Post by: juanmamz on July 06, 2005, 10:55:53 AM
http://www.thetechguide.com/forum/index.php?showtopic=18647 (http://\"http://www.thetechguide.com/forum/index.php?showtopic=18647\")
Now everything is working fine. The only proble is that the WINDOWS XP VISUALIZATION, OR THEME is not available. I tried to change it from screen properties, but nothing. It´s like it dissapeared. I downloaded new themes, and they only change icons, but the start menu, explorer and windows visualization are still the same.
Here´s my log.
Thanks for your time.
Logfile of HijackThis v1.99.1
Scan saved at 12:45:20 p.m., on 06/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\BAckup\AMZ y JMMZ\Trabajos de juan\Programas\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spool Support Dynamic Link Library - {7358A750-A943-4A86-9C77-6FD6F4E02A17} - C:\WINDOWS\system32\spoollib.dll (file missing)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - C:\Archivos de programa\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - C:\Archivos de programa\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab (http://\"http://messenger.msn.com/download/msnmessengersetupdownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B7DD3D-96A5-455C-A57F-E8834E064F6C}: NameServer = 200.45.191.35 200.45.191.40
O20 - Winlogon Notify: MCPClient - C:\ARCHIV~1\ARCHIV~1\Stardock\mcpstub.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Post by: guestolo on July 08, 2005, 12:07:34 AM
Can you do the following please
Do another scan with Hijackthis and put a check next to these entries:
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: Spool Support Dynamic Link Library - {7358A750-A943-4A86-9C77-6FD6F4E02A17} - C:\WINDOWS\system32\spoollib.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart your computer
Back in Windows delete this folder if found
C:\Archivos de programa\MyWay <-this folder
Go to START>>RUN>>Type in msconfig
Under the General tab select NORMAL STARTUP
Apply it and close out but Don't restart your computer yet
Run another scan with Hijackthis and post a fresh log
Can you also do the following
Download Find.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=283\")
Unzip the contents to desktop
Double click on Find.bat and post back the contents
Also Double click on Find1.bat and post the contents
EDIT>>Could you also Download and UNZIP to desktop
Find_It's.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=273\")
Open the FindIt's folder and double click on the FindIt's.bat
Wait for the log and post it back here
Post by: juanmamz on July 08, 2005, 07:31:26 AM
Here are the log files:
-2nd hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 09:27:31 a.m., on 08/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\BAckup\AMZ y JMMZ\Trabajos de juan\Programas\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WhenUSave] C:\ARCHIV~1\Save\Save.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iRiver Updater] C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - Startup: Clima en Tucson.url
O4 - Startup: Weather Channel.lnk = C:\Archivos de programa\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - C:\Archivos de programa\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - C:\Archivos de programa\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab (http://\"http://messenger.msn.com/download/msnmessengersetupdownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B7DD3D-96A5-455C-A57F-E8834E064F6C}: NameServer = 200.45.191.35 200.45.191.40
O20 - Winlogon Notify: MCPClient - C:\ARCHIV~1\ARCHIV~1\Stardock\mcpstub.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
- Find log:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"ThemeActive"="0"
- Find1 log:
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: F42F-0F93
Directorio de C:\WINDOWS\Resources\Themes
05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
05/07/2005 02:17 a.m. <DIR> Aquatica
10/10/2002 01:14 p.m. 5.847 Aquatica.Theme
11/01/2002 09:15 a.m. 5.990 Bland XP.Theme
05/07/2005 02:19 a.m. <DIR> BlandXP
05/07/2005 02:27 a.m. <DIR> Destiny
23/05/2003 07:33 p.m. 1.117 Destiny.Theme
05/07/2005 02:26 a.m. <DIR> Longhorn
14/05/2002 01:49 p.m. 2.333 Longhorn 4 Readme.txt
05/07/2005 02:26 a.m. 2.595 Longhorn 4 Uninstall.log
13/05/2002 07:00 p.m. 6.240 Longhorn.theme
04/07/2005 12:52 a.m. <DIR> Luna
24/08/2001 01:00 p.m. 1.222 Luna.theme
05/07/2005 02:22 a.m. <DIR> New Silver XP
04/07/2005 11:28 a.m. <DIR> Plus! Aquarium
04/07/2005 11:29 a.m. <DIR> Plus! da Vinci
04/07/2005 11:29 a.m. <DIR> Plus! Nature
04/07/2005 11:29 a.m. <DIR> Plus! Space
24/08/2001 01:00 p.m. 3.025 Windows Classic.theme
05/07/2005 02:20 a.m. <DIR> Windows MAX V4
05/08/2002 04:52 p.m. 4.080 Windows MAX V4.theme
9 archivos 32.449 bytes
Directorio de C:\WINDOWS\Resources\Themes\Aquatica
05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
10/10/2002 01:07 p.m. 1.302.528 Aquatica.msstyles
05/07/2005 02:17 a.m. <DIR> Font
05/07/2005 02:17 a.m. <DIR> Icons
10/10/2002 01:24 p.m. 978 Readme.txt
05/07/2005 02:17 a.m. <DIR> Screenshots
05/07/2005 02:17 a.m. <DIR> Shell
05/07/2005 02:17 a.m. <DIR> User Icon
05/07/2005 02:17 a.m. <DIR> Wallpaper
2 archivos 1.303.506 bytes
Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Font
05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
23/03/1997 09:35 a.m. 46.864 Digital.TTF
1 archivos 46.864 bytes
Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Icons
05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
18/09/2002 10:04 a.m. 109.446 Control Panel.ico
18/09/2002 09:52 a.m. 109.446 Help.ico
18/09/2002 10:29 a.m. 109.446 Internet Explorer.ico
18/09/2002 10:27 a.m. 109.446 My Computer.ico
18/09/2002 10:26 a.m. 109.446 My Documents.ico
18/09/2002 10:45 a.m. 109.446 My Network.ico
18/09/2002 10:44 a.m. 109.446 Printers and Faxes.ico
18/09/2002 10:17 a.m. 109.446 Run.ico
18/09/2002 10:15 a.m. 109.446 Search.ico
18/09/2002 09:56 a.m. 109.446 Trash Empty.ico
18/09/2002 10:19 a.m. 109.446 Trash Full.ico
11 archivos 1.203.906 bytes
Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Screenshots
05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
10/10/2002 06:28 p.m. 185.256 AQ_Large.jpg
10/10/2002 06:28 p.m. 40.941 AQ_Small.jpg
2 archivos 226.197 bytes
Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Shell
05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
05/07/2005 02:17 a.m. <DIR> NormalColor
0 archivos 0 bytes
Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Shell\NormalColor
05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
10/10/2002 12:20 p.m. 756.736 shellstyle.dll
1 archivos 756.736 bytes
Directorio de C:\WINDOWS\Resources\Themes\Aquatica\User Icon
05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
04/04/2002 09:50 a.m. 6.966 Aquatica.bmp
1 archivos 6.966 bytes
Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Wallpaper
05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
09/10/2002 09:34 p.m. 189.272 Aquatica.jpg
1 archivos 189.272 bytes
Directorio de C:\WINDOWS\Resources\Themes\BlandXP
05/07/2005 02:19 a.m. <DIR> .
