Hi I new in this, but i was reading and find out about some suspicious entries in the registry. I need that someone can look my hijackthis.log and tell me if there is something to delete. Thanks and i'll be waiting for an answer
Logfile of HijackThis v1.97.7
Scan saved at 12:15:23 p.m., on 19/04/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\HANDSPRING\HOTSYNC.EXE
C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\ATNOTES\ATNOTES.EXE
C:\ARCHIVOS DE PROGRAMA\HANDSPRING\ALARMAPP.EXE
C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www001.upp.so-net.ne:3128@DF...809JOW4WJ2304LFD0SF9FSD0A2T4LD.BIZ/search.htm (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www001.upp.so-net.ne:3128@DF...809JOW4WJ2304LFD0SF9FSD0A2T4LD.BIZ/search.htm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www001.upp.so-net.ne:3128@DF...809JOW4WJ2304LFD0SF9FSD0A2T4LD.BIZ/search.htm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www001.upp.so-net.ne:3128@DF...809JOW4WJ2304LFD0SF9FSD0A2T4LD.BIZ/search.htm (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.6:8080
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD0.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\ARCHIVOS DE PROGRAMA\KONTIKI\BIN\BH304181.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Archivos de programa\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: HotSync Manager.lnk = ?
O4 - Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Startup: ATnotes.lnk = C:\Archivos de programa\ATnotes\ATnotes.exe
O4 - Startup: Alarm Manager.LNK = C:\Archivos de programa\Handspring\AlarmApp.exe
O8 - Extra context menu item: Get It With Kontiki - res://C:\ARCHIVOS DE PROGRAMA\KONTIKI\BIN\BH304181.DLL/201
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AOL - Mensajero Instantáneo® (HKLM)
O9 - Extra button: SEARCH (HKLM)
O9 - Extra button: ANTIVIRUS (HKLM)
O9 - Extra button: ENTERTAINMENT (HKLM)
O9 - Extra button: SECURITY (HKLM)
O9 - Extra button: SEARCH (HKLM)
O9 - Extra button: ANTIVIRUS (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7.0) - http://www.epson.cl/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://207.79.139.204/mapas/mgaxctrl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {436C49C7-2426-404D-932B-531973B44540} (Custodium.com) - http://www.custodium.com/cabs/custodium.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://webcam.uoct.cl:8080/wg_webeye.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37888.5476273148
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = manquehue.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = manquehue.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.74.160.103,200.74.160.104
Logfile of HijackThis v1.97.7
Scan saved at 12:15:23 p.m., on 19/04/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\HANDSPRING\HOTSYNC.EXE
C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\ATNOTES\ATNOTES.EXE
C:\ARCHIVOS DE PROGRAMA\HANDSPRING\ALARMAPP.EXE
C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www001.upp.so-net.ne:3128@DF...809JOW4WJ2304LFD0SF9FSD0A2T4LD.BIZ/search.htm (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www001.upp.so-net.ne:3128@DF...809JOW4WJ2304LFD0SF9FSD0A2T4LD.BIZ/search.htm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www001.upp.so-net.ne:3128@DF...809JOW4WJ2304LFD0SF9FSD0A2T4LD.BIZ/search.htm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www001.upp.so-net.ne:3128@DF...809JOW4WJ2304LFD0SF9FSD0A2T4LD.BIZ/search.htm (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.6:8080
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD0.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\ARCHIVOS DE PROGRAMA\KONTIKI\BIN\BH304181.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Archivos de programa\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: HotSync Manager.lnk = ?
O4 - Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Startup: ATnotes.lnk = C:\Archivos de programa\ATnotes\ATnotes.exe
O4 - Startup: Alarm Manager.LNK = C:\Archivos de programa\Handspring\AlarmApp.exe
O8 - Extra context menu item: Get It With Kontiki - res://C:\ARCHIVOS DE PROGRAMA\KONTIKI\BIN\BH304181.DLL/201
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AOL - Mensajero Instantáneo® (HKLM)
O9 - Extra button: SEARCH (HKLM)
O9 - Extra button: ANTIVIRUS (HKLM)
O9 - Extra button: ENTERTAINMENT (HKLM)
O9 - Extra button: SECURITY (HKLM)
O9 - Extra button: SEARCH (HKLM)
O9 - Extra button: ANTIVIRUS (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7.0) - http://www.epson.cl/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://207.79.139.204/mapas/mgaxctrl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {436C49C7-2426-404D-932B-531973B44540} (Custodium.com) - http://www.custodium.com/cabs/custodium.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://webcam.uoct.cl:8080/wg_webeye.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37888.5476273148
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = manquehue.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = manquehue.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.74.160.103,200.74.160.104