My computer is a mess, very slowly, when I display desk it appears a window that says Cant find file:///C/windows/privacy_ , when I look for the properties of the systen there is a sign inside the window of Virus Alert, the monitor is unhable to set a screen to the desk it seems to be disabled and much other prolblems
Sakyro 0 Newbie Poster
tiger86 16 Posting Pro
just sounds to me like one of those nasty spywares that makes ads pop up all over your computer. I would download AVG and run it also you can run silent runners and hijack this if you want to know whats going on in the background. By the way Virus alert is a awesome topic name by the greatest artist of all time Weird al Yankovic "Virus alert it makes you physically attracted to sheep." Okay thats not a direct quote just what I remember off my head so if you aren't attracted to sheep your doing good :P
jholland1964 650 Posting Expert Team Colleague Featured Poster
Hi, welcome to daniweb.
Couple things you need to do here to begin, go HERE
Follow the instructions there, especially ATF-Cleaner, the Malwarebytes' program (be sure to have it FIX what it finds) and save the log, the ESET Online scanner and save the log.
After doing those steps then download HiJackThis.
Run a Full System Scan with it and save the log.
Post back here with all three logs and I'll take a look and see if other steps need to be taken.
Judy
Sakyro 0 Newbie Poster
Hi Judy thanks for answering me, it´s going to take me longer to do all wath you advise to me because english is not my main language, but I will do it ok
By Isaac
jholland1964 650 Posting Expert Team Colleague Featured Poster
Hi Isaac, basically all you have to do is click on the link provided and download and run the programs. You won't be asked a lot of questions. Just run the programs needed.
The main things to do are run the ATF-Cleaner. This will clean out temporary files.
Then run the online ESET Scanner. You have to use Internet Explorer. Save the Log.
Next program will be Malwarebytes' Anti-Malware. Install and Update. Then run the scan.
Let it FIX whatever it finds.
Save the log.
Run a new HiJackThis scan. Save the log.
Post back here with all those logs.
Take all the time you need. I'll be here.
Judy
tiger86 16 Posting Pro
Hi Judy, I will help look at the logs to help you out. I understand that not everyone speaks English. This is the World Wide Web. I will do my best to help. :)
Sakyro 0 Newbie Poster
Hi Isaac, basically all you have to do is click on the link provided and download and run the programs. You won't be asked a lot of questions. Just run the programs needed.
The main things to do are run the ATF-Cleaner. This will clean out temporary files.
Then run the online ESET Scanner. You have to use Internet Explorer. Save the Log.
Next program will be Malwarebytes' Anti-Malware. Install and Update. Then run the scan.
Let it FIX whatever it finds.
Save the log.
Run a new HiJackThis scan. Save the log.
Post back here with all those logs.Take all the time you need. I'll be here.
Judy
Hi Judy
1 – Please familiarize yourself with the following instructions as you will be asked to perform them at various points in the cleaning process:
• Booting to Safe Mode OK
• Enabling the Viewing of Hidden Files ONLY APPEARS DISABLING WHAT CAN I DO?
• Turning Off (Disabling) System Restore - (Windows ME / XP / Vista Only) OK
jholland1964 650 Posting Expert Team Colleague Featured Poster
Actually for right now, skip those, if needed we can go back to them.
Right now, best thing to do is download and run the following; Instructions and download links can be found in the sticky. Also follow instructions for running the ESET Online Scanner
ATF-Cleaner, Malwarebytes' Anti-Malware program
Finally download HiJackThis and run it. The link for that is in my post above.
Do those four things, post the three logs here and we will go from there.
Judy
tiger86 commented: Very nice and helpful and does not get frustrated easily. +1
tiger86 16 Posting Pro
Hi, I am helping out Judy help you so I may respond to your post also. Judy and I are working as a team to help you out :)
Sakyro 0 Newbie Poster
Actually for right now, skip those, if needed we can go back to them.
Right now, best thing to do is download and run the following; Instructions and download links can be found in the sticky. Also follow instructions for running the ESET Online Scanner
ATF-Cleaner, Malwarebytes' Anti-Malware program
Finally download HiJackThis and run it. The link for that is in my post above.
Do those four things, post the three logs here and we will go from there.
Judy
Hi Judy
1 - ESET Online Scanner I could not run completly to the end, is stopped before it finish
2 - ATF-Cleaner: I runed and I empty all the selected items (files) windows XP and firefox
3 - Malwarebytes' Anti-Malware program: Also runed this program and it found a lot of virus here are the logs:
Malwarebytes' Anti-Malware 1.28
Versión de la Base de Datos: 1163
Windows 5.1.2600 Service Pack 2
17/9/2008 07:22:11 a.m.
mbam-log-2008-09-17 (07-22-05).txt
Tipo de examen : Examen Completo (C:\|D:\|E:\|Z:\|)
Objetos examinados: 164431
Tiempo transcurrido: 1 hour(s), 45 minute(s), 29 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 16
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 1
Carpetas Infectadas: 6
Ficheros Infectados: 13
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74ce56ff-3469-47c0-93e1-d0cb8b203ea9} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyxysqk (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{74ce56ff-3469-47c0-93e1-d0cb8b203ea9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qalkfxor.blqg (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> No action taken.
Carpetas Infectadas:
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> No action taken.
Ficheros Infectados:
C:\WINDOWS\system32\xxyxYsQk.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\irozenboim\ppxcs.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\irozenboim\css.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\irozenboim\sccs.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG\20080823161130621.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG\20080823163311663.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG\20080823235239259.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG\20080824091908725.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG\20080824101716636.log (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\irozenboim\Favoritos\Online Security Test.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\irozenboim\Favoritos\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\irozenboim\Favoritos\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\irozenboim\Favoritos\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
Malwarebytes' Anti-Malware 1.28
Versión de la Base de Datos: 1163
Windows 5.1.2600 Service Pack 2
17/9/2008 07:25:15 a.m.
mbam-log-2008-09-17 (07-25-15).txt
Tipo de examen : Examen Completo (C:\|D:\|E:\|Z:\|)
Objetos examinados: 164431
Tiempo transcurrido: 1 hour(s), 45 minute(s), 29 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 16
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 1
Carpetas Infectadas: 6
Ficheros Infectados: 13
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74ce56ff-3469-47c0-93e1-d0cb8b203ea9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyxysqk (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74ce56ff-3469-47c0-93e1-d0cb8b203ea9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.blqg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
Carpetas Infectadas:
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
Ficheros Infectados:
C:\WINDOWS\system32\xxyxYsQk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\irozenboim\ppxcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\irozenboim\css.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\irozenboim\sccs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG\20080823161130621.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG\20080823163311663.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG\20080823235239259.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG\20080824091908725.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\Secure Solutions\Antispyware 2008 XP\LOG\20080824101716636.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\irozenboim\Favoritos\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\irozenboim\Favoritos\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\irozenboim\Favoritos\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\irozenboim\Favoritos\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
3 - HiJackThis Also runed and this is the log:
Logfile of HijackThis v1.99.1
Scan saved at 09:42:19, on 17/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\McAfee.com\Agent\mcagent.exe
C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\IOGEAR\Software Bluetooth\bin\btwdins.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\ARCHIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc.exe
c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\Archivos de programa\McAfee\VirusScan\McShield.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
C:\Archivos de programa\McAfee\MSK\MskSrver.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\ARCHIV~1\WINZIP\winzip32.exe
c:\ARCHIV~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\irozenboim\Configuración local\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ipcop.sidunor.com:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Archivos de programa\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\ARCHIV~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de programa\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CF37A95A-B325-4CBC-9026-C9F8D2638FCB} - C:\WINDOWS\system32\fccbBQHX.dll (file missing)
O2 - BHO: QXK Olive - {E10C632F-4EE5-4A71-9A84-686C3F49472C} - C:\WINDOWS\rodqgpvlstq.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Archivos de programa\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: qalkfxor - {F4FCB8FD-9E2C-43F3-8580-680B2D8EB138} - C:\WINDOWS\qalkfxor.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [mcagent_exe] C:\Archivos de programa\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\IOGEAR\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\IOGEAR\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\IOGEAR\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sidunor.com
O17 - HKLM\Software\..\Telephony: DomainName = sidunor.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sidunor.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sidunor.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Archivos de programa\SiteAdvisor\6261\SiteAdv.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Archivos de programa\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Archivos de programa\IOGEAR\Software Bluetooth\bin\btwdins.exe
O23 - Service: DirectX Service (DirectWudc) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Archivos de programa\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Archivos de programa\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Archivos de programa\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Archivos de programa\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB - Unknown owner - C:\Archivos de programa\Archivos comunes\Roxio Shared\SharedCOM8\RoxMediaDB.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Unknown owner - C:\Archivos de programa\Archivos comunes\Roxio Shared\SharedCOM8\RoxWatch.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - Unknown owner - C:\Archivos de programa\Archivos comunes\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
4 - Before I met you I download SmitFraudfix and I have a log also from them:
SmitFraudFix v2.350
Scan done at 16:41:57,32, Dom 14/09/2008
Run from C:\Documents and Settings\irozenboim\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\IOGEAR\Software Bluetooth\bin\btwdins.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\ARCHIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc.exe
c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy.exe
C:\Archivos de programa\McAfee\VirusScan\McShield.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
C:\Archivos de programa\McAfee\MSK\MskSrver.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComsX.exe
c:\ARCHIV~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\irozenboim
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\irozenboim\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\IROZEN~1\FAVORI~1
C:\DOCUME~1\IROZEN~1\FAVORI~1\Online Security Test.url FOUND !
C:\DOCUME~1\IROZEN~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\IROZEN~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\IROZEN~1\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Archivos de programa
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://64.76.179.15/InvEconomicas/common/srcMenu/global.js"
"SubscribedURL"="http://64.76.179.15/InvEconomicas/common/srcMenu/global.js"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 440x 10/100 Integrated Controller - Minipuerto del administrador de paquetes
DNS Server Search Order: 10.192.10.1
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Minipuerto del administrador de paquetes
DNS Server Search Order: 200.89.224.254
DNS Server Search Order: 200.89.224.253
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5304535A-ACF2-4D4D-BF88-EC29881FD072}: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D7053BBC-0037-482B-8915-39C833201407}: DhcpNameServer=200.89.224.254 200.89.224.253
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5304535A-ACF2-4D4D-BF88-EC29881FD072}: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D7053BBC-0037-482B-8915-39C833201407}: DhcpNameServer=200.89.224.254 200.89.224.253
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5304535A-ACF2-4D4D-BF88-EC29881FD072}: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D7053BBC-0037-482B-8915-39C833201407}: DhcpNameServer=200.89.224.254 200.89.224.253
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=200.89.224.254 200.89.224.253
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=200.89.224.254 200.89.224.253
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=200.89.224.254 200.89.224.253
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Ok Judy this is it, I wait for yor instructions, have a good day
Isaac
jholland1964 650 Posting Expert Team Colleague Featured Poster
Give me a bit and I will get back with you on what to do next.
Judy
Sakyro 0 Newbie Poster
Hi Tiger 86
thanks for you assistance
Isaac
jholland1964 650 Posting Expert Team Colleague Featured Poster
Isaac,
You are running two antivirus programs on your computer. This is something that you should never do. I see you have McAfee, which is a pay for program and also AVG8, which may be free. Please go to Add/Remove and Uninstall one of them, which ever one you choose is fine but you must remove one of them.
After you have uninstalled that extra antivirus program then run another scan with HiJackThis and post the log here.
Running the two programs may have been the reason Eset Scanner wouldn't complete. One of the requirements for running that online scan is you must turn off your antivirus program, if you had both or one running at the time of the scan it possibly wouldn't complete.
Judy
tiger86 16 Posting Pro
Hi Judy, I noticed that also. I was going to post but I was looking for any malicious malware you got to it before me!
Sakyro 0 Newbie Poster
Judy this is the log
Logfile of HijackThis v1.99.1
Scan saved at 18:04:28, on 17/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\McAfee.com\Agent\mcagent.exe
C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\IOGEAR\Software Bluetooth\bin\btwdins.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\ARCHIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc.exe
c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy.exe
C:\Archivos de programa\McAfee\VirusScan\McShield.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
C:\Archivos de programa\McAfee\MSK\MskSrver.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\irozenboim\Configuración local\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ipcop.sidunor.com:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Archivos de programa\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\ARCHIV~1\mcafee\msk\mcapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de programa\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CF37A95A-B325-4CBC-9026-C9F8D2638FCB} - C:\WINDOWS\system32\fccbBQHX.dll (file missing)
O2 - BHO: QXK Olive - {E10C632F-4EE5-4A71-9A84-686C3F49472C} - C:\WINDOWS\rodqgpvlstq.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Archivos de programa\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: qalkfxor - {F4FCB8FD-9E2C-43F3-8580-680B2D8EB138} - C:\WINDOWS\qalkfxor.dll (file missing)
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [mcagent_exe] C:\Archivos de programa\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\IOGEAR\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\IOGEAR\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\IOGEAR\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sidunor.com
O17 - HKLM\Software\..\Telephony: DomainName = sidunor.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sidunor.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sidunor.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Archivos de programa\SiteAdvisor\6261\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Archivos de programa\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Archivos de programa\IOGEAR\Software Bluetooth\bin\btwdins.exe
O23 - Service: DirectX Service (DirectWudc) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARCHIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARCHIV~1\ARCHIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Archivos de programa\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Archivos de programa\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Archivos de programa\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Archivos de programa\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Archivos de programa\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB - Unknown owner - C:\Archivos de programa\Archivos comunes\Roxio Shared\SharedCOM8\RoxMediaDB.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Unknown owner - C:\Archivos de programa\Archivos comunes\Roxio Shared\SharedCOM8\RoxWatch.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - Unknown owner - C:\Archivos de programa\Archivos comunes\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exe
Isaac
jholland1964 650 Posting Expert Team Colleague Featured Poster
Isaac, did you try to run the ESET scanner again?
You also need to MOVE HiJackThis from the temp folder where it is located now to it's own folder. It needs to have it's own folder in order to make backups for any fixes done with it. Backups cannot be made in a Temp folder.
Right Click on your desktop or maybe in My Documents and choose New, Folder. Then name the Folder HJT or whatever, just be sure it isn't a Temp folder then drag or move HiJackThis to that Folder.
You need to do this before any suggestions for fixes with HiJackThis are made OR done for that matter.
Judy
Sakyro 0 Newbie Poster
Judy I already uninstall AVG antivirus and I left only McAfee antivirus, I try to run ESET scanner but I have the same experience and it stocks almost in the end.
Also I moved Hijackthis to a new folder in program files and I set another folder inside for the logs.
Waiting for your answear
Isaac
tiger86 16 Posting Pro
Hi Issac,
I read your new log and I saw a few problems. You need to update your Java by going here
I would also suggest defragmenting your computer. I noticed a few missing dlls if none of the above works try to restore your computer to a date before it started having problems.
Thanks,
Ryan
Judy I already uninstall AVG antivirus and I left only McAfee antivirus, I try to run ESET scanner but I have the same experience and it stocks almost in the end.
Also I moved Hijackthis to a new folder in program files and I set another folder inside for the logs.
Waiting for your answearIsaac
jholland1964 650 Posting Expert Team Colleague Featured Poster
Hi Issac,
I read your new log and I saw a few problems. You need to update your Java by going here
I would also suggest defragmenting your computer. I noticed a few missing dlls if none of the above works try to restore your computer to a date before it started having problems.
Thanks,
Ryan
No, No, don't RESTORE the computer you run the risk of UNDOING the work that MBM-M has done! For now leave System Restore alone.
Too many make that mistake of trying to repair by using Restore. Don't!
We are going to fix those missing .dll entries shortly. For now don't worry about it they are NOT a problem anymore.
Isaac, do you know who this is? sidunor.com Is this your internet provider?
tiger86 16 Posting Pro
I am sorry Judy, I forgot about the viruses so DON'T RESTORE! Do what Judy said she has more experience then I do.
No, No, don't RESTORE the computer you run the risk of UNDOING the work that MBM-M has done! For now leave System Restore alone.
Too many make that mistake of trying to repair by using Restore. Don't!
We are going to fix those missing .dll entries shortly. For now don't worry about it they are NOT a problem anymore.Isaac, do you know who this is? sidunor.com Is this your internet provider?
tiger86 16 Posting Pro
Sakyro 0 Newbie Poster
Hi Judy
Talking about restoring or formating is a heavy thing, Only us the last option.
Sidunor.com is my internet provider.
Judy I have a lot of limitations with my computer:
no drive C:
monitor can´t be open from the desk and also can´t visulaize the background
the hidden folders are disabled
the computer runs slowly
and others
I wait for your instructions
Isaac
Sakyro 0 Newbie Poster
Hi Ryan
Yes you right they are producers and traders of stell also
Isaac
jholland1964 650 Posting Expert Team Colleague Featured Poster
Hi Judy
Talking about restoring or formating is a heavy thing, Only us the last option.
Sidunor.com is my internet provider.
Judy I have a lot of limitations with my computer:
no drive C:
monitor can´t be open from the desk and also can´t visulaize the background
the hidden folders are disabled
the computer runs slowly
and others
I wait for your instructionsIsaac
Not sure what you mean by no drive c. It shows on the logs so it is there. Sorry but I am very confused here.
Don't worry about hidden folders.
Sakyro 0 Newbie Poster
Judy
when I initiate my session in the computer in the screen appears a window from internet explorer that says:
it is not possible to be found "file:/// C:WINDOWS/privacy_danger/index.htm".verify that the route or Internet address is correct
Isaac
jholland1964 650 Posting Expert Team Colleague Featured Poster
That doesn't mean that "C" drive isn't there, it means the computer is trying to load this file in red C:WINDOWS/privacy_danger/index.htm
The "C" drive is there but it is "claiming" that that particular file Privacy_Danger isn't there. This is an infection which is in the family of Smitfraud Infectios this is a generic description for a family of rogue applications/trojans (i.e. Win32.Zlob) that uses misleading advertising, downloads rogue security products, changes (hijacks) the Windows Desktop and infects system files. The Trojan uses bogus security warnings and fake alerts to indicate that your computer is infected with spyware or has critical errors.
Your "C" Drive IS there, if it wasn't the computer would not be working.
You have to give us some time here Isaac. This will take several steps, as you have seen some of your infections have been removed but there are still more things to do.
Download and run the following;
1. Download SmitFraudFix by SiRi and save to your Desktop
2. Reboot your computer in SafeMode.
* Restart your computer
* Just before the computer begins to startup and before loading Windows press F8
* A selection menu should appear
* Select the line that says “Safe Mode”
* At logon prompt, log in as the usual user.
* During Windows Start process it will prompt you if you would like to continue running in SafeMode, press Yes
* You should now see your Desktop but in a low resolution mode only.
* Make sure no other application or windows is open.
3. Double-click on the Smitfraudfix.exe file which you downloaded earlier on your desktop. Press any key when the credit screen displays to proceed to removal procedure.
4. A selection menu will be displayed
5. Press 2 on your keyboard, then Enter, to execute the selection - Clean (SafeMode Recommended)
6. It will begin to scan and clean your system thoroughly.
7. After that process, it will then run a Disk Cleanup tool to remove any unwanted files on your computer. It may take some time to complete this process.
8. After Disc Cleanup, it will show another prompt:
Do you want to clean the registry? (y/n). Press the Y button and then press the Enter to begin cleaning your registry.
9. This tool will also check if your wininet.dll is infected and will prompt:
Replace infected file? Press Y and then Enter to replace you wininet.dll with the clean version.
10. A reboot may be needed to complete the process. It will reboot your computer automatically, if not please restart your computer manually.
11. It will generate the report that can be found at the root of the system drive, usually at C:\rapport.txt. Keep this log file and post back here with it.
Sakyro 0 Newbie Poster
That doesn't mean that "C" drive isn't there, it means the computer is trying to load this file in red C:WINDOWS/privacy_danger/index.htm
The "C" drive is there but it is "claiming" that that particular file Privacy_Danger isn't there. This is an infection which is in the family of Smitfraud Infectios this is a generic description for a family of rogue applications/trojans (i.e. Win32.Zlob) that uses misleading advertising, downloads rogue security products, changes (hijacks) the Windows Desktop and infects system files. The Trojan uses bogus security warnings and fake alerts to indicate that your computer is infected with spyware or has critical errors.Your "C" Drive IS there, if it wasn't the computer would not be working.
You have to give us some time here Isaac. This will take several steps, as you have seen some of your infections have been removed but there are still more things to do.
Download and run the following;
1. Download SmitFraudFix by SiRi and save to your Desktop
2. Reboot your computer in SafeMode.
* Restart your computer
* Just before the computer begins to startup and before loading Windows press F8
* A selection menu should appear
* Select the line that says “Safe Mode”
* At logon prompt, log in as the usual user.
* During Windows Start process it will prompt you if you would like to continue running in SafeMode, press Yes
* You should now see your Desktop but in a low resolution mode only.
* Make sure no other application or windows is open.3. Double-click on the Smitfraudfix.exe file which you downloaded earlier on your desktop. Press any key when the credit screen displays to proceed to removal procedure.
4. A selection menu will be displayed
5. Press 2 on your keyboard, then Enter, to execute the selection - Clean (SafeMode Recommended)
6. It will begin to scan and clean your system thoroughly.
7. After that process, it will then run a Disk Cleanup tool to remove any unwanted files on your computer. It may take some time to complete this process.
8. After Disc Cleanup, it will show another prompt:
Do you want to clean the registry? (y/n). Press the Y button and then press the Enter to begin cleaning your registry.9. This tool will also check if your wininet.dll is infected and will prompt:
Replace infected file? Press Y and then Enter to replace you wininet.dll with the clean version.10. A reboot may be needed to complete the process. It will reboot your computer automatically, if not please restart your computer manually.
11. It will generate the report that can be found at the root of the system drive, usually at C:\rapport.txt. Keep this log file and post back here with it.
Judy
When the scan arrives to the Point # 8. and I press the button (Y) and I press the Enter to began to clean my registry, it lasted of 5 seconds and I think it didn´t check and clean my registry, any way I send you the rapport:
SmitFraudFix v2.352
Scan done at 9:50:40,21, Dom 28/09/2008
Run from C:\Documents and Settings\Administrador\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5304535A-ACF2-4D4D-BF88-EC29881FD072}: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D7053BBC-0037-482B-8915-39C833201407}: DhcpNameServer=200.89.224.254 200.89.224.253
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5304535A-ACF2-4D4D-BF88-EC29881FD072}: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D7053BBC-0037-482B-8915-39C833201407}: DhcpNameServer=200.89.224.254 200.89.224.253
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5304535A-ACF2-4D4D-BF88-EC29881FD072}: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D7053BBC-0037-482B-8915-39C833201407}: DhcpNameServer=200.89.224.254 200.89.224.253
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.192.10.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Isaac
jholland1964 650 Posting Expert Team Colleague Featured Poster
Have you rebooted the computer? Do you still get that can't find "file:/// C:WINDOWS/privacy_danger/index.htm". message?
Sakyro 0 Newbie Poster
Judy
yes I reboot the computer , and I run Smitfraudfix.exe second time and I done the same as you advise to me and at the end I rebooted the computer again.
About if I still get "can´t find "file:/// C:WINDOWS/privacy_danger/index.htm". message. Yes
I´am sending you the last rapport:
SmitFraudFix v2.352
Scan done at 14:23:42,38, Dom 28/09/2008
Run from C:\Documents and Settings\Administrador\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5304535A-ACF2-4D4D-BF88-EC29881FD072}: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5304535A-ACF2-4D4D-BF88-EC29881FD072}: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5304535A-ACF2-4D4D-BF88-EC29881FD072}: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D7053BBC-0037-482B-8915-39C833201407}: DhcpNameServer=200.89.224.254 200.89.224.253
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.192.10.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.192.10.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Isaac
jholland1964 650 Posting Expert Team Colleague Featured Poster
I run Smitfraudfix.exe second time
Actually it is the third time because you had run it before you came here. DON'T run it anymore. It is done. Delete the program.
Do this;
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.
*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.
Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.
Now just sit back and allow the program to run
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When all is complete then please post back here with that log.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.