05/07/2005 02:19 a.m. <DIR> ..
11/01/2002 08:33 a.m. 1.491.088 BlandXP.msstyles
05/07/2005 02:19 a.m. <DIR> Shell
11/01/2002 09:08 a.m. 122.409 XP Desert.JPG
2 archivos 1.613.497 bytes
Directorio de C:\WINDOWS\Resources\Themes\BlandXP\Shell
05/07/2005 02:19 a.m. <DIR> .
05/07/2005 02:19 a.m. <DIR> ..
05/07/2005 02:19 a.m. <DIR> NormalColor
0 archivos 0 bytes
Directorio de C:\WINDOWS\Resources\Themes\BlandXP\Shell\NormalColor
05/07/2005 02:19 a.m. <DIR> .
05/07/2005 02:19 a.m. <DIR> ..
23/08/2001 12:00 p.m. 368.128 shellstyle.dll
1 archivos 368.128 bytes
Directorio de C:\WINDOWS\Resources\Themes\Destiny
05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
23/05/2003 08:24 p.m. 1.781.760 Destiny.msstyles
05/07/2005 02:27 a.m. <DIR> Font
05/07/2005 02:27 a.m. <DIR> Icons
05/07/2005 02:27 a.m. <DIR> Screenshots
05/07/2005 02:27 a.m. <DIR> Shell
05/07/2005 02:27 a.m. <DIR> User Icon
05/07/2005 02:27 a.m. <DIR> Wallpaper
1 archivos 1.781.760 bytes
Directorio de C:\WINDOWS\Resources\Themes\Destiny\Font
05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
23/03/1997 09:35 a.m. 46.864 Digital.TTF
1 archivos 46.864 bytes
Directorio de C:\WINDOWS\Resources\Themes\Destiny\Icons
05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
19/05/2003 12:02 a.m. 162.566 Control Panel.ico
19/05/2003 12:02 a.m. 162.566 Internet Explorer.ico
19/05/2003 12:02 a.m. 162.566 My Computer.ico
19/05/2003 12:02 a.m. 162.566 My Documents.ico
19/05/2003 12:02 a.m. 162.566 My Network.ico
22/05/2003 08:09 p.m. 516 Permission.txt
19/05/2003 12:02 a.m. 162.566 Printers and Faxes.ico
25/07/2002 03:43 p.m. 56.150 Printers.ico
19/05/2003 12:02 a.m. 159.990 Recycle Empty.ico
19/05/2003 12:02 a.m. 159.990 Recycle Full.ico
10 archivos 1.352.042 bytes
Directorio de C:\WINDOWS\Resources\Themes\Destiny\Screenshots
05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
24/05/2003 07:51 a.m. 108.995 DY_Large.jpg
24/05/2003 07:52 a.m. 25.903 DY_Small.jpg
2 archivos 134.898 bytes
Directorio de C:\WINDOWS\Resources\Themes\Destiny\Shell
05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
05/07/2005 02:27 a.m. <DIR> NormalColor
0 archivos 0 bytes
Directorio de C:\WINDOWS\Resources\Themes\Destiny\Shell\NormalColor
05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
23/05/2003 02:17 p.m. 1.696.768 shellstyle.dll
1 archivos 1.696.768 bytes
Directorio de C:\WINDOWS\Resources\Themes\Destiny\User Icon
05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
24/05/2003 07:46 a.m. 6.966 Destiny User Icon.bmp
1 archivos 6.966 bytes
Directorio de C:\WINDOWS\Resources\Themes\Destiny\Wallpaper
05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
23/05/2003 08:26 p.m. 66.506 Destiny.JPG
1 archivos 66.506 bytes
Directorio de C:\WINDOWS\Resources\Themes\Longhorn
05/07/2005 02:26 a.m. <DIR> .
05/07/2005 02:26 a.m. <DIR> ..
05/07/2005 02:26 a.m. <DIR> bootscreen
05/07/2005 02:26 a.m. <DIR> icons
05/07/2005 02:26 a.m. <DIR> logonscreen
13/05/2002 05:16 p.m. 1.417.360 Longhorn.msstyles
05/07/2005 02:26 a.m. <DIR> wallpapers
1 archivos 1.417.360 bytes
Directorio de C:\WINDOWS\Resources\Themes\Longhorn\bootscreen
05/07/2005 02:26 a.m. <DIR> .
05/07/2005 02:26 a.m. <DIR> ..
14/05/2002 12:51 p.m. 153.718 bootscreen.bmp
1 archivos 153.718 bytes
Directorio de C:\WINDOWS\Resources\Themes\Longhorn\icons
05/07/2005 02:26 a.m. <DIR> .
05/07/2005 02:26 a.m. <DIR> ..
03/04/2000 01:13 p.m. 3.638 mycomputer.ico
13/05/2002 07:03 p.m. 2.238 mydocs.ico
13/05/2002 06:57 p.m. 4.286 network.ico
07/01/2002 12:59 a.m. 15.086 recycle_empty.ico
07/01/2002 01:03 a.m. 15.086 recycle_full.ico
5 archivos 40.334 bytes
Directorio de C:\WINDOWS\Resources\Themes\Longhorn\logonscreen
05/07/2005 02:26 a.m. <DIR> .
05/07/2005 02:26 a.m. <DIR> ..
29/10/2001 12:37 a.m. 1.311.744 logonui.exe
1 archivos 1.311.744 bytes
Directorio de C:\WINDOWS\Resources\Themes\Longhorn\wallpapers
05/07/2005 02:26 a.m. <DIR> .
05/07/2005 02:26 a.m. <DIR> ..
13/05/2002 07:40 p.m. 156.917 Longhorn - Road.jpg
1 archivos 156.917 bytes
Directorio de C:\WINDOWS\Resources\Themes\Luna
04/07/2005 12:52 a.m. <DIR> .
04/07/2005 12:52 a.m. <DIR> ..
22/12/2004 01:38 a.m. <DIR> Shell
0 archivos 0 bytes
Directorio de C:\WINDOWS\Resources\Themes\Luna\Shell
22/12/2004 01:38 a.m. <DIR> .
22/12/2004 01:38 a.m. <DIR> ..
22/12/2004 01:39 a.m. <DIR> Homestead
22/12/2004 01:39 a.m. <DIR> Metallic
22/12/2004 01:38 a.m. <DIR> NormalColor
0 archivos 0 bytes
Directorio de C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
22/12/2004 01:39 a.m. <DIR> .
22/12/2004 01:39 a.m. <DIR> ..
24/08/2001 01:00 p.m. 362.496 shellstyle.dll
1 archivos 362.496 bytes
Directorio de C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
22/12/2004 01:39 a.m. <DIR> .
22/12/2004 01:39 a.m. <DIR> ..
24/08/2001 01:00 p.m. 362.496 shellstyle.dll
1 archivos 362.496 bytes
Directorio de C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
22/12/2004 01:38 a.m. <DIR> .
22/12/2004 01:38 a.m. <DIR> ..
24/08/2001 01:00 p.m. 361.472 shellstyle.dll
1 archivos 361.472 bytes
Directorio de C:\WINDOWS\Resources\Themes\New Silver XP
05/07/2005 02:22 a.m. <DIR> .
05/07/2005 02:22 a.m. <DIR> ..
17/08/2002 03:59 p.m. 1.601.680 Luna.msstyles
05/07/2005 02:22 a.m. <DIR> Shell
1 archivos 1.601.680 bytes
Directorio de C:\WINDOWS\Resources\Themes\New Silver XP\Shell
05/07/2005 02:22 a.m. <DIR> .
05/07/2005 02:22 a.m. <DIR> ..
05/07/2005 02:22 a.m. <DIR> NormalColor
0 archivos 0 bytes
Directorio de C:\WINDOWS\Resources\Themes\New Silver XP\Shell\NormalColor
05/07/2005 02:22 a.m. <DIR> .
05/07/2005 02:22 a.m. <DIR> ..
27/08/2001 09:00 p.m. 364.032 shellstyle.dll
1 archivos 364.032 bytes
Directorio de C:\WINDOWS\Resources\Themes\Plus! Aquarium
04/07/2005 11:28 a.m. <DIR> .
04/07/2005 11:28 a.m. <DIR> ..
10/09/2001 02:00 p.m. 23.798 Plus! AqRecEmpty.ico
10/09/2001 02:00 p.m. 25.214 Plus! AqRecFull.ico
2 archivos 49.012 bytes
Directorio de C:\WINDOWS\Resources\Themes\Plus! da Vinci
04/07/2005 11:29 a.m. <DIR> .
04/07/2005 11:29 a.m. <DIR> ..
10/09/2001 02:00 p.m. 25.214 Plus! DVRecEmpty.ico
10/09/2001 02:00 p.m. 25.214 Plus! DVRecFull.ico
2 archivos 50.428 bytes
Directorio de C:\WINDOWS\Resources\Themes\Plus! Nature
04/07/2005 11:29 a.m. <DIR> .
04/07/2005 11:29 a.m. <DIR> ..
10/09/2001 02:00 p.m. 25.214 Plus! NaRecEmpty.ico
10/09/2001 02:00 p.m. 25.214 Plus! NaRecFull.ico
2 archivos 50.428 bytes
Directorio de C:\WINDOWS\Resources\Themes\Plus! Space
04/07/2005 11:29 a.m. <DIR> .
04/07/2005 11:29 a.m. <DIR> ..
10/09/2001 02:00 p.m. 25.214 Plus! SpRecEmpty.ico
10/09/2001 02:00 p.m. 25.214 Plus! SpRecFull.ico
2 archivos 50.428 bytes
Directorio de C:\WINDOWS\Resources\Themes\Windows MAX V4
05/07/2005 02:20 a.m. <DIR> .
05/07/2005 02:20 a.m. <DIR> ..
04/08/2002 05:27 p.m. 346.003 MAX.jpg
05/07/2005 02:20 a.m. <DIR> Shell
16/08/2002 09:05 p.m. 3.149.968 Windows MAX V4.msstyles
2 archivos 3.495.971 bytes
Directorio de C:\WINDOWS\Resources\Themes\Windows MAX V4\Shell
05/07/2005 02:20 a.m. <DIR> .
05/07/2005 02:20 a.m. <DIR> ..
05/07/2005 02:20 a.m. <DIR> NormalColor
0 archivos 0 bytes
Directorio de C:\WINDOWS\Resources\Themes\Windows MAX V4\Shell\NormalColor
05/07/2005 02:20 a.m. <DIR> .
05/07/2005 02:20 a.m. <DIR> ..
15/03/2002 07:58 p.m. 774.656 shellstyle.dll
1 archivos 774.656 bytes
Total de archivos en la lista:
73 archivos 21.436.497 bytes
119 dirs 6.528.815.104 bytes libres
- Findit´s log:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"ThemeActive"="0"
Thanks for the time.
Post by: Pittsburgh on July 08, 2005, 11:21:55 AM
Please, Read this (http://\"http://www.thetechguide.com/forum/index.php?showtopic=14623\")
~guestolo~
Post by: guestolo on July 09, 2005, 02:36:37 AM
Open Hijackthis>>Open Misc tools sections>>Open Uninstall Manager
Click the SAVE LIST button
Save the list to desktop
Copy and paste the list back here
Also, Can you please do the next step
Do a SEARCH on your computer for
the following in bold
Luna.msstyles
Let me know the locations you find it in and size of file
Post by: juanmamz on July 09, 2005, 09:31:17 AM
-Uninstall list:
ACDSee 6.0 PowerPack
ACDSee 6.0 Standard
Actualización de seguridad para Windows XP (KB883939)
Actualización de seguridad para Windows XP (KB890046)
Actualización de seguridad para Windows XP (KB896358)
Actualización de seguridad para Windows XP (KB896422)
Actualización de seguridad para Windows XP (KB896428)
Actualización para Windows XP (KB898461)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Audiator3
AutoCAD 2006 - Español
Autodesk DWF Viewer
AVG Free Edition
Azureus
BSPlayer
CleanUp!
CloneCD
Codec Pack de ELISOFT v14.0
ColorNick v2 plugin for Messenger Plus!
DAEMON Tools
Desktop Weather by The Weather Channel
DesktopX Professional
eDonkey2000
El Mago de Oz
ewido security suite
File Transfer Plus 1.1 RELEASE
Guía YPF 2004
HAM
Hattrick Coach Professional 2.6.20
Hattrick Control 0.93
Hattrick Forever
HijackThis 1.99.1
iRiver Manager
IsoBuster 1.6
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
Jasc Paint Shop Photo Album 5
Longhorn Theme 4
Longman Dictionary of American English
Macromedia Flash 5
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1 Spanish Language Pack
Microsoft Office Professional Edition 2003
Microsoft Plus! para Windows XP
Mozilla Firefox (1.0.4)
MPAM1 - Contar y Agrupar
MSN Messenger 7.0
Musicmatch® Jukebox
My Search Bar
Nero Suite
NVIDIA Drivers
PC Inspector smart recovery
Pinnacle Instant PhotoAlbum
Pipo
QuickTime
Realtek AC'97 Audio
Recover My Files
Revisión de Windows XP - KB834707
Revisión de Windows XP - KB867282
Revisión de Windows XP - KB873333
Revisión de Windows XP - KB873339
Revisión de Windows XP - KB885250
Revisión de Windows XP - KB885835
Revisión de Windows XP - KB885836
Revisión de Windows XP - KB886185
Revisión de Windows XP - KB887472
Revisión de Windows XP - KB887742
Revisión de Windows XP - KB888113
Revisión de Windows XP - KB888302
Revisión de Windows XP - KB890047
Revisión de Windows XP - KB890175
Revisión de Windows XP - KB890859
Revisión de Windows XP - KB890923
Revisión de Windows XP - KB891781
Revisión de Windows XP - KB893066
Revisión de Windows XP - KB893086
StuffPlug-NG (Messenger Plus! Plugins)
Subtitle Workshop 2.51
Test Drive 5
TypingMaster Pro
Uninstall 180search Assistant
Unlocker 1.6.5
Vamos a Leer con Pipo 2
veotv
Weather Services
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinISO 5.3
WinRAR archiver
WinZip
XoftSpy 3.44
- Location of Luna.msstyles:
c:\WINDOWS\Resources\Themes\New Silver XP
Size: 1565 Kb
Post by: guestolo on July 10, 2005, 10:03:40 AM
Can you do the following please
Download and UNZIP to desktop Fix.zip
So you now have Fix.reg extracted
[attachment=288:attachment]
Double click on Fix.reg and allow to add or merge to the registry
Access your Add/Remove programs via Control Panel
Remove
MySearchBar
Uninstall 180search Assistant Please allow Internet Connection
Follow the prompts closely to ensure your uninstalling
Restart your computer
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
I need to to manually navigate to this folder
C:\WINDOWS\$NtServicePackUninstall$
Look closely, there are many that look similiar
Open the $NtServicePackUninstall$ folder
In it look for this file name
luna.msstyles
You should see it with SP2 installed
Right click on luna.msstyles and choose COPY from the menu
Next: Navigate to the next folder
C:\WINDOWS\Resources\Themes\Luna
Open and it paste luna.msstyles into the Luna folder
Go back to your Display properties in your Control Panel and try changing settings under the Appearance and Themes tabs
You have Xoftspy installed, it's not on the bad list but is not recommended
If you didn't pay for it I would suggest that you uninstall it
You have eDonkey2000 installed
It comes bundled with Spyware
The newest version (1.2 or later) is Spyware free
If your running an older version I would uninstall your version and install the latest
or don't reinstall it at all
or use an alternative
Suggested p2p file sharing programs that are supposedly clean
* WinMX (recommended)
* Shareaza
* E-Mule
* Gnucleus
* Blubster 1.2.3 (Later versions include adware)
* Soulseek
* BitTorrent (See warning below about open source clients)
* Direct Connect
* Mute
* Limewire (Current versions of Limewire are clean. Older versions bundled spyware)
* ABC Bittorrent Client
* DC++
* KCEasy
* Azureus
* BitComet
* BitTornado
* E-Donkey AKA Overnet (Versions prior to 1.2 available on June 1, '05 bundle adware. 1.2 is clean)
* Torrent Search
* TorrentStorm
* Zultrax (No spyware. No uninstaller either)
* Qnext
* BitSpirit
* Waste
* EarthStation5
* Burst! BitTorrent Client
* AudioGnome
* CQ_EX
* Filetopia
* mldonkey
* MediaSeek Lite (Another program, MediaSeek, by the same company does bundle adware)
* Ares Lite (Ares Lite is clean. Ares from the same company is not)
* BadBlue (No spyware, but requires a registration including name and email address. Not recommended)
* giFT
* Phex
* TrustyFiles (Does install a "casino" bookmark on the desktop.)
You should also do the following
Download and Install Spybot 1.4 from
HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")
Don't activate the Tea Timer when installing, it's a great feature but can get in the way
of any fixes we may still have to do
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and download all updates
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish the cleaning process
Can you repost one last hijackthis log later
Post by: juanmamz on July 10, 2005, 01:10:58 PM
First of all, when i go to ADD AND REMOVE PROGRAMES, i click on "My Search Bar", but there is a mistake with "mybar.dll" and it doesn't dissapear. I went directly to the folder in PROGRAMES FILES, but the folder is not there.
Another problem is that i do not have a folder called C:\WINDOWS\$NtServicePackUninstall$
The file you mentioned is here: C:\WINDOWS\Resources\Themes\New Silver XP
I did not want to continue with the instructions without doing the previous steps before.
Bye, and thanks again.
Post by: guestolo on July 10, 2005, 05:01:31 PM
Let me know if MySearch bar is still in Add/Remove programs after you have finished everything that you can do
Post by: juanmamz on July 10, 2005, 05:25:31 PM
Here is the hijack log. Tell me if everything is OK.
Thanks again.
Logfile of HijackThis v1.99.1
Scan saved at 07:20:30 p.m., on 10/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\BAckup\AMZ y JMMZ\Trabajos de juan\Programas\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - C:\Archivos de programa\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - C:\Archivos de programa\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab (http://\"http://messenger.msn.com/download/msnmessengersetupdownloader.cab\")
O20 - Winlogon Notify: MCPClient - C:\ARCHIV~1\ARCHIV~1\Stardock\mcpstub.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Post by: juanmamz on July 10, 2005, 11:55:11 PM
I can't attach the file you need, so give me an e-mail where i can send you the file (600 Kb, with winrar).
Thanks a lot for the time.
Post by: guestolo on July 11, 2005, 06:51:51 PM
If not, can you do the following please
Do another scan with Hijackthis and put a check next to these entries:
O20 - Winlogon Notify: MCPClient - C:\ARCHIV~1\ARCHIV~1\Stardock\mcpstub.dll (file missing)
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart your computer
You can delete this folder if found
C:\Archivos de programa\Save <-this folder
If everything is running well
Could you do the following please
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Once back in Windows and System Restore is reenabled
You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2 as well
Avant uses the IE engine, so it should help with it's protection as well
Along with SpywareBlaster
I pm'ed you my email address, I would like very much to have that file
Thank you
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on July 11, 2005, 06:55:52 PM
I don't think we'll see any problems
But could you do what I asked previously after you have done the above
Here's the instructions again
Could you also Download and UNZIP to desktop
Find_It's.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=273\")
Open the FindIt's folder and double click on the FindIt's.bat
Wait for the log and post it back here
Post by: juanmamz on July 13, 2005, 06:25:00 AM
I sent you the file you asked.
See you in a few days.
Post by: chimie on July 13, 2005, 10:23:35 AM
You can find free removal software for nail.exe at this location.
simple to use.
Code: [Select]
LINK REMOVED
Find.zip has nothing to do with the FIX, it's for discovery
~guestolo~Find.zip does not work very well. Nail.exe comes back.
Chimie
/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />
Post by: guestolo on July 13, 2005, 07:31:57 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Let me know what link wouldn't work for you
Post by: Guest on July 18, 2005, 08:55:57 AM
Bye. Thanks.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"ThemeActive"="1"
"LoadedBefore"="1"
"LastUserLangID"="3082"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
00,00,00
"ColorName"="NormalColor"
"SizeName"="NormalSize"
Post by: Guest on July 18, 2005, 09:06:32 AM
Do i have to keep the programe running? Can i close it? Will it protect my computer if it is not running?
Thanks. Bye.
Post by: juanmamz on July 18, 2005, 02:35:19 PM
Post by: guestolo on July 18, 2005, 09:45:44 PM
Quote
Do you think i have to check every box of SpywareBlaster 3.4?
No, you don't actually have to check every box in SpywareBlaster
Those are optional
SpywareBlaster does not and won't run in the backgroung
It set registry entries and blocks bad activex controls
As I mentioned
Check for updates and afterwards click the "Enable all protection"
Do this after every update
I didn't ask you to enable all of it's protections
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Can you delete all zip files I asked you too download
and reg files
You didn't supply the log I wanted
Please do the following
Could you also Download and UNZIP to desktop
Find__It's.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=273\")
Download this, you don't have it yet
Open the FindIt's folder and double click on the FindIt's.bat
Wait for the log and post it back here
Post by: juanmamz on July 19, 2005, 08:38:35 AM
Bye
Microsoft Windows XP [Versi¢n 5.1.2600]
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first
»»»»» lagitamate file's can/will show in this section.
»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»» Checking Windir\svcproc.exe and nail.exe.
»»»»» Checking for System32\DrPMon.dll.
»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: F42F-0F93
Directorio de C:\WINDOWS\SYSTEM32
»»»»» Checking for SAHAgent ico files.
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: F42F-0F93
Directorio de C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»».
Post by: guestolo on July 22, 2005, 11:25:47 PM
It looks good
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Let me know how everythings running
I'll lock this topic in a couple days
Post by: juanmamz on July 23, 2005, 06:54:23 AM
I had some problems with Internet Explorer. I went to a page to download subtitles and when i tried to download the file, i had to end the aplication because it was stuck.
Another thing: how do i configurate Explorer in order that it shows me the dialog box every time i download something? Lately, when i clicked on the link, the file just opened itself, without asking me for the ubication.
If you don't understand something let me know.
Thanks again.
Post by: guestolo on July 23, 2005, 11:44:39 AM
Is when your downloading zip files
Can you try the following please
Open MyComputer
Click on TOOLS>>FOLDER OPTIONS>>FILE TYPES
Scroll down to ZIP extension
Highlight it and click on ADVANCED
Put a tick in "Confirm Open after Download"
OK out of there
See if that helps
Post by: juanmamz on July 23, 2005, 10:42:51 PM
Thanks again.
Post by: guestolo on July 24, 2005, 12:27:38 PM
But if you have no more problems I'll lock this topic in a day or so
Take care Juan
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: juanmamz on July 25, 2005, 01:45:14 PM
I thought you would ask for a hijackthis log file, so here it is.
Sorry again.
Logfile of HijackThis v1.99.1
Scan saved at 03:44:23 p.m., on 25/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
F:\Trabajos de juan\Programas\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - C:\Archivos de programa\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - C:\Archivos de programa\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab (http://\"http://messenger.msn.com/download/msnmessengersetupdownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B7DD3D-96A5-455C-A57F-E8834E064F6C}: NameServer = 200.45.191.35 200.45.191.40
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Post by: guestolo on July 25, 2005, 02:15:27 PM
Why don't you uninstall it and any others you downloaded
Start fresh, see if the problems disappear
Post by: juanmamz on July 26, 2005, 12:40:50 PM
I'm not going to install anything again.
By the way, before i installed this theme, i started to have a problem. On the right side of the screen (only) the mouse arrow (i don't know the exact word in english) can dissapear and go as far as i want to the right side. Though the clock is in te same place. Its not a big problem, but it bothers because when i want to go down in a internet page, i miss the button.
Thanks, bye.
Post by: juanmamz on August 02, 2005, 12:43:49 PM
Logfile of HijackThis v1.99.1
Scan saved at 14:42:35, on 02/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
F:\Trabajos de juan\Programas\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MimBoot] C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - C:\Archivos de programa\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - C:\Archivos de programa\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab (http://\"http://messenger.msn.com/download/msnmessengersetupdownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B7DD3D-96A5-455C-A57F-E8834E064F6C}: NameServer = 200.45.191.35 200.45.191.40
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Mediabee (Mediabee Desktop Server) - Unknown owner - C:\Program Files\Mediabee\src\py\srvInst\MbXmlRpcServer.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Post by: juanmamz on August 02, 2005, 05:01:13 PM
The problem with the right limit of the screen still hapens. It's like there's no limit on the right side of the screen.
