BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
I need help! I simply can't remove project 1
   
BullGuard Antivirus Forum > BullGuard zone > BullGuard Trial users > I need help! I simply can't remove project 1  
Forum Quick Jump
 
New Topic Post reply to : I need help! I simply can't remove project 1 Printable version of : I need help! I simply can't remove project 1
[ << Previous Thread | Next Thread >> ]

filnice
New Member


Date Joined Sep 2006
Total Posts : 4
 
   Posted 9/1/2006 11:39 PM (GMT +3)    Quote: I need help! I simply can't remove project 1Alert an admin about: I need help! I simply can't remove project 1
I have windows 2000 professional and a project 1 program keeps interrupting everything I do, and I have tried several actions trying to remove and always comes back, here is my hijackthis post
Logfile of HijackThis v1.99.1
Scan saved at 03:27:03 p.m., on 01/09/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\ARCHIV~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\Compaq\LCRMS\LCRMS.EXE
C:\WINNT\System32\mnmsrvc.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\MSTask.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\system32\lsiss.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\ARCHIV~1\Compaq\COMPAQ~2\cpqdmi.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\taskmgr.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\system32\Promon.exe
C:\ARCHIV~1\Compaq\COMPAQ~2\CHKADMIN.EXE
C:\WINNT\loadqm.exe
C:\Documents and Settings\isaura_corula\Escritorio\win\winampa.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\BullGuard Software\BullGuard\bullguard.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Archivos de programa\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.33.1.12:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Archivos de programa\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\ARCHIV~1\Compaq\COMPAQ~2\CHKADMIN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Documents and Settings\isaura_corula\Escritorio\win\\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_15.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_15.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Archivos de programa\BullGuard Software\BullGuard\bullguard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARCHIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\europillamusica3\entrar.html
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O20 - Winlogon Notify: Applets - C:\WINNT\system32\jt0607dse.dll
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Archivos de programa\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~2\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Insight Manager LC Remote Management (LCRMS) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\LCRMS\LCRMS.EXE
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: Windows PE Debugger - Unknown owner - C:\WINNT\system32\lviss.exe (file missing)
O23 - Service: Windows Remote Manager - Unknown owner - C:\WINNT\system32\lsiss.exe
help please
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 9/2/2006 5:40 AM (GMT +3)    Quote: I need help! I simply can't remove project 1Alert an admin about: I need help! I simply can't remove project 1
Hi filnice cool


Please download Ewido Anti-Malware
Install Ewido Anti-Malware
Launch Ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates


Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "BFU"

Please download
Brute Force Uninstaller.
Unzip it to its own folder (c:\BFU)

Rightclick -
http://metallica.geekstogo.com/alcanshorty.bfu  and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. Save it in the folder you made earlier (c:\BFU).

Do not run the Uninstaller and the Remover yet.
 
 
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
 
 


Please reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key (or F5 on some computers)
Use the arrow keys to highlight Safe Mode and press the Enter key.
 
 
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


Run full scan with Ewido
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine
  • Then click Apply all actions
Once finished, click the Save report button, then click Save Report As. This will create a text file.
Make sure you know where to find this file again (like on the Desktop).

Close ewido security suite.

Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute field copy and paste c:\bfu\alcanshorty.bfu
Press execute and let it do its job.

Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
 
Visite Microsoft and update to SP4:
 
You might need to change language
 
 
Apply the update, reboot.
 
 
It appears as though you are running 2 anti-virus programs at the same time.
That can cause conflicts on a system, and  taking up system resources. You should remove one of them from add/remove programs in controlpanel.




Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.



Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

filnice
New Member


Date Joined Sep 2006
Total Posts : 4
 
   Posted 9/8/2006 7:15 PM (GMT +3)    Quote: I need help! I simply can't remove project 1Alert an admin about: I need help! I simply can't remove project 1
Thank you Touch! Sorry I delayed, I just followed all steps and it seems the project 1 is still there, I couldn't run ewido in safe mode without a LAN connection, so I run it connected in safe mode, and I don't know if that might be the reason the bug is still alive, here are my ewido and hijackthis logs:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:07:00 a.m. 08/09/2006

+ Scan result:



C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\ENY5I0L1\dfndrff_15.exe -> Adware.DollarRevenue : Cleaned with backup (quarantined).
C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\dfndrff_15.exe -> Adware.DollarRevenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\35JUXZIG\Installer.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\isaura_corula\Configuración local\Temp\temp.fr0721 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\isaura_corula\Configuración local\Temp\temp.frAB15 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\aafsipc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Installer3.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\gp6ql3j51.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\gpr8l39u1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\hrjs0517e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\hrlm0531e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\ir28l5fu1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\ir48l5hu1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\jt2s07f7e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\jt6o07j3e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\k626lgfs1626.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\ktnol7531.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\lv4009hme.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\nmlanman.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\t2r80c9uef.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\vrrsion.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Archivos de programa\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_03745.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_06002.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_15720.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_17602.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_22138.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_27688.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_28604.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_31733.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_37274.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_44182.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_45075.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_48477.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_48745.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_50674.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_51103.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_54016.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_54780.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_65107.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_70078.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_71066.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_71081.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_75887.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\WINNT\SYSTEM32\setup_84576.exe -> Backdoor.SdBot.avb : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\35JUXZIG\drsmartload1022a.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\35JUXZIG\drsmartload849a.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\JX0FWABN\drsmartload195a.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\JX0FWABN\drsmartload849a.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\O81Z6292\drsmartload45a.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\O81Z6292\drsmartload46a.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\doc.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload45a45n.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload45a45o.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload45a45p.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload46a46n.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload46a46o.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload46a46p.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload849a849n.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload849a849o.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload849a849p.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\winde.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\O81Z6292\loader.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\drsmartload.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\35JUXZIG\kybrdff_15.exe -> Downloader.VB.alg : Cleaned with backup (quarantined).
C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\kybrdff_15.exe -> Downloader.VB.alg : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\ENY5I0L1\nwnmff_14.exe -> Downloader.VB.als : Cleaned with backup (quarantined).
C:\nwnmff_14.exe -> Downloader.VB.als : Cleaned with backup (quarantined).
C:\drsmartload45a45k.exe -> Downloader.VB.alt : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Configuración local\Archivos temporales de Internet\Content.IE5\JX0FWABN\kybrdff_16.exe -> Downloader.VB.amb : Cleaned with backup (quarantined).
C:\kybrdff_16.exe -> Downloader.VB.amb : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrador\Configuración local\Temp\ImInstaller\IncrediMail\imloader.exe -> Not-A-Virus.Downloader.Win32.ImLoader.b : Cleaned with backup (quarantined).
C:\Documents and Settings\isaura_corula\Configuración local\Archivos temporales de Internet\Content.IE5\81MF65SL\send_exe2.htm.mwt -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\Documents and Settings\isaura_corula\Configuración local\Archivos temporales de Internet\Content.IE5\81MF65SL\send_exe2.htm.mwt -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 10:20:14 a.m., on 08/09/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\ARCHIV~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
C:\Archivos de programa\Compaq\LCRMS\LCRMS.EXE
C:\WINNT\System32\mnmsrvc.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\MSTask.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\system32\lviss.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\ARCHIV~1\Compaq\COMPAQ~2\cpqdmi.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\system32\Promon.exe
C:\ARCHIV~1\Compaq\COMPAQ~2\CHKADMIN.EXE
C:\WINNT\loadqm.exe
C:\Documents and Settings\isaura_corula\Escritorio\win\winampa.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
C:\dfndrff_16.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\WINNT\explorer.exe
C:\Archivos de programa\Network Monitor\netmon.exe
C:\WINNT\QXBveW8gRW1wcmVzYXJpYWw\command.exe
C:\WINNT\system32\taskmgr.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Archivos de programa\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.33.1.12:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Archivos de programa\Deskbar\deskbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Archivos de programa\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\ARCHIV~1\Compaq\COMPAQ~2\CHKADMIN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Documents and Settings\isaura_corula\Escritorio\win\\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_17.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Archivos de programa\BullGuard Software\BullGuard\bullguard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARCHIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\europillamusica3\entrar.html
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O20 - Winlogon Notify: AdminDebug - C:\WINNT\system32\guard.tmp (file missing)
O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\cfral.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QXBveW8gRW1wcmVzYXJpYWw\command.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~2\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: Insight Manager LC Remote Management (LCRMS) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\LCRMS\LCRMS.EXE
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Archivos de programa\Network Monitor\netmon.exe
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: Windows PE Debugger - Unknown owner - C:\WINNT\system32\lviss.exe
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 9/10/2006 10:44 AM (GMT +3)    Quote: I need help! I simply can't remove project 1Alert an admin about: I need help! I simply can't remove project 1
 Please download free  Trial of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 

Download and install: 
http://www.filehippo.com/download_ccleaner/
For a basic version of CCleaner with no Yahoo Toolbar, select the second or third install option as follows:
Even if you selected Option 2 or 3, if you do not want the Yahoo Toolbar installed:
Uncheck "Add CCleaner Yahoo! Toolbar", as it is checked by default during CCleaner Setup

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
 
 
    
 
 
 
Open Ccleaner.
1. Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".
2. A pop up box will appear advising this process will permanently delete files from your system.
3. Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the "Internet Explorer". Deleting cookies will require re-entry of user names and passwords on next visit to sites that require users log in.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all (optionally, except cookies) in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Then click the "Run Cleaner" button and it will scan and clean your system. Click exit.
 
 

Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
 
Click on the green screwdriver-
Uncheck –Heurestic analysis
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Move
Remove checkmark from – Prompt on action
Click on the drive(s) you want to scan  . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your  drive(s), say yes to all
When the scan has finished, look if you can click next icon next to the files found
If so, click it and then click the next icon right below and select Move incurable
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.
 
 
 
 
Start Superantispyware/rightclick on the black/yellow bug in tray.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, let it Reboot
 
 
Next go to Start- Search and scrolldown using the scroll bar on the right. Go down to More advanced options and click.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
And Find:
superantispyware log
 
 
Post this log along with fresh hijackthis log and tell how things are running


Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

filnice
New Member


Date Joined Sep 2006
Total Posts : 4
 
   Posted 9/14/2006 11:02 PM (GMT +3)    Quote: I need help! I simply can't remove project 1Alert an admin about: I need help! I simply can't remove project 1
cool Thank you again Touch! I followed all steps and it seems the virus has been affected this time, because the project 1 window at start up did not showed up, but I'm not sure if its completely gone since after a while after I rebooted an advertising pup up window appeared, here are my Hijackthis and Superantispyware logs:
Logfile of HijackThis v1.99.1
Scan saved at 02:48:51 p.m., on 14/09/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\ARCHIV~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
C:\Archivos de programa\Compaq\LCRMS\LCRMS.EXE
C:\WINNT\System32\mnmsrvc.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\MSTask.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\ARCHIV~1\Compaq\COMPAQ~2\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\dfndrff_e1.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Archivos de programa\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Archivos de programa\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.33.1.12:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Archivos de programa\Deskbar\deskbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e1.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Archivos de programa\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARCHIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\europillamusica3\entrar.html
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O20 - Winlogon Notify: SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~2\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: Insight Manager LC Remote Management (LCRMS) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\LCRMS\LCRMS.EXE
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: Windows PE Debugger - Unknown owner - C:\WINNT\system32\lviss.exe (file missing)
SUPERAntiSpyware Scan Log
Generated 09/14/2006 at 01:37 PM
Core Rules Database Version : 3082
Trace Rules Database Version: 1114
Memory threats detected   : 1
Registry threats detected : 51
File threats detected     : 56
Adware.NicTech Networks
 C:\WINNT\SYSTEM32\O8ROLI9318.DLL
 C:\WINNT\SYSTEM32\O8ROLI9318.DLL
 Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\Uninstall
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\e8jmli1118.dll
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\fpns0357e.dll
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\guard.tmp
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\GUARD.TMP.VIR
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\guard__0.tmp
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\h60qlgd5160.dll
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\Installer3.exe
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\Installer[10.exe
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\k2620cjoefoc0.dll
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\lv6809jue.dll
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\lvp8097ue.dll
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\mfltus40.dll
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\q6ps0g77e6.dll
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\RNOCURS.DLL
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\SH2EVNT1.DLL
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\wqnstrm.dll
Adware.Tracking Cookie
 C:\Documents and Settings\isaura_corula\Cookies\isaura_corula@cpvfeed[2].txt
 C:\Documents and Settings\isaura_corula\Cookies\isaura_corula@ad.cs102175[1].txt
 C:\Documents and Settings\isaura_corula\Cookies\isaura_corula@cassava[1].txt
 C:\Documents and Settings\isaura_corula\Cookies\isaura_corula@stats1.reliablestats[1].txt
 C:\Documents and Settings\isaura_corula\Cookies\isaura_corula@888[1].txt
 C:\Documents and Settings\isaura_corula\Cookies\isaura_corula@partygaming.122.2o7[1].txt
 C:\Documents and Settings\isaura_corula\Cookies\isaura_corula@i.screensavers[2].txt
 C:\Documents and Settings\isaura_corula\Cookies\isaura_corula@www.globaladvertisingservices[1].txt
 C:\Documents and Settings\isaura_corula\Cookies\isaura_corula@dsml.clickexperts[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@ads.esmas[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@ads.monster[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@ads.yupimsn[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@ads4.clearchannel[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@adserver.terra[2].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@dealtime[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@freebannertrade[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@gostats[2].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@jackpotmadness[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@satelite.com[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@serve.thisbanner[2].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@servedby.clickexperts[2].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@stats.klsoft[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@stats[2].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@tripod.com[1].txt
 C:\Documents and Settings\apoyo8\Cookies\apoyo8@www.clickxchange[2].txt
 C:\Documents and Settings\isaura_corula\Configuración local\Temp\Cookies\isaura_corula@cpvfeed[2].txt
 C:\WINNT\Temp\Cookies\isaura_corula@ad.cs102175[2].txt
 C:\WINNT\Temp\Cookies\isaura_corula@ad.yieldmanager[1].txt
 C:\WINNT\Temp\Cookies\isaura_corula@cassava[1].txt
 C:\WINNT\Temp\Cookies\isaura_corula@cpvfeed[2].txt
 C:\WINNT\Temp\Cookies\isaura_corula@dsml.clickexperts[1].txt
 C:\WINNT\Temp\Cookies\isaura_corula@partygaming.122.2o7[1].txt
Trojan.NetMon/DNSChange
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString
 C:\Archivos de programa\Network Monitor
Trojan.cmdService
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
 HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc
Adware.Adservs
 C:\WINNT\system32\atmtd.dll
 C:\WINNT\system32\atmtd.dll._
Trojan.Unknown Origin
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\installer[11.exe
 C:\Documents and Settings\isaura_corula\DoctorWeb\Quarantine\installer[1].exe
 C:\WINNT\QXBveW8gRW1wcmVzYXJpYWw\kr1Syqf0lqYTwApWsrLDsqT.vbs
 C:\WINNT\uninstall_nmon.vbs
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 9/15/2006 3:35 PM (GMT +3)    Quote: I need help! I simply can't remove project 1Alert an admin about: I need help! I simply can't remove project 1
Sounds good smile


Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Archivos de programa\Deskbar\deskbar.dll (file missing)
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e1.exe
O23 - Service: Windows PE Debugger - Unknown owner - C:\WINNT\system32\lviss.exe (file missing)



Reboot into Safe  Mode   by tapping F8 after the BIOS has loaded.
The Windows Advanced Options Menu appears.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
 
Delete Files:
C:\\dfndrff_e1.exe

 
Reboot and post (hopefully) last hijackthis log


Please start your own thread by clicking the new topic button. Do NOT post your problem in someone elses thread.
Do not PM me with logfiles. They will be deleted
 

Back to Top
 

filnice
New Member


Date Joined Sep 2006
Total Posts : 4
 
   Posted 9/19/2006 4:29 PM (GMT +3)    Quote: I need help! I simply can't remove project 1Alert an admin about: I need help! I simply can't remove project 1
:p I really really thank you Touch! It seems like the bug has been terminated skull I shall recommend your advice. Cheers!
 
Here is my last Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 08:19:38 a.m., on 19/09/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\ARCHIV~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
C:\Archivos de programa\Compaq\LCRMS\LCRMS.EXE
C:\WINNT\System32\mnmsrvc.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\MSTask.exe
C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\ARCHIV~1\Compaq\COMPAQ~2\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\System32\MsiExec.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Archivos de programa\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.33.1.12:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Archivos de programa\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARCHIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\europillamusica3\entrar.html (file missing)
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sedecopue.gob.mx
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D3DF339-BEB3-409B-BE42-BE0E6D9524D1}: NameServer = 172.21.9.36
O20 - Winlogon Notify: SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~2\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: Insight Manager LC Remote Management (LCRMS) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\LCRMS\LCRMS.EXE
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
 
Thank you!
Back to Top
 
New Topic Post reply to : I need help! I simply can't remove project 1 Printable version of : I need help! I simply can't remove project 1
 
Forum Information
Currently it is Tuesday, September 30, 2014 9:00 PM (GMT +3)
There are a total of 60,627 posts in 13,326 threads.
In the last 3 days there were 0 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36440 registered members. Please welcome our newest member, tedlevin14.
2 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Syswow64 (13)9/30/2014 1:41:48 PM (yoko90)