Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I NEED HELP!


  • Please log in to reply

#1
petruccichile

petruccichile

    New Member

  • Member
  • Pip
  • 3 posts
hi everybody, this is my first post, weel my english is very bad, i have a problem whit my recicle bin, i have any pop up and UMonitor error to the begin my sistem,


i ejecute the " HIJACTHIS " and this was the result...

Logfile of HijackThis v1.99.0
Scan saved at 23:01:47, on 11-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\ARCHIV~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\ARCHIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\S3apphk.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Rodrigo\Escritorio\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashb...Dgz&ver=2.1.0.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=200.72.246.26:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash By FlashFavorite - res://C:\ARCHIV~1\FLASHF~1\FFCom.dll/IeMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: FlashFavorite - {4335F0BE-9AAF-4023-9929-681B937B814A} - C:\ARCHIV~1\FLASHF~1\FFCom.dll
O9 - Extra 'Tools' menuitem: Flash Favorite - {4335F0BE-9AAF-4023-9929-681B937B814A} - C:\ARCHIV~1\FLASHF~1\FFCom.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.1....chm::/file.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...bio5_3_18_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O16 - DPF: {F718F66B-7989-4DD8-B00B-BEF1EEECF3A6} - http://juego.rallymo.../jiquique01.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84E5A640-7941-4DD5-B458-371A3F8C8D55}: NameServer = 200.28.4.129 200.28.4.130
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Administración de IIS - Unknown - C:\WINDOWS\System32\inetsrv\inetinfo.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Escritorio remoto compartido de NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE de red - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM de DDE de red - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\ARCHIV~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Sistema de ayuda de tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Protocolo simple de transferencia de correo (SMTP) - Unknown - C:\WINDOWS\System32\inetsrv\inetinfo.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\ARCHIV~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown - C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Registros y alertas de rendimiento - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Instantáneas de volumen - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Publicación en World Wide Web - Unknown - C:\WINDOWS\System32\inetsrv\inetinfo.exe
O23 - Service: Adaptador de rendimiento de WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe


Before I ejecute " Find It NT-2K-XP " and the result is this ...


Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Find.bat is running from: C:\Find It NT-2K-XP

------- System Files in System32 Directory -------

El volumen de la unidad C es DISCO WINXP
El n£mero de serie del volumen es: 74E1-5711

Directorio de C:\WINDOWS\System32

11-01-2005 21:44 <DIR> dllcache
11-01-2005 19:11 224.990 l82slif7182.dll
11-01-2005 18:29 224.990 dynaddr.dll
11-01-2005 18:29 225.266 l6p20g7oe6.dll
11-01-2005 18:26 224.990 rXsppp.dll
11-01-2005 17:45 224.434 h2n00c5mef.dll
11-01-2005 16:29 225.021 jt8q07l5e.dll
11-01-2005 16:12 223.379 MKJT4JLT.DLL
11-01-2005 16:02 224.872 gpr4l39q1.dll
11-01-2005 14:36 223.379 n4l80e3ueh.dll
11-01-2005 13:29 223.379 dfmodemx.dll
11-01-2005 11:26 223.379 lvn2095oe.dll
11-01-2005 05:16 223.099 ir28l5fu1.dll
11-01-2005 03:20 224.721 k226lcfs1f26.dll
10-01-2005 23:55 223.099 me43dmod.dll
10-01-2005 23:55 224.509 h0j4la1q1d.dll
10-01-2005 14:43 223.190 r46ulej91ho.dll
10-01-2005 13:31 222.540 n86qlij518o.dll
09-01-2005 22:01 222.861 kt0ol7d31.dll
09-01-2005 21:37 226.137 kt44l7hq1.dll
09-01-2005 16:32 226.137 o266lcjs1fo6.dll
09-01-2005 14:24 226.137 wgfapi.dll
09-01-2005 02:03 226.137 aza4lghq164e.dll
08-01-2005 20:33 226.137 ilssuba.dll
08-01-2005 20:33 222.565 k4js0e17eh.dll
08-01-2005 18:55 224.307 l66o0gj3e6o.dll
08-01-2005 12:16 225.118 ktn0l75m1.dll
07-01-2005 21:11 224.174 damap.dll
07-01-2005 13:01 224.418 m6julg1916.dll
06-01-2005 23:09 223.232 g0402ahmgd4a2.dll
29-12-2004 11:09 56 2C707E59EB.sys
29-12-2004 11:09 9.394 KGyGaAvL.sys
30-10-2004 23:31 107 SftGrd.cfg
11-10-2004 17:15 <DIR> Microsoft
30-09-1999 20:21 166.672 mstext35.dll
28-09-1999 22:42 1.050.896 msjet35.dll
09-09-1999 23:06 252.688 msexcl35.dll
09-09-1999 23:06 168.720 msltus35.dll
25-08-1999 15:57 415.504 msrepl35.dll
10-06-1999 10:34 24.848 msjter35.dll
10-06-1999 10:34 123.664 msjint35.dll
07-06-1999 19:59 250.128 mspdox35.dll
25-04-1999 18:00 368.912 Vbar332.dll
25-04-1999 18:00 252.176 Msrd2x35.dll
25-04-1999 18:00 287.504 Msxbse35.dll
43 archivos 9.877.866 bytes
2 dirs 2.264.555.520 bytes libres

------- Hidden Files in System32 Directory -------

El volumen de la unidad C es DISCO WINXP
El n£mero de serie del volumen es: 74E1-5711

Directorio de C:\WINDOWS\System32

11-01-2005 21:44 <DIR> dllcache
11-01-2005 20:10 526 vsconfig.xml
11-01-2005 03:47 4.212 zllictbl.dat
29-12-2004 11:09 56 2C707E59EB.sys
29-12-2004 11:09 9.394 KGyGaAvL.sys
30-10-2004 23:31 107 SftGrd.cfg
19-09-2004 00:45 488 WindowsLogon.manifest
19-09-2004 00:45 488 logonui.exe.manifest
19-09-2004 00:45 749 cdplayer.exe.manifest
19-09-2004 00:45 749 ncpa.cpl.manifest
19-09-2004 00:45 749 wuaucpl.cpl.manifest
19-09-2004 00:45 749 nwc.cpl.manifest
19-09-2004 00:45 749 sapi.cpl.manifest
12 archivos 19.016 bytes
1 dirs 2.264.551.424 bytes libres

------------ Files Named "Guard" ---------------

El volumen de la unidad C es DISCO WINXP
El n£mero de serie del volumen es: 74E1-5711

Directorio de C:\WINDOWS\System32

11-01-2005 21:22 225.266 guard.tmp
1 archivos 225.266 bytes
0 dirs 2.264.551.424 bytes libres

------ Temp Files in System32 Directory ------

El volumen de la unidad C es DISCO WINXP
El n£mero de serie del volumen es: 74E1-5711

Directorio de C:\WINDOWS\System32

11-01-2005 21:22 225.266 guard.tmp
11-08-2004 00:41 5.550.080 setb2.tmp
24-08-2001 13:00 2.909 CONFIG.TMP
23-08-2001 09:00 147.483 scrrun.dll.tmp
4 archivos 5.925.738 bytes
0 dirs 2.264.551.424 bytes libres

------------------ User Agent ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{961C19C2-5BD1-4EFA-8105-74248D35A42F}"=""


------------- Keys Under Notify -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l6p20g7oe6.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