If you could give me a solution, i would be grateful.
Thanks again for conserning about my problems.
Post by: guestolo on August 02, 2005, 11:11:43 PM
Mediabee
It may also be due to a corrupt video driver.....
Just for a double check, can you run an Online virus scan at Panda's
Save the report when it's done and post it back here
Could you also let me see a startup list from Hijackthis
Open Hijackthis>>Open Misc tools section
Next to the Generate Startup list
Select
List all Minor sections (full)
and
List Empty Sections (complete)
Then click the "Generate Startuplist Log" button
Copy and paste the text file that opens back here
Post by: juanmamz on August 04, 2005, 09:43:41 AM
[/color]
Logfile of HijackThis v1.99.1
Scan saved at 11:39:50, on 04/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
F:\Trabajos de juan\Programas\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MimBoot] C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Archivos de programa\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - C:\Archivos de programa\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - C:\Archivos de programa\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab (http://\"http://messenger.msn.com/download/msnmessengersetupdownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B7DD3D-96A5-455C-A57F-E8834E064F6C}: NameServer = 200.45.191.35 200.45.191.40
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: Mediabee (Mediabee Desktop Server) - Unknown owner - C:\Program Files\Mediabee\src\py\srvInst\MbXmlRpcServer.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
[color=\"blue\"]- Generate startup list log file:[/color]
StartupList report, 04/08/2005, 11:41:59
StartupList version: 1.52.2
Started from : F:\Trabajos de juan\Programas\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
F:\Trabajos de juan\Programas\HJT\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\OPERADOR\Menú Inicio\Programas\Inicio]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMan = SOUNDMAN.EXE
SunJavaUpdateSched = C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
PSDrvCheck = "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
AVG7_CC = C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC = C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
nwiz = nwiz.exe /install
NvMediaCenter = RunDLL32.exe NvMCTray.dll,NvTaskbarInit
MimBoot = C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
MessengerPlus3 = "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
VoipBuster = "C:\Archivos de programa\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Regedit.exe has no CompanyName property! It is either missing or named something else.
- Regedit.exe has no OriginalFilename property! It is either missing or named something else.
- Regedit.exe has no FileDescription property! It is either missing or named something else.
Registry check failed!
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll - {C08DF07A-3E49-4E25-9AB0-D3882835F153}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\")
[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab\")
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5free/asinst.cab\")
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/msnmesse...pdownloader.cab (http://\"http://messenger.msn.com/download/msnmessengersetupdownloader.cab\")
[Java Plug-in 1.5.0_01]
InProcServer32 = C:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab\")
[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab\")
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (http://\"http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\")
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Controlador Microsoft ACPI: system32\DRIVERS\ACPI.sys (system)
Eliminador de eco acústico de núcleo de Microsoft: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Servicio de alerta: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Servicio de puerta de enlace de capa de aplicación: %SystemRoot%\System32\alg.exe (manual start)
Controlador de procesador AMD K7: system32\DRIVERS\amdk7.sys (system)
Administración de aplicaciones: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASAPIW2K: system32\drivers\ASAPIW2k.sys (manual start)
Servicio de estado de ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
Controlador de medios asíncronos de RAS: system32\DRIVERS\asyncmac.sys (manual start)
Controladora estándar IDE/ESDI de disco duro: system32\DRIVERS\atapi.sys (system)
Protocolo cliente ATM ARP: system32\DRIVERS\atmarpc.sys (manual start)
Audio de Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controlador auxiliar de audio: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)
Servicio de transferencia inteligente en segundo plano: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Examinador de equipos: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Controlador de CD-ROM: system32\DRIVERS\cdrom.sys (system)
Servicio de Index Server: %SystemRoot%\system32\cisvc.exe (manual start)
Portafolios: %SystemRoot%\system32\clipsrv.exe (disabled)
Aplicación del sistema COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Servicios de cifrado: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Iniciador de procesos de servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Cliente DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Controlador de disco: system32\DRIVERS\disk.sys (system)
Servicio del administrador de discos lógicos: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Controlador del administrador de discos lógicos: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Administrador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sintetizador DLS Kernel de Microsoft: system32\drivers\DMusic.sys (manual start)
Cliente DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Descodificador de audio DRM del núcleo de Microsoft: system32\drivers\drmkaud.sys (manual start)
ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
Servicio de informe de errores: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Registro de sucesos: %SystemRoot%\system32\services.exe (autostart)
Sistema de sucesos COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Compatibilidad de cambio rápido de usuario: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Controlador de la unidad de disquete: system32\DRIVERS\fdc.sys (manual start)
Controlador de disquete: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Controlador del administrador de volumen: system32\DRIVERS\ftdisk.sys (system)
GMSIPCI: \??\D:\INSTALL\GMSIPCI.SYS (manual start)
Clasificador de paquetes genéricos: system32\DRIVERS\msgpc.sys (manual start)
Ayuda y soporte técnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Acceso a dispositivo de interfaz humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Teclado i8042 y controlador de puerto de mouse PS/2: system32\DRIVERS\i8042prt.sys (system)
iRiver Internet Audio Player IFP-800: system32\drivers\ifp800.sys (system)
Controlador de filtro de grabación de CD: system32\DRIVERS\imapi.sys (system)
Servicio COM de grabación de CD de IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)
InCDPass: System32\DRIVERS\InCDPass.sys (system)
InCD Helper: C:\Archivos de programa\Ahead\InCD\InCDsrv.exe (autostart)
Controlador de Firewall de Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start)
Controlador de filtro de tráfico IP: system32\DRIVERS\ipfltdrv.sys (manual start)
Controlador de túnel IP en IP: system32\DRIVERS\ipinip.sys (manual start)
Traductor de direcciones de red IP: system32\DRIVERS\ipnat.sys (manual start)
Controlador IPSEC: system32\DRIVERS\ipsec.sys (system)
Servicio enumerador IR: system32\DRIVERS\irenum.sys (manual start)
Controlador de bus PnP ISA/EISA: system32\DRIVERS\isapnp.sys (system)
Controlador de clase de teclado: system32\DRIVERS\kbdclass.sys (system)
Mezclador de audio de onda Microsoft Kernel: system32\drivers\kmixer.sys (manual start)
Servidor: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Estación de trabajo: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Ayuda de NetBIOS sobre TCP/IP: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Pinnacle Marvin Bus: system32\DRIVERS\MarvinBus.sys (manual start)
Machine Debug Manager: "C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Mediabee: C:\Program Files\Mediabee\src\py\srvInst\MbXmlRpcServer.exe Listener Listener "C:\Program Files\Mediabee\src\py\srvInst\log.txt" (autostart)
Mensajero: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Escritorio remoto compartido de NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Controlador de clase de mouse: system32\DRIVERS\mouclass.sys (system)
Redirector de cliente WebDav: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Coordinador de transacciones distribuidas de Microsoft: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Proxy de servicio de transferencia de Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy del reloj de transferencia de Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy del administrador de calidad de transferencia de Microsoft: system32\drivers\MSPQM.sys (manual start)
Controlador BIOS de Microsoft System Management: system32\DRIVERS\mssmbios.sys (manual start)
Controlador TAPI NDIS de acceso remoto: system32\DRIVERS\ndistapi.sys (manual start)
Protocolo E/S en modo de usuario NDIS: system32\DRIVERS\ndisuio.sys (manual start)
Controlador WAN NDIS de acceso remoto: system32\DRIVERS\ndiswan.sys (manual start)
Interfaz de NetBIOS: system32\DRIVERS\netbios.sys (system)
NetBios a través de Tcpip: system32\DRIVERS\netbt.sys (system)
DDE de red: %SystemRoot%\system32\netdde.exe (disabled)
DSDM de DDE de red: %SystemRoot%\system32\netdde.exe (disabled)
Inicio de sesión en red: %SystemRoot%\system32\lsass.exe (manual start)
Conexiones de red: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NetGroup Packet Filter Driver: system32\drivers\npf.sys (manual start)
NTACCESS: \??\D:\NTACCESS.sys (manual start)
Proveedor de compatibilidad con seguridad LM de Windows NT: %SystemRoot%\system32\lsass.exe (manual start)
Medios de almacenamiento extraíbles: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
nvatabus: system32\DRIVERS\nvatabus.sys (system)
NVIDIA nForce Networking Controller Driver: system32\DRIVERS\NVENETFD.sys (manual start)
NVIDIA Network Bus Enumerator: system32\DRIVERS\nvnetbus.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
NVIDIA nForce AGP Bus Filter: system32\DRIVERS\nv_agp.sys (system)
Controlador de filtro de tráfico IPX: system32\DRIVERS\nwlnkflt.sys (manual start)
Controlador retransmisor de tráfico IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Controlador de puerto paralelo: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
PCLEPCI: \??\C:\WINDOWS\system32\drivers\pclepci.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Servicios IPSEC: %SystemRoot%\system32\lsass.exe (autostart)
Minipuerto WAN (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Almacenamiento protegido: %SystemRoot%\system32\lsass.exe (autostart)
Programador de paquetes QoS: system32\DRIVERS\psched.sys (manual start)
Controlador de vínculo paralelo directo: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Controlador de conexión automática de acceso remoto: system32\DRIVERS\rasacd.sys (system)
Administrador de conexión automática de acceso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Minipuerto WAN (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Administrador de conexión de acceso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Controlador de acceso remoto PPPOE: system32\DRIVERS\raspppoe.sys (manual start)
Paralelo directo: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Controlador de redireccionamiento de dispositivos de Terminal Server: system32\DRIVERS\rdpdr.sys (manual start)
Administrador de sesión de Ayuda de escritorio remoto: C:\WINDOWS\system32\sessmgr.exe (manual start)
Controlador de filtro de reproducción de CD de sonido digital: system32\DRIVERS\redbook.sys (system)
Enrutamiento y acceso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Packet Capture Protocol v.0 (experimental): "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" (manual start)
Localizador de llamadas a procedimiento remoto (RPC): %SystemRoot%\system32\locator.exe (manual start)
Llamada a procedimiento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Administrador de cuentas de seguridad: %SystemRoot%\system32\lsass.exe (autostart)
Tarjeta inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)
Programador de tareas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Inicio de sesión secundario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notificación de sucesos del sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Controlador de filtro Serenum: system32\DRIVERS\serenum.sys (manual start)
Controlador de puerto serie: system32\DRIVERS\serial.sys (system)
Firewall de Windows/Conexión compartida a Internet (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Detección de hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Divisor de audio del núcleo de Microsoft: system32\drivers\splitter.sys (manual start)
Cola de impresión: %SystemRoot%\system32\spoolsv.exe (autostart)
Controlador de filtro de Restaurar sistema: system32\DRIVERS\sr.sys (system)
Servicio de restauración de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
Servicio de descubrimientos SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
st3wolf: system32\DRIVERS\st3wolf.sys (manual start)
Adquisición de imágenes de Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
stwlfbus: system32\DRIVERS\stwlfbus.sys (system)
Controlador del bus de software: system32\DRIVERS\swenum.sys (manual start)
Sintetizador de tabla de onda Microsoft Kernel GS: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{408C32E4-374E-47F6-B289-D6F8D92A82FD} (manual start)
Dispositivo de sonido del sistema Kernel de Microsoft: system32\drivers\sysaudio.sys (manual start)
Registros y alertas de rendimiento: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonía: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Controlador de protocolo TCP/IP: system32\DRIVERS\tcpip.sys (system)
Controlador de dispositivo de terminal: system32\DRIVERS\termdd.sys (system)
Servicios de Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Cliente de seguimiento de vinculos distribuidos: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
UnlockerDriver4 Driver: \??\C:\Archivos de programa\Unlocker\UnlockerDriver4.sys (manual start)
Dispositivo de actualización Microcode: system32\DRIVERS\update.sys (manual start)
Host de dispositivo Plug and Play universal: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Sistema de alimentación ininterrumpida: %SystemRoot%\System32\ups.exe (manual start)
Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft: system32\DRIVERS\usbehci.sys (manual start)
Concentrador habilitado USB2: system32\DRIVERS\usbhub.sys (manual start)
Controlador minipuerto de la controladora de host abierto USB de Microsoft: system32\DRIVERS\usbohci.sys (manual start)
Controlador de escáner USB: system32\DRIVERS\usbscan.sys (manual start)
Dispositivo de almacenamiento masivo de datos USB: system32\DRIVERS\USBSTOR.SYS (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Instantáneas de volumen: %SystemRoot%\System32\vssvc.exe (manual start)
Horario de Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controlador ARP IP de acceso remoto: system32\DRIVERS\wanarp.sys (manual start)
Controlador de compatibilidad de audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)
Cliente Web: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
SyGate for NT, WG1N: \SystemRoot\SYSTEM32\Drivers\WG1N.sys (autostart)
SyGate for NT, WG2N: \SystemRoot\SYSTEM32\Drivers\WG2N.sys (autostart)
SyGate for NT, wg4n: \SystemRoot\SYSTEM32\Drivers\wg4n.sys (autostart)
SyGate for NT, wg5n: \SystemRoot\SYSTEM32\Drivers\wg5n.sys (autostart)
SyGate for NT, wg6n: \SystemRoot\SYSTEM32\Drivers\wg6n.sys (autostart)
Instrumental de administración de Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Servicio del número de serie de medio portátil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Extensiones de controlador de Instrumental de administración de Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Adaptador de rendimiento de WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Entorno de compatibilidad con proveedores de servicios no IFS de Windows Socket 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Centro de seguridad: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SyGate for NT, Wsdrv: \SystemRoot\SYSTEM32\Drivers\Wsdrv.sys (system)
Actualizaciones automáticas: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Configuración inalámbrica rápida: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Servicio de aprovisionamiento de red: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NTPort Library Driver: \??\C:\WINDOWS\system32\zntport.sys (autostart)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\OPERADOR\CONFIG~1\Temp\_iu14D2N.tmp||C:\DOCUME~1\OPERADOR\CONFIG~1\Temp\GLB1A2B.EXE|||\
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
0aMCPClient: C:\Archivos de programa\Common Files\Stardock\MCPCore.dll
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 35.607 bytes
Report generated in 0,078 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Thanks, bye.
Post by: guestolo on August 04, 2005, 10:24:05 PM
How did the scan go at Panda's
I would of liked to see the results, that may of helped a lot
I still don't know what Mediabee is, did you just install this?
You also look like you just installed VoipBuster
Hmm, seems every log you supply you have a new program running
Some Beta It looks like also
I see you may of controlled startup entries with Msconfig
Not that this is bad, but I may not be seeing everything
You should go into msconfig and enable everything on startup and supply me with a new log
Try and let me know if any of these problems you are having now could be related to any new programs you installed
This is a great possibility
And remember, if it is associated with a beta program I won't me much help
Your the one testing it
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> I really wanted to see the scan from Pandas
As it stands now,may still be related to a corrupt video driver
I'm not sure?
Can you do the following please
Reboot into Safe mode
Run Windows CleanUp! again, let it clean all your temp folders
Before restarting
Go to Start>>run>>type in msconfig
Hit OK
Under the general tab do a Normal startup
Restart to Normal mode
Post one last hijackthis log
Post by: juanmamz on August 05, 2005, 09:08:39 AM
I also deleted "mediabee", because nobody installed it.
The problems are still there. The other problem, i forgot to tell you: when i open a folder i always see big icons. i right click on the folder in order to see all the files as a list, but when i close and open it again, the files are showed big again(the big visualization of the icon).
- Now, here is the Hijackthis log file:
Logfile of HijackThis v1.99.1
Scan saved at 11:02:07, on 05/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\D-Tools\daemon.exe
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Trabajos de juan\Programas\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MimBoot] C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WhenUSave] C:\ARCHIV~1\Save\Save.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] "C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iRiver Updater] C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Archivos de programa\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Clima en Tucson.url
O4 - Startup: Weather Channel.lnk = C:\Archivos de programa\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - C:\Archivos de programa\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - C:\Archivos de programa\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab (http://\"http://messenger.msn.com/download/msnmessengersetupdownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B7DD3D-96A5-455C-A57F-E8834E064F6C}: NameServer = 200.45.191.35 200.45.191.40
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: Mediabee (Mediabee Desktop Server) - Unknown owner - C:\Program Files\Mediabee\src\py\srvInst\MbXmlRpcServer.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Thanks again. Bye.
Post by: guestolo on August 07, 2005, 11:36:37 AM
Quote
I also deleted "mediabee", because nobody installed itDid you delete it or uninstall it?
You should properly uninstall it
Since you removed MediaBee
That entry must be a leftover
Can you do the following
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Mediabee
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Next: Open Hijackthis>>Open Misc tools section>>Open "Delete an NT service"
In the new box
Copy and paste the bold into the open field and then hit OK
Mediabee Desktop Server
Don't reboot the computer yet
Instead
Do another scan with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [WhenUSave] C:\ARCHIV~1\Save\Save.exe
O23 - Service: Mediabee (Mediabee Desktop Server) - Unknown owner - C:\Program Files\Mediabee\src\py\srvInst\MbXmlRpcServer.exe (file missing)
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart your computer
Find and delete this folder
C:\ARCHIV~1\Save <-folder
Right click and empty spot on your desktop and then left click properties
Under the Settings tab
What resolution are you in?
Did you reinstall your Video drivers?
They may be corrupt
By the way, If Panda's finds anything, it will definitely give you the option to Save a report
When the scan is done you will see a "See report" button
Click that and then click "Save Report"
Save it too desktop and then you can copy and paste it back here
Is it finding anything?
Post by: juanmamz on August 07, 2005, 09:28:52 PM
O4 - HKLM\..\Run: [WhenUSave] C:\ARCHIV~1\Save\Save.exe
O23 - Service: Mediabee (Mediabee Desktop Server) - Unknown owner - C:\Program Files\Mediabee\src\py\srvInst\MbXmlRpcServer.exe (file missing)
The folder C:\ARCHIV~1\Save <-folder doesn't exist and panda didn't give me the option to save a log file, even it detected about 4 spyware.
The resolution is 1024x768. I didn't install any video driver.
Don't know what's happening.
Thanks for the time.
Post by: guestolo on August 07, 2005, 10:35:35 PM
You could try and re(install) the latest video drivers
The option for the log from Panda's should be there
In the same window as the results that are found
Was Panda's able to fix the spyware entries?
Could you try a scan from an alternate location
either Trend's or BitDefender or Kapersky's
Copy and paste the log afterwards
The links are in my signature below
Could I also see an updated hijackthis log
Also, do you still have or had Sygates Firewall installed?
And could you do the following too
Download Silent Runners.vbs
http://www.cs.nyu.edu/~vs667/articles/hoto...lentRunners.zip (http://\"http://www.cs.nyu.edu/~vs667/articles/hotoffers_removal/files/SilentRunners.zip\")
UNZIP the contents too desktop
Double click to Run Silent Runners
WAIT for the scan to finish, It will notify you when it's complete
Post back the log that's produced