Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please help, I have spyware.. [CLOSED]

Started by dragues , Jan 23 2008 10:17 PM

This topic is locked

#16
koko_crunch

Posted 12 February 2008 - 01:14 AM

Trusted Helper

Retired Staff
1,751 posts

Sorry for the long wait. My internet is getting worse. I had no connectivity for 3-4 days.

By the way, I'm having problems with two formula 1 games. I can't play them in my computer and a few weeks ago, I used to play them all the time. When I try to play any of them, they crash all the time. Is it possible that I have some kind of spyware or virus that ocassionates the problem? Thanx.

That is certainly possible especially when your system is badly infected.
Hopefully, the issue will be fixed by removing the infection.

Next,

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

#17
dragues

Posted 13 February 2008 - 12:11 AM

Member

Topic Starter
Member
74 posts

Hi, here are the logs:

VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 11:55:00 p.m. 12/02/2008

Listing files found while scanning....

No infected files were found.

Beginning removal...

Logfile of HijackThis v1.99.1
Scan saved at 12:09:29 a.m., on 13/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\bgsvcgen.exe
C:\WINNT\System32\GEARSEC.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\vsnp2std.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINNT\System32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
c:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Archivos de programa\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\Nero\Nero Core\nero.exe
C:\Archivos de programa\Java\jre1.6.0_02\bin\jucheck.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\MSN Messenger\livecall.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\HT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Archivos de programa\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: &Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1177984708531
O17 - HKLM\System\CCS\Services\Tcpip\..\{345A4A25-B8A0-4A9F-A3DF-4894A5EB9772}: NameServer = 210.131.249.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE125042-60B0-42D1-98B5-0C4A727DAD96}: NameServer = 210.131.249.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{345A4A25-B8A0-4A9F-A3DF-4894A5EB9772}: NameServer = 210.131.249.33
O17 - HKLM\System\CS3\Services\Tcpip\..\{345A4A25-B8A0-4A9F-A3DF-4894A5EB9772}: NameServer = 210.131.249.33
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\System32\bgsvcgen.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe

#18
koko_crunch

Posted 13 February 2008 - 05:52 PM

Trusted Helper

Retired Staff
1,751 posts

The latest log you submitted actually looks better.
We are making progress but we're not done yet.

Next,

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Off12.off
C:\Off03.off
C:\Off04.off
C:\Off05.off
C:\Off11.off
C:\Off06.off
C:\Off09.off
C:\Off02.off
C:\Off10.off
C:\Off01.off
C:\Off07.off
C:\Off08.off
C:\WINNT\msngsrs.exe
C:\WINNT\system32\monvcqbs.ini
C:\WINNT\system32\jcnnsvif.ini
C:\WINNT\system32\tcqeijyy.ini
C:\WINNT\system32\hnyjtotc.ini
C:\WINNT\system32\pdddfvtn.tmp
C:\Documents and Settings\All Users\Datos de programa\ezsid.dat
C:\WINNT\system32\drvzaj.dll
C:\key.shm
C:\winhfya.exe
C:\wincpyn.exe
C:\winlxpw.exe
C:\winfaiu.exe
C:\winvlwv.exe
C:\WINNT\system32\DNLEng.dll
C:\Documents and Settings\RODRIGO\xx_tempopt.bin

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-7A12-3FF]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windev-7a12-3ff]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

#19
dragues

Posted 13 February 2008 - 11:43 PM

Member

Topic Starter
Member
74 posts

Hi, here is the log. Thanx.

ComboFix 08-02-14.1 - RODRIGO 2008-02-13 23:34:13.2 - NTFSx86
Se ejecuta desde: C:\Documents and Settings\RODRIGO\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\RODRIGO\Escritorio\CFScript.txt

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!

FILE
C:\Documents and Settings\All Users\Datos de programa\ezsid.dat
C:\Documents and Settings\RODRIGO\xx_tempopt.bin
C:\key.shm
C:\Off01.off
C:\Off02.off
C:\Off03.off
C:\Off04.off
C:\Off05.off
C:\Off06.off
C:\Off07.off
C:\Off08.off
C:\Off09.off
C:\Off10.off
C:\Off11.off
C:\Off12.off
C:\wincpyn.exe
C:\winfaiu.exe
C:\winhfya.exe
C:\winlxpw.exe
C:\WINNT\msngsrs.exe
C:\WINNT\system32\DNLEng.dll
C:\WINNT\system32\drvzaj.dll
C:\WINNT\system32\hnyjtotc.ini
C:\WINNT\system32\jcnnsvif.ini
C:\WINNT\system32\monvcqbs.ini
C:\WINNT\system32\pdddfvtn.tmp
C:\WINNT\system32\tcqeijyy.ini
C:\winvlwv.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Datos de programa\ezsid.dat
C:\Documents and Settings\RODRIGO\xx_tempopt.bin
C:\key.shm
C:\Off01.off
C:\Off02.off
C:\Off03.off
C:\Off04.off
C:\Off05.off
C:\Off06.off
C:\Off07.off
C:\Off08.off
C:\Off09.off
C:\Off10.off
C:\Off11.off
C:\Off12.off
C:\wincpyn.exe
C:\winfaiu.exe
C:\winhfya.exe
C:\winlxpw.exe
C:\WINNT\system32\DNLEng.dll
C:\WINNT\system32\hnyjtotc.ini
C:\WINNT\system32\jcnnsvif.ini
C:\WINNT\system32\monvcqbs.ini
C:\WINNT\system32\pdddfvtn.tmp
C:\WINNT\system32\tcqeijyy.ini
C:\winvlwv.exe

.
(((((((((((((((((( Archivos creados desde 2008-01-14 - 2008-02-14 )))))))))))))))))))))))))))))))))
.