------------- Locate.com Results -------------

C:\WINDOWS\SYSTEM32\
2c707e~1.sys Wed 29 Dec 2004 11:09:24 ..SHR 56 0,05 K
aza4lg~1.dll Sun 9 Jan 2005 2:03:36 ..S.R 226.137 220,84 K
damap.dll Fri 7 Jan 2005 21:11:18 ..S.R 224.174 218,92 K
dfmodemx.dll Tue 11 Jan 2005 13:29:38 ..S.R 223.379 218,14 K
dynaddr.dll Tue 11 Jan 2005 18:29:14 ..S.R 224.990 219,71 K
g0402a~1.dll Thu 6 Jan 2005 23:09:14 ..S.R 223.232 218,00 K
gpr4l3~1.dll Tue 11 Jan 2005 16:02:38 ..S.R 224.872 219,60 K
h0j4la~1.dll Mon 10 Jan 2005 23:56:00 ..S.R 224.509 219,25 K
h2n00c~1.dll Tue 11 Jan 2005 17:45:20 ..S.R 224.434 219,17 K
ilssuba.dll Sat 8 Jan 2005 20:33:48 ..S.R 226.137 220,84 K
ir28l5~1.dll Tue 11 Jan 2005 5:16:52 ..S.R 223.099 217,87 K
jt8q07~1.dll Tue 11 Jan 2005 16:29:02 ..S.R 225.021 219,75 K
k226lc~1.dll Tue 11 Jan 2005 3:20:54 ..S.R 224.721 219,45 K
k4js0e~1.dll Sat 8 Jan 2005 20:33:48 ..S.R 222.565 217,35 K
kgygaavl.sys Wed 29 Dec 2004 11:09:24 A.SH. 9.394 9,17 K
kt0ol7~1.dll Sun 9 Jan 2005 22:01:38 ..S.R 222.861 217,64 K
kt44l7~1.dll Sun 9 Jan 2005 21:37:06 ..S.R 226.137 220,84 K
ktn0l7~1.dll Sat 8 Jan 2005 12:16:56 ..S.R 225.118 219,84 K
l66o0g~1.dll Sat 8 Jan 2005 18:55:24 ..S.R 224.307 219,05 K
l6p20g~1.dll Tue 11 Jan 2005 18:29:14 ..S.R 225.266 219,98 K
l82sli~1.dll Tue 11 Jan 2005 19:11:30 ..S.R 224.990 219,71 K
lvn209~1.dll Tue 11 Jan 2005 11:26:42 ..S.R 223.379 218,14 K
m6julg~1.dll Fri 7 Jan 2005 13:01:54 ..S.R 224.418 219,16 K
me43dmod.dll Mon 10 Jan 2005 23:56:00 ..S.R 223.099 217,87 K
mkjt4jlt.dll Tue 11 Jan 2005 16:12:46 ..S.R 223.379 218,14 K
n4l80e~1.dll Tue 11 Jan 2005 14:36:38 ..S.R 223.379 218,14 K
n86qli~1.dll Mon 10 Jan 2005 13:31:04 ..S.R 222.540 217,32 K
o266lc~1.dll Sun 9 Jan 2005 16:32:32 ..S.R 226.137 220,84 K
r46ule~1.dll Mon 10 Jan 2005 14:43:56 ..S.R 223.190 217,96 K
rxsppp.dll Tue 11 Jan 2005 18:26:04 ..S.R 224.990 219,71 K
sftgrd.cfg Sat 30 Oct 2004 23:31:44 A.SHR 107 0,10 K
vsconfig.xml Tue 11 Jan 2005 20:10:36 A..H. 526 0,51 K
wgfapi.dll Sun 9 Jan 2005 14:24:32 ..S.R 226.137 220,84 K
zllictbl.dat Tue 11 Jan 2005 3:47:28 ...H. 4.212 4,11 K

34 items found: 34 files, 0 directories.
Total of file sizes: 6.520.892 bytes 6,22 M

-------- Strings.exe Qoologic Results --------


--------- Strings.exe Aspack Results ---------


-------------- HKLM Run Key ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3apphk"="S3apphk.exe"
"MessengerPlus3"="\"C:\\Archivos de programa\\Messenger Plus! 3\\MsgPlus.exe\""
"Zone Labs Client"="C:\\ARCHIV~1\\ZONELA~1\\ZONEAL~1\\zlclient.exe"
"OfficeGuard RegChecker"="\"C:\\Archivos de programa\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\ogrc.exe\""
"AVPCC"="\"C:\\Archivos de programa\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\avpcc.exe\" /wait"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


THANKS FOR YOUR HELP!! I NEED YOU PLIS !!

:tazz: ;)
  • 0

Advertisements


#2
irealityworldi

irealityworldi

    Member

  • Member
  • PipPip
  • 61 posts
All right. From what I'm hearing about a Umonitor.dll popup, you definitely have the VX2 infection. Thanks for posting a Find It log! Now we can get to work on cleaning up your system.

I will be posting again shortly as I get my reply reviewed by an expert. I don't want to tell you anything incorrect in my analysis of your computer. When I do post, I will have a list of things for you to try to get rid of the VX2 infection. :tazz:
  • 0

#3
petruccichile

petruccichile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

All right. From what I'm hearing about a Umonitor.dll popup, you definitely have the VX2 infection. Thanks for posting a Find It log! Now we can get to work on cleaning up your system.

I will be posting again shortly as I get my reply reviewed by an expert. I don't want to tell you anything incorrect in my analysis of your computer. When I do post, I will have a list of things for you to try to get rid of the VX2 infection.  :tazz:

View Post



Thank you for your response, now I am going to wait for some solution for my problem for stay truth complicates me very much

Again, thank you very much for your time
  • 0

#4
irealityworldi

irealityworldi

    Member

  • Member
  • PipPip
  • 61 posts
Ok, I got this approved so try this. Follow the instructions carefully - post if you don't understand anything! (sorry I couldn't type them in Spanish or something for you...)
  • Download the Pocket Killbox.
  • Unzip the contents of KillBox.zip to a convenient location.
  • Double-click on KillBox.exe.
  • Click "Replace on Reboot" and check the "Use Dummy" box.
  • Paste this file into the top "Full Path of File to Delete" box.
    • C:\WINDOWS\System32\l82slif7182.dll
  • Click the "Delete File" button which looks like a stop sign.
  • Click "Yes" at the Replace on Reboot prompt.
  • Click "No" at the Pending Operations prompt.
  • Repeat steps 4-8 above for these files:
    • C:\WINDOWS\System32\dynaddr.dll
    • C:\WINDOWS\System32\l6p20g7oe6.dll
    • C:\WINDOWS\System32\rXsppp.dll
    • C:\WINDOWS\System32\h2n00c5mef.dll
    • C:\WINDOWS\System32\jt8q07l5e.dll
    • C:\WINDOWS\System32\MKJT4JLT.DLL
    • C:\WINDOWS\System32\gpr4l39q1.dll
    • C:\WINDOWS\System32\n4l80e3ueh.dll
    • C:\WINDOWS\System32\dfmodemx.dll
    • C:\WINDOWS\System32\lvn2095oe.dll
    • C:\WINDOWS\System32\ir28l5fu1.dll
    • C:\WINDOWS\System32\k226lcfs1f26.dll
    • C:\WINDOWS\System32\me43dmod.dll
    • C:\WINDOWS\System32\h0j4la1q1d.dll
    • C:\WINDOWS\System32\r46ulej91ho.dll
    • C:\WINDOWS\System32\n86qlij518o.dll
    • C:\WINDOWS\System32\kt0ol7d31.dll
    • C:\WINDOWS\System32\kt44l7hq1.dll
    • C:\WINDOWS\System32\o266lcjs1fo6.dll
    • C:\WINDOWS\System32\wgfapi.dll
    • C:\WINDOWS\System32\aza4lghq164e.dll
    • C:\WINDOWS\System32\ilssuba.dll
    • C:\WINDOWS\System32\k4js0e17eh.dll
    • C:\WINDOWS\System32\l66o0gj3e6o.dll
    • C:\WINDOWS\System32\ktn0l75m1.dll
    • C:\WINDOWS\System32\damap.dll
    • C:\WINDOWS\System32\m6julg1916.dll
    • C:\WINDOWS\System32\g0402ahmgd4a2.dll
  • Make sure "Replace on Reboot" and "Use Dummy" box are still checked.
  • Paste this file into the top "Full Path of File to Delete" box.
    • C:\WINDOWS\System32\Guard.tmp
  • Click the "Delete File" button which looks like a stop sign.
  • Click "Yes" at the Replace on Reboot prompt.
  • Click "Yes" at the Pending Operations prompt to restart your computer.
  • Double-click on find.bat and post the new output.txt.
  • DO NOT REBOOT AFTER POSTING THE NEW OUTPUT.TXT Please wait until you get a reply from me / someone else for further instructions or if you have to reboot (or shutdown in any way), then post a new log after you have re-logged on. New files come back after each reboot. :tazz:
Good Luck. ;)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP