreationTime : 02-10-2004 15:22:08
BasePriority : Normal
FileSize : 314 KB
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft
Created on : 19-06-2003 22:25:00
Last accessed : 02-10-2004 14:59:16
Last modified : 19-06-2003 22:25:00

#:11 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 15:22:08
BasePriority : Normal
FileSize : 60 KB
FileVersion : 6.13.10.3082
ProductVersion : 6.13.10.3082
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 30.82
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 30.82
Created on : 05-05-2003 10:27:37
Last accessed : 02-10-2004 14:59:16
Last modified : 05-05-2003 10:27:37

#:12 [lhfpo]
FilePath : C:\WINDOWS\FaxSetup.log:
ThreadCreationTime : 02-10-2004 15:22:08
BasePriority : Normal


#:13 [userinit.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 15:22:12
BasePriority : Normal
FileSize : 22 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : Aplica
InternalName : userinit
OriginalFilename : USERINIT.EXE
ProductName : Sistema operativo Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 02-10-2004 15:22:12
BasePriority : High
FileSize : 982 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Explorador do Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 15:03:30
Last modified : 25-04-2003 12:00:00

#:15 [ad-aware.exe]
FilePath : C:\Programas\Lavasoft\Ad-aware 6\
ThreadCreationTime : 02-10-2004 15:22:12
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 02-10-2004 15:03:43
Last accessed : 02-10-2004 15:04:22
Last modified : 12-07-2003 21:00:20

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0

Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

VX2 Object recognized!
Type : File
Data : bplhazr.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileSize : 37 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : callinghome.biz
CompanyName : callinghome.biz
FileDescription : Installation utility for www.callinghome.biz
InternalName : Calling Home
OriginalFilename : Caller.exe
ProductName : Calling Home
Created on : 01-10-2004 15:29:03
Last accessed : 02-10-2004 14:59:16
Last modified : 20-07-2004 15:33:58




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


16:24:28 Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:02:12:672
Objects scanned :49377
Objects identified :1
Objects ignored :0
New objects :1
  • 0

Advertisements

#17
rasta11
Posted 02 October 2004 - 09:41 AM

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
sorry, forgot hijackthis...thanks


Logfile of HijackThis v1.98.2
Scan saved at 16:41:39, on 02-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\FaxSetup.log:lhfpo
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\Programas\Ahead\InCD\InCD.exe
C:\Programas\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\iptz32.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\WINDOWS\System32\bplhazr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\win xp\Application Data\sohe.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\win xp\Os meus documentos\Rui\Diversos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lkxxy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lkxxy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lkxxy.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ozafgzsit...42YPwFkgIn.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligaçġes
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C45410F7-1A22-A509-8145-C396D0E0B9E0} - C:\WINDOWS\system32\apixg32.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [window rule] C:\PROGRA~1\MATHRE~1\gram third.exe
O4 - HKLM\..\Run: [deadtransjugscamp] C:\Documents and Settings\All Users\Application Data\FunkAcidDeadTrans\CopyAcid.exe
O4 - HKLM\..\Run: [iptz32.exe] C:\WINDOWS\system32\iptz32.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [omlhqflrqlvee] C:\WINDOWS\System32\bplhazr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aubc] C:\Documents and Settings\win xp\Application Data\sohe.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O12 - Plugin for .mpg: C:\Programas\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093539524156
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - C:\WINDOWS\System32\vbsys.dll
  • 0

#18
Yarnouth
Posted 02 October 2004 - 09:59 AM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
There are some things to sort here. Pleaase do the following :
Download Lavasoft's VX2 Cleaner plug-in here
http://www.lavasoftu...x2cleaner.shtml

How to use Lavasoft's VX2 Cleaner plug-in

- Close Ad-Aware 6 and Ad-Watch (if running)
- Download the free VX2 Cleaner at http://updates.ls-se...lvx2cleaner.exe
- Install the VX2 Cleaner
- Start Ad-Aware 6
- Go to "Plug-ins"
- Select the VX2 Cleaner plug-in and click "Run Plugin"
- If your computer isn't infected, click "Close".


If your computer is infected

- Select "Clean system"
- Reboot your computer
- Scan your computer with Ad-Aware
- Remove any VX2 objects detected
- Reboot your computer again
- Run a second scan to make sure the files have been removed from your computer

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :D

Thanks <_<
  • 0

#19
rasta11
Posted 02 October 2004 - 10:14 AM

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
i can´t run plug in...i click and it does´t do anything...
  • 0

#20
Yarnouth
Posted 02 October 2004 - 10:19 AM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
You mean the .exe file itself or the link?
  • 0

#21
rasta11
Posted 02 October 2004 - 10:24 AM

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
exe.file..when i click run plug in...thanks
  • 0

#22
Yarnouth
Posted 02 October 2004 - 10:37 AM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.


Reboot your PC.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

After this:
Let's start with a couple of free programs:
CWShredder is the first to run. Here's why: If a CoolWebSearch variant is indeed running on your system, it may actually prevent you from running spyware scans. It is smart enough to detect efforts to detect it, and stop them. Download CWShredder to your desktop or other location. Close all browser windows, double click the CWShredder icon to run, then click the Fix -> button. When finished, reboot and run Spybot Search & Destroy.

Spybot Search & Destroy Download and install. Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button. You may need to run Spybot S&D multiple times to remove all infections.

When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log
  • 0

#23
rasta11
Posted 02 October 2004 - 11:03 AM

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
housecall didn´t work..when i try again it said it was alredy runing...
should i do the rest?
thenks
  • 0

#24
Yarnouth
Posted 02 October 2004 - 11:08 AM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
The removal of these items require patience and following my words explicitly. Including any re boot.
Sound to me like the window running the scan was closed. Re boot and start again please.
  • 0

#25
rasta11
Posted 02 October 2004 - 01:08 PM

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Logfile of HijackThis v1.98.2
Scan saved at 20:07:37, on 02-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\Programas\Ahead\InCD\InCD.exe
C:\Programas\Messenger Plus! 3\MsgPlus.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\Programas\The Cleaner\tca.exe
C:\Programas\The Cleaner\tcm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\win xp\Application Data\sohe.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\win xp\Os meus documentos\Rui\Diversos\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\otczo.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\otczo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\otczo.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qwmohwlbg...42YPwFkgIn.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligaçġes
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [window rule] C:\PROGRA~1\MATHRE~1\gram third.exe
O4 - HKLM\..\Run: [deadtransjugscamp] C:\Documents and Settings\All Users\Application Data\FunkAcidDeadTrans\CopyAcid.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [tcactive] C:\Programas\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Programas\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aubc] C:\Documents and Settings\win xp\Application Data\sohe.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O12 - Plugin for .mpg: C:\Programas\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093539524156
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - C:\WINDOWS\System32\vbsys.dll
  • 0

Advertisements

#26
rasta11
Posted 02 October 2004 - 01:13 PM

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
sorry if i took to much time doing this...
thanks again
  • 0

#27
rasta11
Posted 02 October 2004 - 02:25 PM

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
help please....
  • 0

#28
Yarnouth
Posted 02 October 2004 - 03:21 PM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
I can see jonnyrotten has helped you here.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\otczo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\otczo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\otczo.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qwmohwlbg...42YPwFkgIn.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligaçġes
O4 - HKLM\..\Run: [window rule] C:\PROGRA~1\MATHRE~1\gram third.exe
O4 - HKLM\..\Run: [deadtransjugscamp] C:\Documents and Settings\All Users\Application Data\FunkAcidDeadTrans\CopyAcid.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKCU\..\Run: [Aubc] C:\Documents and Settings\win xp\Application Data\sohe.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O12 - Plugin for .mpg: C:\Programas\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093539524156
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - C:\WINDOWS\System32\vbsys.dll

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\otczo.dll
C:\WINDOWS\System32\vbsys.dll
C:\PROGRA~1\MATHRE~1\gram third.exe
C:\Documents and Settings\All Users\Application Data\FunkAcidDeadTrans\CopyAcid.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\Documents and Settings\win xp\Application Data\sohe.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and include a new log from the getservices zip that jonny advised you on.
You will need to keep your computer on during the fix.
  • 0

#29
rasta11
Posted 04 October 2004 - 05:28 AM

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
i have cws_ns3 on my pc..can anyone help me again???
please...
  • 0

#30
rasta11
Posted 04 October 2004 - 10:42 AM

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
i have cws_ns3 on my pc..can anyone help me?
thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP