Results 1 to 9 of 9
  1. #1
    Member ananana's Avatar
    Join Date
    Jun 2004
    Location
    Portugal (Porto)
    Posts
    1
    Points
    0

    Default Reports from ad-aware, spybot, digital patrol, cwshredder an

    Hi

    When I try to send this message I always receive a error message telling me that the 30 seconds as been exeeded.

    That is why i attach a note pad doc with the report os some software like ad-aware, spybot, digital patrol, cwshredder and hijackthis.

    Help me please....

    (and sorry about my bad english)

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Your english is fine

    Please read and follow the directions given here:

    http://www.help2go.com/postt8026.html

    Cheers

  3. #3
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    PM from ana, who was having trouble posting to her thread..


    Posted: Sat Jul 03, 2004 9:31 am
    Subject: I've done all you advised. Help me
    Sorry to send this to you, but everytime I click at submit this message appear: Fatal error: Maximum execution time of 30 seconds exceeded in /www/help2go.com/includes/functions_search.php on line 99

    I tryed to send it several dif times... that is why i'm trying to send it privatly.

    Here is the message:

    HI again

    My CPU always occupied in 90%... i don't know with what?!!!


    My internet browser (internet explorer) takes a lot to open something.... sometimes it freezes. What i know is that it doesn't work as before.

    When I click Ctrl*Alt+Del i cant see a lot of SVCHOST.exe... is this normal?

    ISPfix runned and remove and renumbered zero files.

    I'm a Panda Antivirus client and the software is always uptodate and always enable. Even so... i've runed the Panda Active Scan thar returned the following message: No Viruses Have been found.

    I've run the Housecall that have cleaned the malware.worm.RBOT.AW and zero files Infected found.

    Critical Updated for ADOBB.stream (KB870669) was successfuly instaled... the only one that was missing.

    Now, here are the reports of the software you advised to run.

    Done!
    Your system was completely clean.

    Windows XP (5.01.2600 SP1)
    CWShredder v1.59.0
    Written by Merijn - merijn@spywareinfo.com
    _________________________________________________________________________________________________________

    SPYBOT

    --- Report generated: 2004-07-03 13:05 ---

    DoubleClick: Tracking cookie (Internet Explorer: Ana) (Cookie, fixed)


    Avenue A, Inc.: Tracking cookie (Internet Explorer: Ana) (Cookie, fixed)


    BFast: Tracking cookie (Internet Explorer: Ana) (Cookie, fixed)


    CoreMetrics: Tracking cookie (Internet Explorer: Ana) (Cookie, fixed)


    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DyFuCA: Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-809299238-3095290957-2122901767-1005\Software\Microsoft\Internet Explorer\Main\BandRest

    MediaPlex: Tracking cookie (Internet Explorer: Ana) (Cookie, fixed)



    --- Spybot - Search && Destroy version: 1.3 ---
    2004-05-12 Includes\LSP.sbi
    2004-06-16 Includes\Cookies.sbi
    2004-06-16 Includes\Dialer.sbi
    2004-06-17 Includes\Hijackers.sbi
    2004-06-16 Includes\Keyloggers.sbi
    2004-06-16 Includes\Malware.sbi
    2004-06-16 Includes\Revision.sbi
    2004-06-16 Includes\Security.sbi
    2004-06-16 Includes\Spybots.sbi
    2004-06-16 Includes\Trojans.sbi
    2004-06-16 Includes\Tracks.uti


    _________________________________________________________________________________________________________


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :sábado, 3 de Julho de 2004 13:13:24
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R326 01.07.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    03-07-2004 13:13:24 - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 03-07-2004 10:29:53
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 10:30:02
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 10:30:02
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Aplica
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Sistema operativo Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 10:30:02
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:48

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 10:30:02
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:03
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:7 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 03-07-2004 10:30:05
    BasePriority : Normal
    FileSize : 982 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Explorador do Windows
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 27-06-2004 16:57:50
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:46

    #:8 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 10:30:05
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:9 [ati2evxx.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:05
    BasePriority : Normal
    FileSize : 100 KB
    Created on : 30-01-2002 16:11:01
    Last accessed : 02-07-2004 23:00:00
    Last modified : 28-11-2001 18:23:50