2008-02-13 13:32 . 2008-02-13 14:35 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-02-13 13:32 . 2008-02-13 13:32 1,409 --a------ C:\WINNT\QTFont.for
2008-02-12 23:55 . 2008-02-12 23:55 <DIR> d-------- C:\VundoFix Backups
2008-02-06 18:58 . 2003-04-06 09:19 155,648 --a------ C:\WINNT\system32\igfxtray.exe
2008-02-06 18:58 . 2003-04-06 09:07 114,688 --a------ C:\WINNT\system32\hkcmd.exe
2008-02-05 11:12 . 2008-02-05 11:12 470 --a------ C:\WINNT\eReg.dat
2008-02-05 11:09 . 2008-02-05 11:09 <DIR> d-------- C:\Archivos de programa\EA SPORTS
2008-02-04 19:41 . 2008-02-04 19:41 <DIR> d-------- C:\Documents and Settings\RODRIGO\LimeWire Store Purchased
2008-02-03 07:32 . 2008-02-06 06:55 43,520 --a------ C:\WINNT\system32\CmdLineExt03.dll
2008-02-03 07:25 . 2008-02-03 07:25 <DIR> d-------- C:\Archivos de programa\THQ
2008-02-02 17:53 . 2008-02-02 17:53 <DIR> d-------- C:\WINNT\system32\config\systemprofile\Configuraci¾n local
2008-02-02 17:53 . 2008-02-02 17:53 <DIR> d-------- C:\Documents and Settings\RODRIGO\Configuraci¾n local
2008-02-02 17:53 . 2008-02-02 17:53 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraci¾n local
2008-02-02 17:53 . 2008-02-02 17:53 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraci¾n local
2008-02-02 17:53 . 2008-02-02 17:53 <DIR> d-------- C:\Documents and Settings\Default User\Configuraci¾n local
2008-01-30 16:43 . 2008-02-13 14:25 <DIR> d-------- C:\Archivos de programa\iTunes
2008-01-30 16:43 . 2008-01-30 17:15 <DIR> d-------- C:\Archivos de programa\iPod
2008-01-27 20:37 . 2008-01-27 20:37 <DIR> d-------- C:\_OTMoveIt
2008-01-27 12:48 . 2008-01-27 12:48 <DIR> d-------- C:\UbiSoft
2008-01-26 10:54 . 2008-01-26 10:54 <DIR> d-------- C:\WINNT\ERUNT
2008-01-26 10:48 . 2008-01-27 10:02 3,006 --a------ C:\WINNT\system32\tmp.reg
2008-01-26 10:22 . 2008-02-13 08:00 <DIR> d-------- C:\Documents and Settings\RODRIGO\Datos de programa\AVG7
2008-01-26 10:22 . 2008-01-26 10:22 <DIR> d-------- C:\Documents and Settings\LocalService\Datos de programa\AVG7
2008-01-26 10:21 . 2008-01-26 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Grisoft
2008-01-26 10:21 . 2008-01-27 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\avg7
2008-01-23 15:44 . 2002-09-09 13:51 150,528 --a------ C:\WINNT\system32\ptpusd.dll
2008-01-23 15:44 . 2002-08-29 01:48 14,208 --a------ C:\WINNT\system32\drivers\usbscan.sys
2008-01-23 15:44 . 2002-08-29 01:48 14,208 --a--c--- C:\WINNT\system32\dllcache\usbscan.sys
2008-01-23 15:44 . 2001-08-22 22:15 5,632 --a------ C:\WINNT\system32\ptpusb.dll
2008-01-21 23:05 . 2008-02-13 16:08 <DIR> d-------- C:\Documents and Settings\RODRIGO\Datos de programa\skypePM
2008-01-21 23:03 . 2008-01-21 23:03 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Skype

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 06:31 --------- d-----w C:\Archivos de programa\FlashGet
2008-02-14 00:07 --------- d-----w C:\Documents and Settings\RODRIGO\Datos de programa\Skype
2008-02-08 01:48 --------- d-----w C:\Documents and Settings\RODRIGO\Datos de programa\LimeWire
2008-02-08 01:24 --------- d-----w C:\Archivos de programa\Unlocker
2008-02-05 18:09 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-02-05 07:12 --------- d-----w C:\Archivos de programa\Google
2008-02-05 02:39 --------- d-----w C:\Archivos de programa\LimeWire
2008-01-30 23:50 --------- d-----w C:\Documents and Settings\RODRIGO\Datos de programa\Apple Computer
2008-01-30 23:43 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Apple Computer
2008-01-23 06:43 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe
2008-01-22 23:17 --------- d-----w C:\Documents and Settings\RODRIGO\Datos de programa\uTorrent
2008-01-22 06:03 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Skype
2008-01-22 06:03 --------- d-----w C:\Archivos de programa\Skype
2008-01-21 04:54 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\HP
2008-01-07 17:07 988,128 ----a-w C:\WINNT\dbplugin.exe
2007-01-14 22:06 271 --sh--w C:\Archivos de programa\desktop.ini
2007-01-14 22:06 22,020 ---ha-w C:\Archivos de programa\folder.htt
.
Files Infected - Win32.Agent.zb
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\System32\ctfmon.exe" [2001-08-24 05:00 13312]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe" [ ]
"MsnMsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.exe" [2007-09-14 12:43 5674352]
"Skype"="C:\Archivos de programa\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"AdobeUpdater"="C:\Archivos de programa\Archivos comunes\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2001-08-24 05:00 136192 C:\WINNT\system32\mobsync.exe]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 02:00 132496]
"RemoteControl"="C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 19:01 71216]
"LanguageShortcut"="C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 14:21 54832]
"snp2std"="C:\WINNT\vsnp2std.exe" [2006-01-05 22:57 344064]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"AVG7_CC"="C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe" [2008-01-26 10:21 579072]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2003-10-15 16:24 229376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [1999-12-15 17:00 20752 C:\WINNT\system32\internat.exe]
"AVG7_Run"="C:\ARCHIV~1\Grisoft\AVG7\avgw.exe" [2008-01-26 10:21 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Archivos de programa\Internet Explorer\Connection Wizard\icwconn1.exe" [2002-09-09 12:51 212480]
"tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2002-09-09 12:33 40960]

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 10:39 282624 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 12:21 57344 C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Archivos de programa\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Archivos de programa\Pando Networks\Pando\Pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Archivos de programa\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-01-08 12:54 65536 C:\WINNT\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
C:\Archivos de programa\uTorrent\utorrent.exe

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Archivos de programa\CyberLink\PowerDVD\000.fcl [2006-11-02 14:51]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINNT\System32\DRIVERS\snp2sxp.sys [2006-03-31 02:27]
S3 jswmidin;jswmidin;C:\DOCUME~1\RODRIGO\CONFIG~1\Temp\jswmidin.sys [2001-07-31 21:35]
S3 SNPP106;PC Camera (6029 CIF);C:\WINNT\System32\DRIVERS\snpp106.sys [2002-12-05 15:58]

*Newly Created Service* - IPODSERVICE
.
Contenido de carpeta 'Tareas Programadas'
"2008-02-13 07:00:01 C:\WINNT\Tasks\At1.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 16:00:02 C:\WINNT\Tasks\At10.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 17:00:00 C:\WINNT\Tasks\At11.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 18:00:00 C:\WINNT\Tasks\At12.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 19:00:00 C:\WINNT\Tasks\At13.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 20:00:00 C:\WINNT\Tasks\At14.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-12 21:00:00 C:\WINNT\Tasks\At15.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 22:00:00 C:\WINNT\Tasks\At16.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 23:00:00 C:\WINNT\Tasks\At17.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-14 00:00:00 C:\WINNT\Tasks\At18.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-14 01:00:00 C:\WINNT\Tasks\At19.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 08:00:00 C:\WINNT\Tasks\At2.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-14 02:00:00 C:\WINNT\Tasks\At20.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-14 03:00:00 C:\WINNT\Tasks\At21.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-14 04:00:00 C:\WINNT\Tasks\At22.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-14 05:00:00 C:\WINNT\Tasks\At23.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-14 06:00:00 C:\WINNT\Tasks\At24.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 09:00:00 C:\WINNT\Tasks\At3.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 10:00:00 C:\WINNT\Tasks\At4.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 11:00:00 C:\WINNT\Tasks\At5.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 12:00:00 C:\WINNT\Tasks\At6.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 13:00:00 C:\WINNT\Tasks\At7.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 14:00:00 C:\WINNT\Tasks\At8.job"
- C:\WINNT\System32\3UYnREaA.exe
"2008-02-13 15:00:00 C:\WINNT\Tasks\At9.job"
- C:\WINNT\System32\3UYnREaA.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 23:38:35
Windows 5.1.2600 Service Pack 1 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-02-13 23:40:26
ComboFix-quarantined-files.txt 2008-02-14 06:40:25
ComboFix2.txt 2008-02-03 00:53:24
ComboFix3.txt 2007-06-13 19:51:35
ComboFix4.txt 2007-04-29 04:34:45

#20
koko_crunch

Posted 15 February 2008 - 07:03 PM

Trusted Helper

Retired Staff
1,751 posts

Look better, but we're not done yet...

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Then

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Please post complete contents of logs,

-DSS log main and extra
-Kaspersky log

#21
dragues

Posted 18 February 2008 - 07:22 AM

Member

Topic Starter
Member
74 posts

Hi, thanx again. Here are the logs:

Deckard's System Scanner v20071014.68
Run by RODRIGO on 2008-02-17 17:01:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --
2: 2008-02-18 00:02:08 UTC - RP229 - Deckard's System Scanner Restore Point
1: 2008-02-17 00:22:26 UTC - RP228 - Punto de control del sistema

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 495 MiB (512 MiB recommended).
System Drive C: has 0.22 GiB (less than 15%) free.

-- HijackThis (run as RODRIGO.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-17 17:04:24
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Grisoft\AVG7\avgamsvr.exe
C:\Archivos de programa\Grisoft\AVG7\avgupsvc.exe
C:\Archivos de programa\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\bgsvcgen.exe
C:\WINNT\system32\gearsec.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\vsnp2std.exe
C:\Archivos de programa\Grisoft\AVG7\avgcc.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqste08.exe
C:\Archivos de programa\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Java\jre1.6.0_02\bin\jucheck.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\FlashGet\flashget.exe
C:\WINNT\system32\HPZipm12.exe
C:\Documents and Settings\RODRIGO\Escritorio\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Archivos de programa\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] C:\Archivos de programa\Archivos comunes\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Archivos de programa\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Archivos de programa\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Archivos de programa\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Archivos de programa\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: &Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202949600375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1177984708531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553570000} () - http://fpdownload.ma...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{345A4A25-B8A0-4A9F-A3DF-4894A5EB9772}: NameServer = 210.131.249.33
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{BE125042-60B0-42D1-98B5-0C4A727DAD96}: NameServer = 210.131.249.33
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINNT\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Archivos de programa\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe

--
End of file - 9801 bytes

-- HijackThis Fixed Entries (C:\HT\backups\) -----------------------------------

backup-20070429-212008-106 O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100407} - (no file)
backup-20070429-212008-253 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20070429-212008-286 O21 - SSODL: iebrowser - {955C3855-D505-4031-98FA-D788CB76E359} - C:\WINNT\iebrowser.dll (file missing)
backup-20070429-212008-326 O2 - BHO: (no name) - {c3118923-599b-47bd-86ba-ea608630efb2} - C:\WINNT\system32\dbmqmf.dll (file missing)
backup-20070429-212008-329 O20 - Winlogon Notify: __c0088B19 - C:\WINNT\System32\__c0088B19.dat (file missing)
backup-20070429-212008-343 O4 - HKLM\..\Run: [xx_Shell] C:\Documents and Settings\RODRIGO\xx_egjv.exe
backup-20070429-212008-409 O2 - BHO: VPNS System - {9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4} - C:\WINNT\dxdiag.dll (file missing)
backup-20070429-212008-424 O21 - SSODL: msvcrt62.dll - {D7755903-0D63-42D0-B742-99DA188A4DFE} - msvcrt62.dll (file missing)
backup-20070429-212008-542 O20 - Winlogon Notify: dbmqmf - dbmqmf.dll (file missing)
backup-20070429-212008-929 O20 - Winlogon Notify: wudb - C:\WINNT\System32\wudb.dll (file missing)
backup-20070429-212008-970 O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINNT\System32\tmp43.tmp.dll
backup-20070501-173913-325 O4 - HKLM\..\Run: [HP Software Update] c:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
backup-20070501-173913-358 O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
backup-20070501-173913-535 O4 - HKCU\..\Run: [updateMgr] C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
backup-20070501-173913-546 O4 - HKLM\..\Run: [HPHUPD08] C:\Archivos de programa\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
backup-20070501-173913-721 O4 - HKLM\..\Run: [MimBoot] C:\ARCHIV~1\MUSICM~1\MUSICM~1\mimboot.exe
backup-20070501-173913-878 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
backup-20070614-091148-246 O21 - SSODL: cgRhiAk - {20ACFFE5-8A06-554F-6517-B3DA59EC82C4} - C:\WINNT\System32\cjyz.dll
backup-20070614-091148-282 O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documentos\Settings\bot.dll
backup-20070614-091314-595 O21 - SSODL: cgRhiAk - {20ACFFE5-8A06-554F-6517-B3DA59EC82C4} - C:\WINNT\System32\cjyz.dll
backup-20070614-091314-656 O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documentos\Settings\bot.dll
backup-20070614-091623-787 O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documentos\Settings\bot.dll
backup-20070614-092116-304 O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documentos\Settings\bot.dll (file missing)
backup-20070615-114045-326 O21 - SSODL: cgRhiAk - {20ACFFE5-8A06-554F-6517-B3DA59EC82C4} - C:\WINNT\System32\cjyz.dll (file missing)
backup-20080127-202906-633 O4 - HKCU\..\Run: [Pando] "C:\Archivos de programa\Pando Networks\Pando\Pando.exe" /Minimized
backup-20080127-202906-647 O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwe...er/dbplugin.cab
backup-20080127-202906-665 O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...l...p;unknown
backup-20080127-202906-843 O4 - HKCU\..\Run: [Outerinfo] "C:\Archivos de programa\Outerinfo\Outerinfo.exe"
backup-20080127-202906-853 O4 - HKLM\..\Run: [MalwareCrush] C:\Archivos de programa\MalwareCrush\MalwareCrush.exe /h
backup-20080127-202906-874 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20080127-202907-390 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
backup-20080127-202907-678 O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel...r/mmsPlayer.cab
backup-20080127-202908-654 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
backup-20080127-202908-692 O20 - Winlogon Notify: ljjihhf - ljjihhf.dll (file missing)
backup-20080127-202908-748 O23 - Service: DomainService - Unknown owner - C:\WINNT\System32\qveomgti.exe (file missing)
backup-20080127-202908-765 O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\winnt\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 SASDIFSV - c:\archivos de programa\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\archivos de programa\superantispyware\saskutil.sys
R3 SMBios (Intel ® System Management BIOS Service) - c:\winnt\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>
R3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\winnt\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>

S3 catchme - c:\docume~1\rodrigo\config~1\temp\catchme.sys (file missing)
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\winnt\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 jswmidin - c:\docume~1\rodrigo\config~1\temp\jswmidin.sys (file missing)
S3 SASENUM - c:\archivos de programa\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S4 Parallel (Controlador de clase paralelo) - c:\winnt\system32\drivers\parallel.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvcgen (B's Recorder GOLD Library General Service) - "c:\winnt\system32\bgsvcgen.exe" <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
R2 GEARSecurity - c:\winnt\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>

S4 NMIndexingService - "c:\archivos de programa\archivos comunes\ahead\lib\nmindexingservice.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Controladora de bus serie universal(USB)
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_485A8086&REV_02\3&267A616A&0&EF
Manufacturer:
Name: Controladora de bus serie universal(USB)
PNP Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_485A8086&REV_02\3&267A616A&0&EF
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-02-17 17:00:00 346 --a------ C:\WINNT\Tasks\At18.job
2008-02-17 16:00:00 346 --a------ C:\WINNT\Tasks\At17.job
2008-02-17 15:00:00 346 --a------ C:\WINNT\Tasks\At16.job
2008-02-17 14:00:00 346 --a------ C:\WINNT\Tasks\At15.job
2008-02-17 13:00:00 346 --a------ C:\WINNT\Tasks\At14.job
2008-02-17 12:00:00 346 --a------ C:\WINNT\Tasks\At13.job
2008-02-17 11:00:00 346 --a------ C:\WINNT\Tasks\At12.job
2008-02-17 10:00:00 346 --a------ C:\WINNT\Tasks\At11.job
2008-02-17 09:00:00 346 --a------ C:\WINNT\Tasks\At10.job
2008-02-17 08:00:00 346 --a------ C:\WINNT\Tasks\At9.job
2008-02-17 07:00:00 346 --a------ C:\WINNT\Tasks\At8.job
2008-02-17 06:00:00 346 --a------ C:\WINNT\Tasks\At7.job
2008-02-17 05:00:00 346 --a------ C:\WINNT\Tasks\At6.job
2008-02-17 04:00:00 346 --a------ C:\WINNT\Tasks\At5.job
2008-02-17 03:00:00 346 --a------ C:\WINNT\Tasks\At4.job
2008-02-17 02:00:00 346 --a------ C:\WINNT\Tasks\At3.job
2008-02-17 01:00:00 346 --a------ C:\WINNT\Tasks\At2.job
2008-02-17 00:00:00 346 --a------ C:\WINNT\Tasks\At1.job
2008-02-16 23:00:00 346 --a------ C:\WINNT\Tasks\At24.job
2008-02-16 22:00:00 346 --a------ C:\WINNT\Tasks\At23.job
2008-02-16 21:00:00 346 --a------ C:\WINNT\Tasks\At22.job
2008-02-16 20:00:00 346 --a------ C:\WINNT\Tasks\At21.job
2008-02-16 19:00:00 346 --a------ C:\WINNT\Tasks\At20.job
2008-02-16 18:00:00 346 --a------ C:\WINNT\Tasks\At19.job

-- Files created between 2008-01-17 and 2008-02-17 -----------------------------

2008-02-13 23:31:20 68096 --a------ C:\WINNT\System32\zip.exe
2008-02-13 23:31:20 98816 --a------ C:\WINNT\System32\sed.exe
2008-02-13 23:31:20 80412 --a------ C:\WINNT\System32\grep.exe
2008-02-13 23:31:20 73728 --a------ C:\WINNT\System32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-12 23:55:00 0 d-------- C:\VundoFix Backups
2008-02-05 11:12:42 470 --a------ C:\WINNT\eReg.dat
2008-02-05 11:09:03 0 d-------- C:\Archivos de programa\EA SPORTS
2008-02-04 19:41:07 0 d-------- C:\Documents and Settings\RODRIGO\LimeWire Store Purchased
2008-02-03 07:32:42 43520 --a------ C:\WINNT\System32\CmdLineExt03.dll
2008-02-03 07:25:52 0 d-------- C:\Archivos de programa\THQ
2008-02-02 17:53:27 0 d-------- C:\Documents and Settings\RODRIGO\Configuraci¾n local
2008-01-30 16:43:45 0 d-------- C:\Archivos de programa\iPod
2008-01-30 16:43:44 0 d-------- C:\Archivos de programa\iTunes
2008-01-27 12:48:16 0 d-------- C:\UbiSoft
2008-01-26 11:17:55 0 dr-h----- C:\$VAULT$.AVG
2008-01-26 10:54:30 0 d-------- C:\WINNT\ERUNT
2008-01-26 10:48:55 3006 --a------ C:\WINNT\System32\tmp.reg
2008-01-21 23:03:33 0 d-------- C:\Archivos de programa\Archivos comunes\Skype

-- Find3M Report ---------------------------------------------------------------

2008-02-17 16:57:55 0 d-------- C:\Archivos de programa\FlashGet
2008-02-17 08:00:09 0 d-------- C:\Documents and Settings\RODRIGO\Datos de programa\AVG7
2008-02-16 16:31:27 0 d-------- C:\Documents and Settings\RODRIGO\Datos de programa\Skype
2008-02-16 16:05:57 0 d-------- C:\Documents and Settings\RODRIGO\Datos de programa\skypePM
2008-02-07 18:48:31 0 d-------- C:\Documents and Settings\RODRIGO\Datos de programa\LimeWire
2008-02-05 11:09:02 0 d--h----- C:\Archivos de programa\InstallShield Installation Information
2008-02-05 00:12:08 0 d-------- C:\Archivos de programa\Google
2008-02-04 19:39:43 0 d-------- C:\Archivos de programa\LimeWire
2008-01-30 16:50:13 0 d-------- C:\Documents and Settings\RODRIGO\Datos de programa\Apple Computer
2008-01-22 23:43:33 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe
2008-01-22 16:17:39 0 d-------- C:\Documents and Settings\RODRIGO\Datos de programa\uTorrent
2008-01-21 23:03:35 0 d-------- C:\Archivos de programa\Skype
2008-01-21 23:03:33 0 d-a------ C:\Archivos de programa\Archivos comunes

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [24/08/2001 05:00 a.m. C:\WINNT\system32\mobsync.exe]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 02:00 a.m.]
"RemoteControl"="C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [14/03/2007 07:01 p.m.]
"LanguageShortcut"="C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe" [07/02/2007 02:21 p.m.]
"snp2std"="C:\WINNT\vsnp2std.exe" [05/01/2006 10:57 p.m.]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [29/06/2007 06:24 a.m.]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06 a.m.]
"AVG7_CC"="C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe" [26/01/2008 10:21 a.m.]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [15/10/2003 04:24 p.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\System32\ctfmon.exe" [24/08/2001 05:00 a.m.]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe" []
"MsnMsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.exe" [14/09/2007 12:43 p.m.]
"Skype"="C:\Archivos de programa\Skype\Phone\Skype.exe" [07/12/2007 03:08 p.m.]
"AdobeUpdater"="C:\Archivos de programa\Archivos comunes\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 10:37 a.m.]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Archivos de programa\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
HP Digital Imaging Monitor.lnk - C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [11/05/2005 10:23:26 p.m.]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 11:55 a.m. 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 10:39 a.m. 282624 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Archivos de programa\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Archivos de programa\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Archivos de programa\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
"C:\Archivos de programa\uTorrent\utorrent.exe"

-- End of Deckard's System Scanner: finished at 2008-02-17 17:05:24 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: Spanish

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 494.73 MiB / 199.07 MiB
Pagefile Memory (total/avail): 1157.39 MiB / 806.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.23 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 0.22 GiB free.
D: is Fixed (NTFS) - 37.26 GiB total, 0.06 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3120022A - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Sistema de archivos instalables - 111.78 GiB - C:

\\.\PHYSICALDRIVE1 - ST340810A - 37.27 GiB - 1 partition
\PARTITION0 - Sistema de archivos instalables - 37.26 GiB - D:

\\.\PHYSICALDRIVE2 - HP Photosmart 7800 USB Device

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\RODRIGO\Datos de programa
CLASSPATH=.;C:\Archivos de programa\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Archivos de programa\Archivos comunes
COMPUTERNAME=RODRIGO-INTEL
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\RODRIGO
LOGONSERVER=\\RODRIGO-INTEL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\wbem;C:\Archivos de programa\QuickTime\QTSystem;C:\Archivos de programa\Internet Explorer;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Archivos de programa
PROMPT=$P$G
QTJAVA=C:\Archivos de programa\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\RODRIGO\CONFIG~1\Temp
TMP=C:\DOCUME~1\RODRIGO\CONFIG~1\Temp
USERDOMAIN=RODRIGO-INTEL
USERNAME=RODRIGO
USERPROFILE=C:\Documents and Settings\RODRIGO
windir=C:\WINNT

-- User Profiles ---------------------------------------------------------------

RODRIGO (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINNT\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINNT\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINNT\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Español --> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
AnyDVD --> "C:\Archivos de programa\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Archivos de programa\SlySoft\AnyDVD"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Astrotite 3.1 Lite Version --> C:\Archivos de programa\Astrotite 3.1 Lite Version\uninstall.exe
AVG 7.5 --> C:\Archivos de programa\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CloneCD --> "C:\Archivos de programa\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Archivos de programa\SlySoft\CloneCD"
Compresor WinRAR --> C:\Archivos de programa\WinRAR\uninstall.exe
DivX Content Uploader --> C:\Archivos de programa\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Archivos de programa\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Archivos de programa\DVD Shrink\unins000.exe"
F1 2001 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{9ADABEC9-B641-488A-00AE-50FC9D99CA4F}\setup.exe" -l0xa Uninstall
F1 Racing Championship --> C:\WINNT\UbiSoft\SetupUbi.exe -uninstall F1 Racing Championship
FlashFXP v3 --> "C:\Archivos de programa\FlashFXP\Uninstall.exe" "C:\Archivos de programa\FlashFXP\install.log" -u
FlashGet(Jetcar) 1.81 --> C:\ARCHIV~1\FlashGet\_UNWISE.EXE
HachaPro --> C:\Archivos de programa\HachaPro\uninstall.exe
HijackThis 1.99.1 --> C:\DOCUME~1\RODRIGO\CONFIG~1\Temp\Rar$EX00.469\HijackThis.exe /uninstall
HP Imaging Device Functions 5.3 --> C:\Archivos de programa\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Archivos de programa\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Archivos de programa\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINNT\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B523DD96-3363-4B67-8B99-118845461D77}
IUS 2006 Segundo Semestre --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{6ABC2F4D-2333-430F-A39F-03E56A9D0839}\setup.exe" UNINSTALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 3.5.3 --> "C:\Archivos de programa\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINNT\System32\KASPER~1\KASPER~1\kavuninstall.exe
LimeWire PRO 4.16.0 --> "C:\Archivos de programa\LimeWire\uninstall.exe"
Los Increíbles --> MsiExec.exe /X{DD0C811C-4BFA-4715-95E4-AB1644929A08}
Messenger Plus! Live --> "C:\Archivos de programa\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110C0A-6000-11D3-8CFE-0150048383C9}
mIRC --> "C:\Archivos de programa\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.12) --> C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe
Musicmatch® Jukebox --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
My DSC --> C:\Archivos de programa\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
Nero 7 Lite 7.9.6.0 --> "C:\Archivos de programa\Nero\unins001.exe"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Oni --> C:\WINNT\unvise32.exe C:\Archivos de programa\Oni\uninstal.log
OpenP2M --> C:\WINNT\System32\javaws.exe -uninstall -prompt "http://www.opem.xpg....r/OpenP2M.jnlp"
OpenP2M for Java 1.6 --> C:\WINNT\System32\javaws.exe -uninstall -prompt "http://www.cin.ufpe..../OpenP2M6.jnlp"
Paquete de compatibilidad para 2007 Office system --> MsiExec.exe /X{90120000-0020-0C0A-0000-0000000FF1CE}
PC Camera (6029 CIF) --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{54DC27A1-2708-421E-8915-119955DB3B92}\setup.exe" -l0x9
Peer2Mail (remove only) --> "C:\Archivos de programa\Peer2Mail\uninst.exe"
PowerDVD Ultra --> "C:\Archivos de programa\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x00040a /z-uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
QuickTime Alternative 1.81 --> "C:\Archivos de programa\QuickTime Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Revisión de Windows XP - KB823980 --> C:\WINNT\$NtUninstallKB823980$\spuninst\spuninst.exe
Revisión de Windows XP - KB842773 --> C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Subtitle Workshop 2.51 --> "C:\Archivos de programa\URUSoft\Subtitle Workshop\uninstall.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TMPGEnc DVD Author 3 with DivX Authoring --> MsiExec.exe /I{BB59851C-44A5-44B3-8EAE-5C4FE45323E9}
Unlocker 1.8.5 --> C:\Archivos de programa\Unlocker\uninst.exe
Utilidad Restauración iPod --> MsiExec.exe /X{91A2689C-D4B1-43BB-A521-0E29B963FC56}
Winamp (remove only) --> "C:\Archivos de programa\Winamp\UninstWA.exe"
Windows Installer 3.0 (KB884016) --> C:\WINNT\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe
Windows Live Messenger --> MsiExec.exe /I{1692CC0E-8798-493A-9580-23555E21C14B}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Service Pack 1a --> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type3035 / Error
Event Submitted/Written: 02/17/2008 04:41:27 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplicación que no responde: iexplore.exe, versión 6.0.2800.1106, módulo que no responde ntdll.dll, versión 5.1.2600.1106, dirección que no responde 0x0000793d.

Event Record #/Type2996 / Error
Event Submitted/Written: 02/17/2008 09:31:06 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplicación que no responde: msnmsgr.exe, versión 8.1.178.0, módulo que no responde ContactsUX.dll, versión 8.1.178.0, dirección que no responde 0x0000ee9e.

Event Record #/Type2928 / Error
Event Submitted/Written: 02/16/2008 08:00:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicación con errores: iexplore.exe, versión: 6.0.2800.1106, módulo con error: mshtml.dll, versión 6.0.2800.1106, dirección de error 0x000d887d.

Event Record #/Type2911 / Success
Event Submitted/Written: 02/16/2008 09:31:33 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2909 / Warning
Event Submitted/Written: 02/16/2008 09:14:48 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
La regla de enrutamiento de salida no es válida porque no puede encontrar un dispositivo válido. No se enrutarán los faxes salientes que usan esta regla. Compruebe que el dispositivo o dispositivos de destino (si se enrutó a un grupo de dispositivos) están conectados, instalados correctamente y encendidos. Si se enrutó a un grupo, compruebe que el grupo está configurado correctamente.
Código de país o región: "*"
Código de área: "*"

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type50461 / Error
Event Submitted/Written: 02/17/2008 05:05:00 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
El servicio GEARSecurity ha devuelto un estado actual 0 no válido.

Event Record #/Type50460 / Error
Event Submitted/Written: 02/17/2008 05:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
No se puede ejecutar el comando At18.job debido al siguiente error:
%%2147942402

Event Record #/Type50459 / Error
Event Submitted/Written: 02/17/2008 04:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
No se puede ejecutar el comando At17.job debido al siguiente error:
%%2147942402

Event Record #/Type50458 / Error
Event Submitted/Written: 02/17/2008 03:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
No se puede ejecutar el comando At16.job debido al siguiente error:
%%2147942402

Event Record #/Type50457 / Error
Event Submitted/Written: 02/17/2008 02:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
No se puede ejecutar el comando At15.job debido al siguiente error:
%%2147942402

-- End of Deckard's System Scanner: finished at 2008-02-17 17:05:24 ------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 18, 2008 7:18:40 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 570227
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 114626
Number of viruses found: 8
Number of infected objects: 19
Number of suspicious objects: 0
Duration of the scan process: 03:33:30

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Archivos de programa\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\RODRIGO\CONFIG~1\Temp\~DF2FD.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\RODRIGO\CONFIG~1\Temp\~DF308.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\RODRIGO\CONFIG~1\Temp\~DF8113.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\RODRIGO\CONFIG~1\Temp\~DF8128.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\RODRIGO\CONFIG~1\Temp\~DF8D06.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\RODRIGO\CONFIG~1\Temp\~DF8D11.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\RODRIGO\CONFIG~1\Temp\~DFC08.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\RODRIGO\CONFIG~1\Temp\~DFC4F.tmp Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Archivos temporales de Internet\Content.IE5\B5G1H6RQ\mando[1].png Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\dfsr.db Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\fsr.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\fsrtmp.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\tmp.edb Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\dfsr.db Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\fsr.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\fsrtmp.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\tmp.edb Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\dfsr.db Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\fsr.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\fsrtmp.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6820_AD2A_20AC_FFE4\tmp.edb Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Historial\History.IE5\MSHist012008021720080218\index.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Temp\fla2B6.tmp Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Temp\~DF664C.tmp Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Temp\~DF68B3.tmp Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Temp\~DF7D81.tmp Object is locked skipped
C:\Documents and Settings\RODRIGO\Configuración local\Temp\~DF7EDA.tmp Object is locked skipped
C:\Documents and Settings\RODRIGO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\cert8.db Object is locked skipped
C:\Documents and Settings\RODRIGO\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\history.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\key3.db Object is locked skipped
C:\Documents and Settings\RODRIGO\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\parent.lock Object is locked skipped
C:\Documents and Settings\RODRIGO\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\search.sqlite Object is locked skipped
C:\Documents and Settings\RODRIGO\Datos de programa\Mozilla\Firefox\Profiles\l623z33l.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\RODRIGO\Escritorio\SDFix\backups\backups.zip/backups/b128.exe/stream/data0002/dat

#22
dragues

Posted 18 February 2008 - 07:24 AM

Member

Topic Starter
Member
74 posts

C:\Documents and Settings\RODRIGO\Escritorio\SDFix\backups\backups.zip/backups/b128.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Documents and Settings\RODRIGO\Escritorio\SDFix\backups\backups.zip/backups/b128.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\RODRIGO\Escritorio\SDFix\backups\backups.zip/backups/b128.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\RODRIGO\Escritorio\SDFix\backups\backups.zip/backups/b128.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\RODRIGO\Escritorio\SDFix\backups\backups.zip ZIP: infected - 5 skipped
C:\Documents and Settings\RODRIGO\Escritorio\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\RODRIGO\Escritorio\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\RODRIGO\Escritorio\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\RODRIGO\Escritorio\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\RODRIGO\Mis documentos\Gloria\Gloria\Msn\Mis conversaciones\Febrero 2008\Eventos registrados.txt Object is locked skipped
C:\Documents and Settings\RODRIGO\ntuser.dat Object is locked skipped
C:\Documents and Settings\RODRIGO\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Ofb1\Ofb1.dll Infected: not-a-virus:AdWare.Win32.BHO.jv skipped
C:\QooBox\Quarantine\C\winfaiu.exe.vir Infected: Trojan.Win32.Agent.cyt skipped
C:\QooBox\Quarantine\C\winlxpw.exe.vir Infected: Trojan.Win32.Agent.cyt skipped
C:\QooBox\Quarantine\C\WINNT\system32\2cE8eF3y.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.gw skipped
C:\QooBox\Quarantine\C\WINNT\system32\82kbUp3Y.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.gw skipped
C:\QooBox\Quarantine\C\winvlwv.exe.vir Infected: Trojan.Win32.Agent.cyt skipped
C:\RESPALDO\RESPALDO\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\system.LOG Object is locked skipped
C:\WINNT\system32\drivers\sptd.sys Object is locked skipped
C:\WINNT\system32\h323log.txt Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINNT\wiadebug.log Object is locked skipped
C:\WINNT\wiaservc.log Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

#23
koko_crunch

Posted 22 February 2008 - 11:25 AM

Trusted Helper

Retired Staff
1,751 posts

Sorry for the delay... The log looks better...

On to the next step...

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
C:\Program Files\Ofb1\Ofb1.dll
C:\Documents and Settings\RODRIGO\Escritorio\SDFix
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Finally,

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) 6 Update 4 and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications".
Click the "Download" button to the right.
Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

Please post back with OTmoveIt log...

#24
dragues

Posted 01 March 2008 - 10:05 PM

Member

Topic Starter
Member
74 posts

Hi, sorry for the delay. I went out on vacation. Thanx again.

Here is the log:

LoadLibrary failed for C:\Program Files\Ofb1\Ofb1.dll
C:\Program Files\Ofb1\Ofb1.dll NOT unregistered.
C:\Program Files\Ofb1\Ofb1.dll moved successfully.
C:\Documents and Settings\RODRIGO\Escritorio\SDFix\backups moved successfully.
C:\Documents and Settings\RODRIGO\Escritorio\SDFix\apps\Replace\xp moved successfully.
C:\Documents and Settings\RODRIGO\Escritorio\SDFix\apps\Replace\w2k moved successfully.
C:\Documents and Settings\RODRIGO\Escritorio\SDFix\apps\Replace moved successfully.
C:\Documents and Settings\RODRIGO\Escritorio\SDFix\apps moved successfully.
C:\Documents and Settings\RODRIGO\Escritorio\SDFix moved successfully.

OTMoveIt2 v1.0.20 log created on 02232008_232117

#25
koko_crunch

Posted 07 March 2008 - 06:54 AM

Trusted Helper

Retired Staff
1,751 posts

Sorry for the delay.
Been quite busy lately. Hope you enjoyed your vacation.

The log looks good...

Now, time for some housekeeping

Click START then RUN
Now type Combofix /u in the runbox and click OK
When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

Then,

Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Finally, another scan just to make sure...

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

We're almost done here...
Please post contents of ActiveScan log and a report on how your system is performing...

#26
koko_crunch

Posted 08 April 2008 - 11:54 AM

Trusted Helper

Retired Staff
1,751 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.