Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91910 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I need help. Slow, crashing comp is driving me crazy.


  • This topic is locked This topic is locked
19 replies to this topic

#1 Eli Poarch

Eli Poarch

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 07 November 2005 - 05:21 AM

I don't know what's wrong with my computer. I've tried all the options I could get my hands on, each antivirus, spyware, adware, malware program I could try seems to detect something different, or nothing at all, but my PC doesn't work correctly, it's slow, it crashes continously, especially when I'm on Internet, I get the "Iexplore must close" message all the time. I hope you can help me.

Here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 10:27:28, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache\Apache.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\winmgnt.exe
C:\AppServ\Apache\Apache.exe
C:\AppServ\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\winmgnt.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe
C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe
C:\WINDOWS\etMon.exe
C:\Documents and Settings\ELISENDA\Escritorio\FreeRAM XP Pro 1.40.exe
C:\Archivos de programa\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [nod32kui] C:\Archivos de programa\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [POINTER] C:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe"
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\ELISENDA\Escritorio\FreeRAM XP Pro 1.40.exe" -win
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...trolLite_SP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127469673937
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.accac.es/.../bin/svideo.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference... to English.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom....zylomloader.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.cnig.es:8...p/ACGM/Acgm.cab
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe



Thanks beforehand,

Eli

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,172 posts

Posted 14 November 2005 - 06:06 PM

Hello Eli Poarch, welcome to the TC.

Please do all the steps in the order they are listed


Download LSPfix here: http://www.cexx.org/lspfix.htm

Start the program and then check the I know what I'm doing box.

Move all instances of apptoport.dll (and nothing else), to the Remove pane.
Click the Finish Button and reboot.

Find and delete the file c:\windows\system\apptoport.dll


1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files
7. Click OK and windows will comply.

Restart your computer.

Reboot and "copy/paste" a new log file into this thread.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 Eli Poarch

Eli Poarch

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 16 November 2005 - 02:24 PM

Am I glad to hear from you!!!! Thanks a lot for your help, I thought I knew what to do with my computer until now, but I am completely lost.

Here's my new log.
Eli


Logfile of HijackThis v1.99.1
Scan saved at 21:16:54, on 16/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe
C:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe
C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\Documents and Settings\ELISENDA\Escritorio\FreeRAM XP Pro 1.40.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\AppServ\Apache\Apache.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\AppServ\Apache\Apache.exe
C:\AppServ\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\snmp.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\HP\hpcoretech\comp\hpdarc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [POINTER] C:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe"
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\ELISENDA\Escritorio\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [NBJ] "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.es/activescan (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Panda spyXposer - {EE657293-B4C4-4752-B035-DCBBC2D04008} - http://www.pandasoft...r_principal.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...trolLite_SP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127469673937
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.accac.es/.../bin/svideo.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference... to English.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom....zylomloader.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.cnig.es:8...p/ACGM/Acgm.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe (file missing)
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,172 posts

Posted 16 November 2005 - 03:47 PM

Please go to this link and submit this file: C:\WINDOWS\etMon.exe
http://www.kaspersky.com/scanforvirus

Let me know what it finds.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 Eli Poarch

Eli Poarch

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 November 2005 - 02:42 AM

Hi, I did what you said, the result says I'm clean Eli Kaspersky File Scanner You're clean! Kaspersky Anti-Virus has not detected any viruses at this time in the file you submitted.

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,172 posts

Posted 17 November 2005 - 03:43 PM

Download the following programs.

a.
Download Killbox HERE and put it on your desktop

b.
Download CCleaner HERE and install it.


Next:

Reboot into Safemode:
Immediately begin tapping the F8 key (or F5 on some computers)
Use the arrow keys to highlight Safe Mode and press the Enter key.

This can take a few minutes to get into Safe Mode.


Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find NETDDEC

Click once on the service to highlight it.

Click Stop

Right-Click on the service.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.

Do the same for both of these:
COMSS
COMCSVC



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe (file missing)

O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE

O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"


Next:
Open CCleaner.

Before first use, check under Options, Settings, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.

Then open it and select the items you wish to clean up.

In the Windows Tab:

I recommend cleaning all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section
Clean all entries in the "System" section
Clean all entries in the "Advanced" section.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

Then click the "Run Cleaner" button



Next:
Then double-click on the killbox.exe program.


Start Killbox and click on Tools->Delete Temp Files.
Unregister .dll before deleting (unless it is greyed out)
Delete on Reboot

Then select the option labeled Delete on reboot.

Do not close killbox, and open notepad, by clicking on Start, then Run, and typing notepad.exe and pressing the OK button.


When notepad is open, copy and paste the following bolded text into the notepad screen. You do this by highlighting each of the below bolded filenames and then pressing Control-C on your keyboard. Then click on the open notepad windows and press Control-V to paste the contents into the notepad.



C:\WINDOWS\system32\SSMS.EXE
C:\WINDOWS\system32\winmgnt.exe


Return to Killbox, go to the File menu and select Paste from Clipboard.


Still in Killbox, click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click No at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

After Reboot, "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 Eli Poarch

Eli Poarch

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 18 November 2005 - 04:22 AM

Hi, I did my homework! I only found one problem: Where you said:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe (file missing)

O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE

O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"


Well, I couldn't find those entries, so I followed the rest of the instructions.

Here is my new log:

Logfile of HijackThis v1.99.1
Scan saved at 11:05:33, on 18/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache\Apache.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\AppServ\mysql\bin\mysqld-nt.exe
C:\AppServ\Apache\Apache.exe
C:\WINDOWS\System32\snmp.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe
C:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe
C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\Documents and Settings\ELISENDA\Escritorio\FreeRAM XP Pro 1.40.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [POINTER] C:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe"
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\ELISENDA\Escritorio\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [NBJ] "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.es/activescan (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Panda spyXposer - {EE657293-B4C4-4752-B035-DCBBC2D04008} - http://www.pandasoft...r_principal.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...trolLite_SP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127469673937
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.accac.es/.../bin/svideo.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference... to English.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom....zylomloader.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.cnig.es:8...p/ACGM/Acgm.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe

I'll be testing the computer all through the day, and I'll tell you how it behaves in a new post (I hope before you get back on).
A million thanks,
Eli

Edited by Eli Poarch, 18 November 2005 - 04:24 AM.


#8 Eli Poarch

Eli Poarch

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 18 November 2005 - 05:23 PM

I've been trying this out all day, it works much better, but it still crashes. Every now and then freezes or shuts itself off, with no apparent criteria, I might be on Internet, or with MSN Messenger, or playing a game, or even when I'm not on the computer... I come back to it and find the computer has restarted itself. It has gained speed, though. (At least, it takes it less to get back to work :) ) Eli

#9 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,172 posts

Posted 18 November 2005 - 06:15 PM

Go HERE and run these test.

This is located on the right side.

Is your PC acting sluggish? Are strange windows inexplicably popping up on your screen? Do you have to reboot your computer because of errors and lockups? PC Pitstop's free computer checkup can help you find and fix those problems! To get the best answers in The Pit, post a link to your test results along with your question.


The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 Eli Poarch

Eli Poarch

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 20 November 2005 - 04:49 PM

Hi, sorry I couldn't get on yesterday. When I got up I found a message about the computer having recovered from a critical error. I ran the test, and the only thing it found is that my hard drive is too full (still 19% free, though). I ran their optimization program, and it found severall things to delete. This morning, it popped up another message: 'Generic Host process for Win32 Services has encountered a problem and needs to close.' After that, I restarted the computer and it has done pretty good, but it still crashes every now and then (like 6 times today)... Do you need another HijackThis log?

    Advertisements

Register to Remove


#11 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,172 posts

Posted 20 November 2005 - 04:56 PM

http://support.micro...kb;en-us;821690
See if there's any help there.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 Eli Poarch

Eli Poarch

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 20 November 2005 - 05:10 PM

I'm afraid not, I already have the latest drivers for my HP. I don't know, is there anything else I can do to avoid formatting? Of the 6 times it restarted itself, 2 of them I was working on Dreamweaver, once my husband was playing Age of Empires, and the rest I was checking things out on Internet Explorer.

#13 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,172 posts

Posted 20 November 2005 - 05:15 PM

Lets see if we can find anything else.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#14 Eli Poarch

Eli Poarch

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 November 2005 - 08:48 AM

halelluja!!!!

This has been at least Mission: Impossible!!! I was online when you sent your last message, I downloaded Ewido immediately and started the scan... until now (three and a half days later :o ). The computer kept restating itself... I decided I should try to do the fast scan first, then the complete one... then, to stop the scan every time it found several things, to see if that way it would correct something on the way (I noticed it didn't fix things until it would finish or canceled the scan)... do some more research on the net... finally, I realized I had new drivers for everything except the BIOS, so I downloaded and installed the new BIOS, and I finally got a stable computer!. Now, I have been able to do a complete Ewido scan in safe mode and the HijackThis log. Don't scare yourself with all the Ewido logs, there are a few of them!

This is the last HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 14:52:06, on 24/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache\Apache.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\ewido\security suite\ewidoguard.exe
C:\AppServ\Apache\Apache.exe
C:\Archivos de programa\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\AppServ\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\snmp.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe
C:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe
C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\Archivos de programa\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Documents and Settings\ELISENDA\Escritorio\FreeRAM XP Pro 1.40.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [POINTER] C:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es\msnappau.exe"
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Archivos de programa\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\ELISENDA\Escritorio\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [NBJ] "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...trolLite_SP.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip....pGameLoader.dll
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://enu.vs.mcafee...in/myCioAgt.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127469673937
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.accac.es/.../bin/svideo.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference... to English.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom....zylomloader.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.cnig.es:8...p/ACGM/Acgm.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Archivos de programa\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.572.dll
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - Network Associates, Inc. - C:\ARCHIV~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - C:\Archivos de programa\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe


And these are the Ewido logs:

# 1
+ Created on: 10:39:58, 21/11/2005
+ Report-Checksum: 387B7452

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8A94C367-815A-4D4F-A6B6-D4EB877A126C}\TypeLib\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tl7000.dll\\.Owner -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tl7000.dll\\{0191ABF4-9421-435E-9FFD-CD827A2A82D8} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdToolsX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFB22865-F3BC-4309-ADFA-C8E078A7F762} -> Dialer.Generic : Cleaned with backup


::Report End

# 2
+ Created on: 14:29:27, 21/11/2005
+ Report-Checksum: 5CAA16F1

+ Scan result:

HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Browser -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Faceplate -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\History -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Resources -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Stations -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\WebUpdate -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup


::Report End

# 3
+ Created on: 23:19:05, 21/11/2005
+ Report-Checksum: D87D313A

+ Scan result:

HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Browser -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Faceplate -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\History -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Resources -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Stations -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\WebUpdate -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> TrojanDownloader.Small : Cleaned with backup


::Report End

# 4: this was after ending the fast scan (the sum of the 3 previous) on regular Windows (not safe mode)

+ Created on: 00:08:26, 22/11/2005
+ Report-Checksum: E1D3229F

+ Scan result:

No infected objects found.


::Report End

# 5 Here I start trying the Complete scan on Safe mode
+ Created on: 09:16:53, 22/11/2005
+ Report-Checksum: FE4A1335

+ Scan result:

HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Browser -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Faceplate -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\History -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Resources -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Stations -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\WebUpdate -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup


::Report End

# 6
+ Created on: 12:09:07, 22/11/2005
+ Report-Checksum: 1FED568C

+ Scan result:

HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Browser -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Faceplate -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\History -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Resources -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Stations -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\WebUpdate -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup


::Report End

# 7
+ Created on: 15:38:46, 22/11/2005
+ Report-Checksum: 43F4450B

+ Scan result:

HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Browser -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Faceplate -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\History -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Resources -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\Stations -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Hiwire\MusicMatch\WebUpdate -> Spyware.HiWire : Cleaned with backup
HKU\S-1-5-21-854245398-115176313-725345543-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
C:\Archivos de programa\Mozilla Firefox\plugins\NPMyWebS.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Documents and Settings\ARIADNA\Cookies\administrador@download.com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\ELISENDA\Cookies\elisenda@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup


::Report End

# 8: this is after new BIOS, Complete scan in Safe mode
+ Created on: 14:37:16, 24/11/2005
+ Report-Checksum: 22FF9D47

+ Scan result:

C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkchi1121.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkchi1122.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkchi1124.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkchi1125.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkchi1126.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkchi1127.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkchi1128.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkchi1131.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkchi1134.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkchi1135.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkdut1125.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkdut1127.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkheb1121.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkheb1124.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkheb1131.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkita1127.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1121.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1122.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1123.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1124.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1125.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1126.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1127.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1128.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1129.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1130.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1131.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1132.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1133.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1134.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkjap1135.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkkor1122.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkkor1123.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkkor1125.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkkor1126.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkkor1133.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkpor1131.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkpor1134.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winkpor1135.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\275 (winks), 57 weemee (muggins, moods) y dos (packs) para MSN messenger 7.zip/winks, muggins, moods para messenger 7/winks/winktai1134.exe -> TrojanDownloader.VB.oc : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Messenger\MessengerDeluxe.zip/MessengerDeluxe.exe -> Backdoor.VB.agd : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Web\Easy.Web.Editor.v3.16.163.294.Cracked-HERETiC\Easy.Web.Editor.v3.16.163.294.Cracked-HERETiC\setup.exe -> TrojanDropper.Small.mt : Cleaned with backup
C:\Documents and Settings\ELISENDA\Mis documentos\Descarregat\Utilitats\Web\Easy.Web.Editor.v3.16.163.294.Cracked-HERETiC.zip/Easy.Web.Editor.v3.16.163.294.Cracked-HERETiC/setup.exe -> TrojanDropper.Small.mt : Cleaned with backup


::Report End


What I'm noticing now while I'm writing this post, is that my RAM is going up and down (before we started with this posts, I had about 450-490 RAM left (I use FreeRAM, I have 768Mb RAM installed) now I can see 584, but when I started it had 612, but while I was copying the posts and opening ewido my FreeRAM showed values down to 3).

Forgive me for sending you such a looooong post.
I really appreciate all the help you are giving me,
Eli.

#15 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,172 posts

Posted 26 November 2005 - 01:42 PM

The RAM going up and down will be normal. You have programs like your ant-virus that will be scanning, for one thing. How is it running now?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users