    #:10 [pavsrv51.exe]
    FilePath : C:\Programas\Panda Software\Panda Antivirus Titanium\
    ThreadCreationTime : 03-07-2004 10:30:05
    BasePriority : High
    FileSize : 264 KB
    FileVersion : 6, 3, 0, 531
    ProductVersion : 6.3
    Copyright : Copyright
    CompanyName : Panda Software
    FileDescription : Panda Antivirus Service for Windows NT/2000
    InternalName : pavsrv
    OriginalFilename : pavsrv.exe
    ProductName : Panda Antivirus
    Created on : 30-06-2004 10:08:42
    Last accessed : 02-07-2004 23:00:00
    Last modified : 14-05-2003 16:03:36

    #:11 [avengine.exe]
    FilePath : C:\Programas\Panda Software\Panda Antivirus Titanium\
    ThreadCreationTime : 03-07-2004 10:30:06
    BasePriority : Normal
    FileSize : 100 KB
    FileVersion : 6, 3, 0, 492
    ProductVersion : 6.3
    Copyright : Copyright
    CompanyName : Panda Software
    FileDescription : Proceso an
    InternalName : avengine
    OriginalFilename : avengine.exe
    ProductName : Panda Antivirus Windows NT/2000
    Created on : 30-06-2004 10:08:39
    Last accessed : 02-07-2004 23:00:00
    Last modified : 14-05-2003 15:59:34

    #:12 [atiptaxx.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:07
    BasePriority : Normal
    FileSize : 300 KB
    FileVersion : 6.13.10.2529
    ProductVersion : 6.13.10.2529
    Copyright : Copyright (C) 1998-2001 ATI Technologies Inc.
    CompanyName : ATI Technologies, Inc.
    FileDescription : ATI Desktop Control Panel
    InternalName : Atiptaxx.exe
    OriginalFilename : Atiptaxx.exe
    ProductName : ATI Desktop Component
    Created on : 30-01-2002 16:11:08
    Last accessed : 02-07-2004 23:00:00
    Last modified : 21-12-2001 22:58:30

    #:13 [apoint.exe]
    FilePath : C:\Programas\Apoint2K\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 116 KB
    FileVersion : 5.3.1.106
    ProductVersion : 5.3.1.106
    Copyright : Copyright (C) 1999-2001 Alps Electric Co., Ltd.
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver
    InternalName : Alps Pointing-device Driver
    OriginalFilename : Apoint.exe
    ProductName : Alps Pointing-device Driver
    Created on : 29-01-2002 10:06:39
    Last accessed : 02-07-2004 23:00:00
    Last modified : 19-10-2001 19:46:40

    #:14 [cepmtray.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 80 KB
    FileVersion : 1, 3, 0, 0
    ProductVersion : 1, 3, 0, 0
    Copyright : Copyright (C) 2001
    CompanyName : Compal
    FileDescription : CeTray MFC Application
    InternalName : CeTray
    OriginalFilename : CeTray.EXE
    ProductName : CeTray Application
    Created on : 05-02-2002 12:57:45
    Last accessed : 02-07-2004 23:00:00
    Last modified : 18-12-2001 8:41:42

    #:15 [cpatr10.exe]
    FilePath : C:\PROGRA~1\EzButton\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 140 KB
    FileVersion : 1.00
    ProductVersion : 1.00
    Copyright : Copyright
    CompanyName : Dritek System Inc.
    FileDescription : Compal ATR10 Easy Button ( Multi-Language )
    InternalName : CPATR10
    OriginalFilename : CPATR10.exe
    ProductName : Dritek System Inc. CPATR10 10.29.2001 ( VC60 )
    Created on : 29-01-2002 9:59:14
    Last accessed : 02-07-2004 23:00:00
    Last modified : 24-01-2002 16:50:36

    #:16 [ceekey.exe]
    FilePath : C:\Programas\TOSHIBA\E-KEY\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 72 KB
    FileVersion : 1, 3, 0, 5
    ProductVersion : 1, 3, 0, 5
    Copyright : Copyright (C) 2001
    CompanyName : COMPAL
    FileDescription : EKey MFC Application
    InternalName : EKey
    OriginalFilename : CeEKey.EXE
    ProductName : EKey Application
    Created on : 18-01-2002 1:19:06
    Last accessed : 02-07-2004 23:00:00
    Last modified : 18-01-2002 1:19:06

    #:17 [rundll32.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 31 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Executar uma DLL como uma aplica
    InternalName : rundll
    OriginalFilename : RUNDLL.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:18 [directcd.exe]
    FilePath : C:\Programas\Adaptec\Easy CD Creator 5\DirectCD\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 640 KB
    FileVersion : 5.10 (131)
    ProductVersion : 5.10 (131)
    Copyright : Copyright
    CompanyName : Roxio
    FileDescription : DirectCD Application
    InternalName : DirectCD
    OriginalFilename : Directcd.exe
    ProductName : DirectCD
    Created on : 17-10-2001 10:50:02
    Last accessed : 02-07-2004 23:00:00
    Last modified : 17-10-2001 10:50:02

    #:19 [update.exe]
    FilePath : C:\Programas\Digital Patrol\Digital Patrol Scanner 5.0\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 591 KB
    Created on : 14-06-2004 22:45:44
    Last accessed : 02-07-2004 23:00:00
    Last modified : 14-06-2004 22:45:44

    #:20 [apvxdwin.exe]
    FilePath : C:\Programas\Panda Software\Panda Antivirus Titanium\
    ThreadCreationTime : 03-07-2004 10:30:09
    BasePriority : Normal
    FileSize : 188 KB
    FileVersion : 3.06.03
    ProductVersion : 2.05.05
    CompanyName : Panda Software International
    FileDescription : ApVxdWin
    InternalName : ApVxdWin.exe
    OriginalFilename : ApVxdWin.exe
    ProductName : Panda Antivirus Titanium
    Created on : 30-06-2004 10:08:39
    Last accessed : 02-07-2004 23:00:00
    Last modified : 25-06-2003 17:59:12

    #:21 [apntex.exe]
    FilePath : C:\Programas\Apoint2K\
    ThreadCreationTime : 03-07-2004 10:30:09
    BasePriority : Normal
    FileSize : 32 KB
    FileVersion : 5.0.1.13
    ProductVersion : 5.0.1.13
    Copyright : Copyright (C) 1998-2001 Alps Electric Co., Ltd.
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver for Windows NT/2000
    InternalName : Alps Pointing-device Driver for Windows NT/2000
    OriginalFilename : ApntEx.exe
    ProductName : Alps Pointing-device Driver for Windows NT/2000
    Created on : 29-01-2002 10:06:36
    Last accessed : 02-07-2004 23:00:00
    Last modified : 13-07-2001 9:44:24

    #:22 [ctfmon.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:09
    BasePriority : Normal
    FileSize : 13 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    OriginalFilename : CTFMON.EXE
    ProductName : Microsoft
    Created on : 27-06-2004 16:57:34
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:46

    #:23 [msmsgs.exe]
    FilePath : C:\Programas\Messenger\
    ThreadCreationTime : 03-07-2004 10:30:09
    BasePriority : Normal
    FileSize : 1476 KB
    FileVersion : 4.7.0041
    ProductVersion : Version 4.7
    Copyright : Copyright (c) Microsoft Corporation 1997-2001
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msmsgs
    OriginalFilename : msmsgs.exe
    ProductName : Messenger
    Created on : 27-06-2004 17:02:47
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:48

    #:24 [vkanjyf.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:10
    BasePriority : Normal
    FileSize : 351 KB
    Created on : 27-06-2004 14:15:29
    Last accessed : 02-07-2004 23:00:00
    Last modified : 27-06-2004 14:15:26

    #:25 [pavproxy.exe]
    FilePath : C:\Programas\Panda Software\Panda Antivirus Titanium\
    ThreadCreationTime : 03-07-2004 10:30:17
    BasePriority : Normal
    FileSize : 144 KB
    FileVersion : 3, 6, 10, 24
    ProductVersion : 3, 6, 10, 24
    Copyright : Copyright
    CompanyName : Panda Software
    FileDescription : PavProxy
    InternalName : PavProxy
    OriginalFilename : PavProxy.exe
    ProductName : Mail Resident
    Created on : 30-06-2004 10:08:41
    Last accessed : 02-07-2004 23:00:00
    Last modified : 12-06-2003 12:44:32

    #:26 [wuauclt.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:31:20
    BasePriority : Normal
    FileSize : 148 KB
    FileVersion : 5.4.3790.20 built by: lab04_n
    ProductVersion : 5.4.3790.20
    CompanyName : Microsoft Corporation
    FileDescription : Cliente de actualiza
    InternalName : wuauclt.exe
    OriginalFilename : wuauclt.exe
    ProductName : Sistema operativo Microsoft
    Created on : 27-06-2004 17:08:03
    Last accessed : 02-07-2004 23:00:00
    Last modified : 09-02-2004 20:09:32

    #:27 [iexplore.exe]
    FilePath : C:\Programas\Internet Explorer\
    ThreadCreationTime : 03-07-2004 10:31:33
    BasePriority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 27-06-2004 16:59:02
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:48

    #:28 [notepad.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 11:37:19
    BasePriority : Normal
    FileSize : 66 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Bloco de notas
    InternalName : Notepad
    OriginalFilename : NOTEPAD.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:29 [iexplore.exe]
    FilePath : C:\Programas\Internet Explorer\
    ThreadCreationTime : 03-07-2004 11:37:39
    BasePriority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 27-06-2004 16:59:02
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:48

    #:30 [ad-aware.exe]
    FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\
    ThreadCreationTime : 03-07-2004 12:08:58
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 29-06-2004 0:34:44
    Last accessed : 02-07-2004 23:00:00
    Last modified : 12-07-2003 20:00:20

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    13:14:57 Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:01:33:765
    Objects scanned :40267
    Objects identified :0
    Objects ignored :0
    New objects :0
    _________________________________________________________________________________________________________

    Logfile of HijackThis v1.97.7
    Scan saved at 13:22:18, on 03-07-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Programas\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\CePMTray.exe
    C:\PROGRA~1\EzButton\CPATR10.EXE
    C:\Programas\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Programas\Digital Patrol\Digital Patrol Scanner 5.0\update.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\WINDOWS\System32\vkanjyf.exe
    C:\Programas\Apoint2K\Apntex.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\pavProxy.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ana\Definições locais\Temp\Directório temporário 4 para hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programas\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
    O4 - HKLM\..\Run: [Apoint] C:\Programas\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
    O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
    O4 - HKLM\..\Run: [CeEKey.exe] C:\Programas\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\chyxw.exe
    O4 - HKLM\..\Run: [Microsoft IT Update] win64.exe
    O4 - HKLM\..\Run: [Microsoft Update Machine] vkanjyf.exe
    O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Digital Patrol Update 5] C:\Programas\Digital Patrol\Digital Patrol Scanner 5.0\update.exe /autoupdate
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [My Search Bar Eq] "C:\Programas\MySearch\bar\s4bareq.exe" /r
    O4 - HKLM\..\RunServices: [Microsoft IT Update] win64.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] vkanjyf.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft IT Update] win64.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] vkanjyf.exe
    O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...165.3958217593
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/def...ploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E610EC01-B1E7-48BC-8C6E-59729F8011AB}: NameServer = 194.65.100.117 194.65.5.2


    I hope i've understand everything and done correctly!

    Thanking, ana
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    PM from ana, who was having trouble posting to her thread..


    Posted: Sat Jul 03, 2004 9:31 am
    Subject: I've done all you advised. Help me
    Sorry to send this to you, but everytime I click at submit this message appear: Fatal error: Maximum execution time of 30 seconds exceeded in /www/help2go.com/includes/functions_search.php on line 99

    I tryed to send it several dif times... that is why i'm trying to send it privatly.

    Here is the message:

    HI again

    My CPU always occupied in 90%... i don't know with what?!!!


    My internet browser (internet explorer) takes a lot to open something.... sometimes it freezes. What i know is that it doesn't work as before.

    When I click Ctrl*Alt+Del i cant see a lot of SVCHOST.exe... is this normal?

    ISPfix runned and remove and renumbered zero files.

    I'm a Panda Antivirus client and the software is always uptodate and always enable. Even so... i've runed the Panda Active Scan thar returned the following message: No Viruses Have been found.

    I've run the Housecall that have cleaned the malware.worm.RBOT.AW and zero files Infected found.

    Critical Updated for ADOBB.stream (KB870669) was successfuly instaled... the only one that was missing.

    Now, here are the reports of the software you advised to run.

    Done!
    Your system was completely clean.

    Windows XP (5.01.2600 SP1)
    CWShredder v1.59.0
    Written by Merijn - merijn@spywareinfo.com
    _________________________________________________________________________________________________________

    SPYBOT

    --- Report generated: 2004-07-03 13:05 ---

    DoubleClick: Tracking cookie (Internet Explorer: Ana) (Cookie, fixed)


    Avenue A, Inc.: Tracking cookie (Internet Explorer: Ana) (Cookie, fixed)


    BFast: Tracking cookie (Internet Explorer: Ana) (Cookie, fixed)


    CoreMetrics: Tracking cookie (Internet Explorer: Ana) (Cookie, fixed)


    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DyFuCA: Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-809299238-3095290957-2122901767-1005\Software\Microsoft\Internet Explorer\Main\BandRest

    MediaPlex: Tracking cookie (Internet Explorer: Ana) (Cookie, fixed)



    --- Spybot - Search && Destroy version: 1.3 ---
    2004-05-12 Includes\LSP.sbi
    2004-06-16 Includes\Cookies.sbi
    2004-06-16 Includes\Dialer.sbi
    2004-06-17 Includes\Hijackers.sbi
    2004-06-16 Includes\Keyloggers.sbi
    2004-06-16 Includes\Malware.sbi
    2004-06-16 Includes\Revision.sbi
    2004-06-16 Includes\Security.sbi
    2004-06-16 Includes\Spybots.sbi
    2004-06-16 Includes\Trojans.sbi
    2004-06-16 Includes\Tracks.uti


    _________________________________________________________________________________________________________


    Lavasoft Ad-aware Personal Build 6.181
    Logfile created on :sábado, 3 de Julho de 2004 13:13:24
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R326 01.07.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    03-07-2004 13:13:24 - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 03-07-2004 10:29:53
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 10:30:02
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 10:30:02
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Aplica
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Sistema operativo Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 10:30:02
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:48

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 10:30:02
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:03
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:7 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 03-07-2004 10:30:05
    BasePriority : Normal
    FileSize : 982 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Explorador do Windows
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 27-06-2004 16:57:50
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:46

    #:8 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 10:30:05
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:9 [ati2evxx.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:05
    BasePriority : Normal
    FileSize : 100 KB
    Created on : 30-01-2002 16:11:01
    Last accessed : 02-07-2004 23:00:00
    Last modified : 28-11-2001 18:23:50

    #:10 [pavsrv51.exe]
    FilePath : C:\Programas\Panda Software\Panda Antivirus Titanium\
    ThreadCreationTime : 03-07-2004 10:30:05
    BasePriority : High
    FileSize : 264 KB
    FileVersion : 6, 3, 0, 531
    ProductVersion : 6.3
    Copyright : Copyright
    CompanyName : Panda Software
    FileDescription : Panda Antivirus Service for Windows NT/2000
    InternalName : pavsrv
    OriginalFilename : pavsrv.exe
    ProductName : Panda Antivirus
    Created on : 30-06-2004 10:08:42
    Last accessed : 02-07-2004 23:00:00
    Last modified : 14-05-2003 16:03:36

    #:11 [avengine.exe]
    FilePath : C:\Programas\Panda Software\Panda Antivirus Titanium\
    ThreadCreationTime : 03-07-2004 10:30:06
    BasePriority : Normal
    FileSize : 100 KB
    FileVersion : 6, 3, 0, 492
    ProductVersion : 6.3
    Copyright : Copyright
    CompanyName : Panda Software
    FileDescription : Proceso an
    InternalName : avengine
    OriginalFilename : avengine.exe
    ProductName : Panda Antivirus Windows NT/2000
    Created on : 30-06-2004 10:08:39
    Last accessed : 02-07-2004 23:00:00
    Last modified : 14-05-2003 15:59:34

    #:12 [atiptaxx.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:07
    BasePriority : Normal
    FileSize : 300 KB
    FileVersion : 6.13.10.2529
    ProductVersion : 6.13.10.2529
    Copyright : Copyright (C) 1998-2001 ATI Technologies Inc.
    CompanyName : ATI Technologies, Inc.
    FileDescription : ATI Desktop Control Panel
    InternalName : Atiptaxx.exe
    OriginalFilename : Atiptaxx.exe
    ProductName : ATI Desktop Component
    Created on : 30-01-2002 16:11:08
    Last accessed : 02-07-2004 23:00:00
    Last modified : 21-12-2001 22:58:30

    #:13 [apoint.exe]
    FilePath : C:\Programas\Apoint2K\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 116 KB
    FileVersion : 5.3.1.106
    ProductVersion : 5.3.1.106
    Copyright : Copyright (C) 1999-2001 Alps Electric Co., Ltd.
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver
    InternalName : Alps Pointing-device Driver
    OriginalFilename : Apoint.exe
    ProductName : Alps Pointing-device Driver
    Created on : 29-01-2002 10:06:39
    Last accessed : 02-07-2004 23:00:00
    Last modified : 19-10-2001 19:46:40

    #:14 [cepmtray.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 80 KB
    FileVersion : 1, 3, 0, 0
    ProductVersion : 1, 3, 0, 0
    Copyright : Copyright (C) 2001
    CompanyName : Compal
    FileDescription : CeTray MFC Application
    InternalName : CeTray
    OriginalFilename : CeTray.EXE
    ProductName : CeTray Application
    Created on : 05-02-2002 12:57:45
    Last accessed : 02-07-2004 23:00:00
    Last modified : 18-12-2001 8:41:42

    #:15 [cpatr10.exe]
    FilePath : C:\PROGRA~1\EzButton\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 140 KB
    FileVersion : 1.00
    ProductVersion : 1.00
    Copyright : Copyright
    CompanyName : Dritek System Inc.
    FileDescription : Compal ATR10 Easy Button ( Multi-Language )
    InternalName : CPATR10
    OriginalFilename : CPATR10.exe
    ProductName : Dritek System Inc. CPATR10 10.29.2001 ( VC60 )
    Created on : 29-01-2002 9:59:14
    Last accessed : 02-07-2004 23:00:00
    Last modified : 24-01-2002 16:50:36
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    I got exactly the same error .... guesss the post was too long...

    split it in two...

    Here's the 2nd part :-

    #:16 [ceekey.exe]
    FilePath : C:\Programas\TOSHIBA\E-KEY\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 72 KB
    FileVersion : 1, 3, 0, 5
    ProductVersion : 1, 3, 0, 5
    Copyright : Copyright (C) 2001
    CompanyName : COMPAL
    FileDescription : EKey MFC Application
    InternalName : EKey
    OriginalFilename : CeEKey.EXE
    ProductName : EKey Application
    Created on : 18-01-2002 1:19:06
    Last accessed : 02-07-2004 23:00:00
    Last modified : 18-01-2002 1:19:06

    #:17 [rundll32.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 31 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Executar uma DLL como uma aplica
    InternalName : rundll
    OriginalFilename : RUNDLL.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:18 [directcd.exe]
    FilePath : C:\Programas\Adaptec\Easy CD Creator 5\DirectCD\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 640 KB
    FileVersion : 5.10 (131)
    ProductVersion : 5.10 (131)
    Copyright : Copyright
    CompanyName : Roxio
    FileDescription : DirectCD Application
    InternalName : DirectCD
    OriginalFilename : Directcd.exe
    ProductName : DirectCD
    Created on : 17-10-2001 10:50:02
    Last accessed : 02-07-2004 23:00:00
    Last modified : 17-10-2001 10:50:02

    #:19 [update.exe]
    FilePath : C:\Programas\Digital Patrol\Digital Patrol Scanner 5.0\
    ThreadCreationTime : 03-07-2004 10:30:08
    BasePriority : Normal
    FileSize : 591 KB
    Created on : 14-06-2004 22:45:44
    Last accessed : 02-07-2004 23:00:00
    Last modified : 14-06-2004 22:45:44

    #:20 [apvxdwin.exe]
    FilePath : C:\Programas\Panda Software\Panda Antivirus Titanium\
    ThreadCreationTime : 03-07-2004 10:30:09
    BasePriority : Normal
    FileSize : 188 KB
    FileVersion : 3.06.03
    ProductVersion : 2.05.05
    CompanyName : Panda Software International
    FileDescription : ApVxdWin
    InternalName : ApVxdWin.exe
    OriginalFilename : ApVxdWin.exe
    ProductName : Panda Antivirus Titanium
    Created on : 30-06-2004 10:08:39
    Last accessed : 02-07-2004 23:00:00
    Last modified : 25-06-2003 17:59:12

    #:21 [apntex.exe]
    FilePath : C:\Programas\Apoint2K\
    ThreadCreationTime : 03-07-2004 10:30:09
    BasePriority : Normal
    FileSize : 32 KB
    FileVersion : 5.0.1.13
    ProductVersion : 5.0.1.13
    Copyright : Copyright (C) 1998-2001 Alps Electric Co., Ltd.
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver for Windows NT/2000
    InternalName : Alps Pointing-device Driver for Windows NT/2000
    OriginalFilename : ApntEx.exe
    ProductName : Alps Pointing-device Driver for Windows NT/2000
    Created on : 29-01-2002 10:06:36
    Last accessed : 02-07-2004 23:00:00
    Last modified : 13-07-2001 9:44:24

    #:22 [ctfmon.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:09
    BasePriority : Normal
    FileSize : 13 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    OriginalFilename : CTFMON.EXE
    ProductName : Microsoft
    Created on : 27-06-2004 16:57:34
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:46

    #:23 [msmsgs.exe]
    FilePath : C:\Programas\Messenger\
    ThreadCreationTime : 03-07-2004 10:30:09
    BasePriority : Normal
    FileSize : 1476 KB
    FileVersion : 4.7.0041
    ProductVersion : Version 4.7
    Copyright : Copyright (c) Microsoft Corporation 1997-2001
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msmsgs
    OriginalFilename : msmsgs.exe
    ProductName : Messenger
    Created on : 27-06-2004 17:02:47
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:48

    #:24 [vkanjyf.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:30:10
    BasePriority : Normal
    FileSize : 351 KB
    Created on : 27-06-2004 14:15:29
    Last accessed : 02-07-2004 23:00:00
    Last modified : 27-06-2004 14:15:26

    #:25 [pavproxy.exe]
    FilePath : C:\Programas\Panda Software\Panda Antivirus Titanium\
    ThreadCreationTime : 03-07-2004 10:30:17
    BasePriority : Normal
    FileSize : 144 KB
    FileVersion : 3, 6, 10, 24
    ProductVersion : 3, 6, 10, 24
    Copyright : Copyright
    CompanyName : Panda Software
    FileDescription : PavProxy
    InternalName : PavProxy
    OriginalFilename : PavProxy.exe
    ProductName : Mail Resident
    Created on : 30-06-2004 10:08:41
    Last accessed : 02-07-2004 23:00:00
    Last modified : 12-06-2003 12:44:32

    #:26 [wuauclt.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 03-07-2004 10:31:20
    BasePriority : Normal
    FileSize : 148 KB
    FileVersion : 5.4.3790.20 built by: lab04_n
    ProductVersion : 5.4.3790.20
    CompanyName : Microsoft Corporation
    FileDescription : Cliente de actualiza
    InternalName : wuauclt.exe
    OriginalFilename : wuauclt.exe
    ProductName : Sistema operativo Microsoft
    Created on : 27-06-2004 17:08:03
    Last accessed : 02-07-2004 23:00:00
    Last modified : 09-02-2004 20:09:32

    #:27 [iexplore.exe]
    FilePath : C:\Programas\Internet Explorer\
    ThreadCreationTime : 03-07-2004 10:31:33
    BasePriority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 27-06-2004 16:59:02
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:48

    #:28 [notepad.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 03-07-2004 11:37:19
    BasePriority : Normal
    FileSize : 66 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Bloco de notas
    InternalName : Notepad
    OriginalFilename : NOTEPAD.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 31-12-1979 23:00:00
    Last accessed : 02-07-2004 23:00:00
    Last modified : 20-11-2001 12:00:00

    #:29 [iexplore.exe]
    FilePath : C:\Programas\Internet Explorer\
    ThreadCreationTime : 03-07-2004 11:37:39
    BasePriority : Normal
    FileSize : 89 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Internet Explorer
    InternalName : iexplore
    OriginalFilename : IEXPLORE.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 27-06-2004 16:59:02
    Last accessed : 02-07-2004 23:00:00
    Last modified : 23-09-2002 20:42:48

    #:30 [ad-aware.exe]
    FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\
    ThreadCreationTime : 03-07-2004 12:08:58
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 29-06-2004 0:34:44
    Last accessed : 02-07-2004 23:00:00
    Last modified : 12-07-2003 20:00:20

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    13:14:57 Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:01:33:765
    Objects scanned :40267
    Objects identified :0
    Objects ignored :0
    New objects :0
    _________________________________________________________________________________________________________

    Logfile of HijackThis v1.97.7
    Scan saved at 13:22:18, on 03-07-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Programas\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\CePMTray.exe
    C:\PROGRA~1\EzButton\CPATR10.EXE
    C:\Programas\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Programas\Digital Patrol\Digital Patrol Scanner 5.0\update.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\WINDOWS\System32\vkanjyf.exe
    C:\Programas\Apoint2K\Apntex.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\pavProxy.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ana\Definições locais\Temp\Directório temporário 4 para hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programas\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
    O4 - HKLM\..\Run: [Apoint] C:\Programas\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
    O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
    O4 - HKLM\..\Run: [CeEKey.exe] C:\Programas\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\chyxw.exe
    O4 - HKLM\..\Run: [Microsoft IT Update] win64.exe
    O4 - HKLM\..\Run: [Microsoft Update Machine] vkanjyf.exe
    O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Digital Patrol Update 5] C:\Programas\Digital Patrol\Digital Patrol Scanner 5.0\update.exe /autoupdate
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [My Search Bar Eq] "C:\Programas\MySearch\bar\s4bareq.exe" /r
    O4 - HKLM\..\RunServices: [Microsoft IT Update] win64.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] vkanjyf.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft IT Update] win64.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] vkanjyf.exe
    O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...165.3958217593
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/def...ploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E610EC01-B1E7-48BC-8C6E-59729F8011AB}: NameServer = 194.65.100.117 194.65.5.2


    I hope i've understand everything and done correctly!

    Thanking, ana
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI ana

    PLease do this first - go to C: and create a new permanent folder (call it hijackthis) ...Then put the hijackthis.exe file in it (You must unzip it if it's zipped)...... so you have C:\hijackthis\hijackthis.exe.....then run hijackthis by clicking this .exe file -that way you will have backups if you accidentally remove the wrong item ( running from a temporary folder (or the desktop) these backups can easily get lost) The First time you run hijackthis....click config and make sure the bottom 4 boxes are ticked (and NOT the top one)

    Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programas\MySearch\bar\1.bin\S4BAR.DL

    O4 - HKLM\..\Run: [Microsoft IT Update] win64.exe
    O4 - HKLM\..\Run: [Microsoft Update Machine] vkanjyf.exe
    O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe

    O4 - HKLM\..\Run: [My Search Bar Eq] "C:\Programas\MySearch\bar\s4bareq.exe" /r
    O4 - HKLM\..\RunServices: [Microsoft IT Update] win64.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] vkanjyf.exe

    O4 - HKCU\..\Run: [Microsoft IT Update] win64.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] vkanjyf.exe
    O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe


    In case the files are hidden --- Click here >>> How to Show Hidden/System Files <<<

    Then reboot into >>>safe mode<<< Click Here for instructions find and delete :-

    C:\WINDOWS\System32\vkanjyf.exe ... file
    C:\WINDOWS\system32\syshost.exe ... file

    You will need to search for and delete these files....

    win64.exe
    winsys32.exe


    Also delete this folder :-

    C:\Programas\MySearch


    Let us know and post a new log

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member ananana's Avatar
    Join Date
    Jun 2004
    Location
    Portugal (Porto)
    Posts
    1
    Points
    0

    Default DONE

    Hi

    At first, thanks very much for your prompt help.

    I've create a Hijackthis folder at c:\ and after unzipped th hijackthis.exe for the same folder i've runned it an fixed al the problems you mentioned.

    After reboting in safe mode i couldn't find the files you mentioned to delet them. I could only find the folder MySearch which was deleted.

    Another thing i don't think it is normal is the noise th computer makes, as it is performing something, a machine working noise... i don't know if you understand what i mean... humf my english....

    When I make Ctrl+Alt+Del I can see that these files are always working: taskmgr.exe; explorer.exe, avengine.exe and csrss.exe.

    Is this normal?

    Now here are the report of the new scan with hijackthis:

    Logfile of HijackThis v1.97.7
    Scan saved at 14:44:39, on 04-07-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Programas\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\CePMTray.exe
    C:\PROGRA~1\EzButton\CPATR10.EXE
    C:\Programas\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Programas\Digital Patrol\Digital Patrol Scanner 5.0\update.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programas\Apoint2K\Apntex.exe
    C:\Programas\SpywareGuard\sgmain.exe
    C:\Programas\SpywareGuard\sgbhp.exe
    C:\Programas\Panda Software\Panda Antivirus Titanium\pavProxy.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programas\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
    O4 - HKLM\..\Run: [Apoint] C:\Programas\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
    O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
    O4 - HKLM\..\Run: [CeEKey.exe] C:\Programas\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\chyxw.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programas\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Digital Patrol Update 5] C:\Programas\Digital Patrol\Digital Patrol Scanner 5.0\update.exe /autoupdate
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - Startup: SpywareGuard.lnk = C:\Programas\SpywareGuard\sgmain.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...165.3958217593
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/def...ploader_v5.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E610EC01-B1E7-48BC-8C6E-59729F8011AB}: NameServer = 194.65.100.117 194.65.5.2

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    The files you have running are ok....

    Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html

    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\chyxw.exe << virus W32/Korgo


    virus details http://www.f-secure.com/v-descs/korgo_u.shtml

    Reboot then find and delete :-

    C:\WINDOWS\System32\chyxw.exe

    It is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

    Then do this scan...

    Houscall<<<< click here

    Delete all infected files found ... if houscall lists them as uncleanable ... click the "delete" button.

    The noise you hear may be normal, or it may be your hard drive starting to fail, if you have anything irreplaceable on your computer, better back it up for safety.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Member ananana's Avatar
    Join Date
    Jun 2004
    Location
    Portugal (Porto)
    Posts
    1
    Points
    0

    Default

    Hi,

    I think everything is ok now.

    thank you very much for you help.