1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Got Hijackthis log finally. I hope i get some help now..

Discussion in 'Virus & Other Malware Removal' started by AJRoman, Feb 11, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. AJRoman

    AJRoman Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    8
    Ok, I posted here yesterday about a problem I had. Well it wasn't easy to solve cause I couldn't run Hijackthis but know I can.

    So as I posted yesterday the computer gets disconnected by itself from the net and it gets terribly slow sometimes when surfing it.

    Here's the log:

    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\MIXER.EXE
    C:\WINDOWS\NVSVCA32.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
    C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\ARCHIVOS DE PROGRAMA\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qamtbccekfmesaevma.com/L...O1AsF5vyDcVe_K0qjMhwTBkPn9crmQj92Us_NPxl.html
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {84308C08-FA02-9370-A2C1-D12F1EEFF449} - C:\WINDOWS\APPLICATION DATA\SUPPORTINTRANEW\01 ONE.EXE
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe
    O4 - HKLM\..\Run: [warnnurbslowlite] C:\WINDOWS\Application Data\Army itch warn nurb\Windowbows.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Mis documentos\Mercedes\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Mis documentos\Mercedes\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKCU\..\Run: [Name Amen] C:\WINDOWS\APPLIC~1\MULTID~1\Bleh proc.exe
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = prodigy.net.mx
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.33.146.209,200.33.146.217

    So please, what should I do?? I need help ASAP. Thanks for your attention.
     
  2. ekim68

    ekim68

    Joined:
    Jul 8, 2003
    Messages:
    55,462
    First Name:
    Mike
    That's not a whole scan. And, you're running hijackthis from a temp file. Create a file, such as, C:\hjt, and run it from there. And, after it's done, click save log and post it here.
     
  3. AJRoman

    AJRoman Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    8
    Alright, I did that.

    This is the whole log, and from C:

    Logfile of HijackThis v1.99.0
    Scan saved at 02:55:46 a.m., on 12/02/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\MIXER.EXE
    C:\WINDOWS\NVSVCA32.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YSERVER.EXE
    C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
    C:\HJT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.schgmlhrhslazfjfouhzm.co...iO1AsF5vyDcVe_K0qjMiwyPTVTisc2wj92Us_NPxl.jsp
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {84308C08-FA02-9370-A2C1-D12F1EEFF449} - C:\WINDOWS\APPLICATION DATA\SUPPORTINTRANEW\01 ONE.EXE
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe
    O4 - HKLM\..\Run: [warnnurbslowlite] C:\WINDOWS\Application Data\Army itch warn nurb\Windowbows.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Mis documentos\Mercedes\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Mis documentos\Mercedes\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKCU\..\Run: [Name Amen] C:\WINDOWS\APPLIC~1\MULTID~1\Bleh proc.exe
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = prodigy.net.mx
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.33.146.209,200.33.146.217

    Please help me @[email protected] and thanks again
     
  4. AJRoman

    AJRoman Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    8
    Gotta bump this... I need help
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Go here and follow the procedures there for uninstalling Messenger Plus.

    After that, Click here to download the LOP uninstaller. Close all browser windows and run the uninstaller.

    When it is finished restart your computer.

    If you cannot get to that site the uninstaller is also available here.

    Come back here and post another Hijack This log and we'll get rid of what's left.
     
  6. AJRoman

    AJRoman Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    8
    Sorry for the delay, but I don't have the computer at home.

    Anyway, I did what you told me and couldn't get MSNPlus removed just like that, maybe the files are damaged. What should I do? Try to fix the files directly from hijackthis?

    Here's the new log:

    Logfile of HijackThis v1.99.0
    Scan saved at 02:29:58 p.m., on 13/02/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\MIXER.EXE
    C:\WINDOWS\NVSVCA32.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YSERVER.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\HJT\HIJACKTHIS.EXE

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Mis documentos\Mercedes\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Mis documentos\Mercedes\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKCU\..\Run: [Name Amen] C:\WINDOWS\APPLIC~1\MULTID~1\Bleh proc.exe
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = prodigy.net.mx
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.33.146.209,200.33.146.217

    The symptons are still there, it gets slow and disconnected itself
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe

    O4 - HKCU\..\Run: [Name Amen] C:\WINDOWS\APPLIC~1\MULTID~1\Bleh proc.exe


    Restart to safe mode.

    How to start your computer in safe mode

    First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

    Now find and delete this file:

    C:\WINDOWS\nvsvca32.exe

    delete this folder:

    C:\Windows\Application Data\MULTID~1

    I don't know the exact name of this folder, but it will begin with MULTID and it will contain the Bleh proc.exe file.

    Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Empty the Recycle Bin


    Go here and do an online virus scan.

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
     
  8. AJRoman

    AJRoman Thread Starter

    Joined:
    Feb 10, 2005
    Messages:
    8
    Yeah, done.

    Seems like the problem's gone, thanks a lot!

    But anyway, still I couldn't uninstall properly msnplus and I brought the latest hjt log just in case:

    Logfile of HijackThis v1.99.0
    Scan saved at 07:11:15 p.m., on 13/02/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\MIXER.EXE
    C:\WINDOWS\SYSTEM\CTFMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    C:\HJT\HIJACKTHIS.EXE

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Mis documentos\Mercedes\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunOnce: [HcTSC] C:\WINDOWS\TSC.EXE
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Mis documentos\Mercedes\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\ypager.exe -quiet
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\MESSENGER\YPAGER.EXE
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Control HouseCall) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = prodigy.net.mx
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.33.146.209,200.33.146.217

    There it is. Thanks for you work, it is really appreciated.
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Plese reboot and post another log. This entry looks to be from the Trend Micro scan that you did:

    O4 - HKLM\..\RunOnce: [HcTSC] C:\WINDOWS\TSC.EXE

    At least I think that's what it is.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329531

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice