Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

180search asistant, ist bar, [CLOSED]


  • This topic is locked This topic is locked

#1
enrique cuartas

enrique cuartas

    New Member

  • Member
  • Pip
  • 5 posts
Hey, i posted yesterday, but there was confusion and u closed my topic because i posted another one saying that i don't have rdriv.sys anymore. but i do have these other problems. sorry about that. Anyway, i hope u can help me out with this cause i'm really getting crazy, thanx in advance for ur help

My HJT log is the following

Logfile of HijackThis v1.99.1
Scan saved at 19:14:39, on 03/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\pctspk.exe
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Browser MOUSE\mouse32a.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\msupdate32.exe
C:\WINDOWS\System32\winupdate.exe
C:\WINDOWS\System32\wuamk032.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\CMMON32.EXE
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AdTools Service\AdTools.exe
C:\Program Files\AdTools Service\AdToolsKeep.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\KIKE JUANMA\Mis documentos\HijackThis.exe
C:\Archivos de programa\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\archivos de programa\180searchassistant\salmhook.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Archivos de programa\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [microsft Updates] msupdate32.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] winupdate.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [wupdate32] c:\winshs1.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\KIKEJU~1\CONFIG~1\Temp\BUNDLE~1.EXE run
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{7965BF0B-5E22-4C72-991D-429C268F1A5F}: NameServer = 200.115.102.7 200.115.100.5
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

Advertisements


#2
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
We'll use some clean-up tools first - if you already have any of these and you are sure they are the latest version then just skip and move on to the next one.

Click here to download Spybot Search & Destroy v1.4 - install, update, scan and fix all RED items it finds. Reboot when done.

Click here to download Ad-Aware SE and install. Before scanning click on "check for updates now" to make sure you have the latest reference file.
  • Click "Start"
  • Select "Perform Full System scan"
  • Click "Next" to start the scan.
When the scan is finished, the screen will tell you if anything has been found.
  • Click "Next". The bad files will be listed.
  • Right click the pane and click "Select all objects" - this will put a check mark in the box at the side.
  • Click "Next" again
  • Click "OK" at the prompt "# objects will be removed. Continue?".
Reboot when done.

Click here to download Microsoft AntiSpyware Beta, check for updates and run it. Reboot when done.

Click here to download ewido security suite - it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.
  • 0

#3
enrique cuartas

enrique cuartas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ok i made everything u said. now i have the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 22:14:13, on 05/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\System32\pctspk.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Browser MOUSE\mouse32a.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\inetinfo.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Archivos de programa\Spyware Doctor\swdoctor.exe
C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Documents and Settings\KIKE JUANMA\Mis documentos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Archivos de programa\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [microsft Updates] msupdate32.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] iexplorer.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [wupdate32] c:\winshs1.exe
O4 - HKLM\..\Run: [MSNS PLUS XP] inetinfo.exe
O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] iexplorer.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP] inetinfo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Archivos de programa\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

and the ewido log too

---------------------------------------------------------
ewido security suite - Report de exploración
---------------------------------------------------------

+ Creado en: 21:31:34, 05/08/2005
+ Report-Checksum: 58406A4B

+ Scan result:

HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error durante limpieza
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error durante limpieza
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error durante limpieza
C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\H1T70OO7\stubinstaller5041[1].ex_ -> TrojanDownloader.Small.asf : Limpio con backup
C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\H1T70OO7\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Limpio con backup
C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\X100BA3N\istbarcm[1].dll -> TrojanDownloader.IstBar.kg : Limpio con backup
C:\WINDOWS\system32\phr.exe -> Trojan.MulDrop.1732 : Limpio con backup
C:\WINDOWS\Temp\dbmanager.exe -> Spyware.WinAD : Limpio con backup
C:\WINDOWS\Temp\resB.tmp -> Spyware.180Solutions : Limpio con backup
C:\WINDOWS\Temp\BUNDLE~1.EXE -> Adware.Saha : Limpio con backup
C:\WINDOWS\Temp\res1A.tmp -> Spyware.180Solutions : Limpio con backup
C:\Documents and Settings\KIKE JUANMA\Configuración local\Temp\uninstall.exe -> TrojanDownloader.IstBar.gi : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP9\A0007593.exe -> Spyware.WinAD : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP9\A0007594.exe -> Spyware.AdTools : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP9\A0007611.exe -> Spyware.BargainBuddy : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP9\A0007616.exe -> Trojan.MulDrop.1732 : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP9\A0007646.EXE -> Adware.Saha : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP9\A0007650.exe -> TrojanDownloader.Dyfuca.ei : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP9\A0007652.dll -> TrojanDownloader.IstBar.kg : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP9\A0007657.dll -> Adware.SAHA : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP9\A0007658.exe -> Adware.SAHA : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP10\A0010840.exe -> Trojan.MulDrop.1732 : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP10\A0010915.exe -> Spyware.WinAD : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP10\A0010916.exe -> Trojan.MulDrop.1732 : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP10\A0010977.exe -> Trojan.MulDrop.1732 : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP11\A0013042.exe -> Trojan.MulDrop.1732 : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP12\A0013068.exe -> Spyware.WinAD : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP12\A0013069.exe -> Spyware.AdTools : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP14\A0013103.exe -> TrojanDownloader.IstBar.gi : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP15\A0013129.DLL -> TrojanDownloader.IstBar.kg : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP15\A0013160.exe -> Spyware.BargainBuddy : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP15\A0013161.exe -> Spyware.BargainBuddy : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP15\A0013162.srg -> Spyware.BargainBuddy : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP15\A0013163.exe -> Spyware.BargainBuddy : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP15\A0013164.vxd -> Spyware.BargainBuddy : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP15\A0013165.DLL -> TrojanDownloader.Dyfuca : Limpio con backup
C:\System Volume Information\_restore{5C1A4E41-E916-476B-923E-4B2A5D874168}\RP15\A0013167.exe -> Spyware.BargainBuddy : Limpio con backup
:mozilla.6:C:\FOUND.001\FILE0000.CHK -> Spyware.Cookie.Fastclick : Limpio con backup
:mozilla.7:C:\FOUND.001\FILE0000.CHK -> Spyware.Cookie.Fastclick : Limpio con backup
:mozilla.8:C:\FOUND.001\FILE0000.CHK -> Spyware.Cookie.Fastclick : Limpio con backup
:mozilla.9:C:\FOUND.001\FILE0000.CHK -> Spyware.Cookie.Fastclick : Limpio con backup
:mozilla.16:C:\FOUND.001\FILE0000.CHK -> Spyware.Cookie.Revenue : Limpio con backup
D:\copia\misdoc\Juan Manuel\Installer\Juegos\war3demo.zip/war3demo/war3demo.exe -> Not-A-Virus.Joke.FakeDel.h : Limpio con backup


::Fin Report

ok thanx for ur help, so i'm looking forward to hear any news and some advices to follow on
  • 0

#4
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O4 - HKLM\..\Run: [microsft Updates] msupdate32.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] iexplorer.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [wupdate32] c:\winshs1.exe
O4 - HKLM\..\Run: [MSNS PLUS XP] inetinfo.exe
O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] iexplorer.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP] inetinfo.exe


Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
  • 0

#5
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Due to inactivity this topic will be closed.

If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP