Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow pc, trojans or malware suspected [RESOLVED]

Started by cuervo77 , Mar 09 2008 09:58 PM

  • This topic is locked This topic is locked

#1
cuervo77
Posted 09 March 2008 - 09:58 PM

cuervo77

    Member

  • Member
  • PipPip
  • 19 posts
Hello,
For sometime now IE7 is closing when I open my Hotmail or some other pages, it closes suddenly. I tried to uninstall it but it keeps closing. I disable the addons but it didnt work.
And now when I´m surfing on Firefox it stops working and I have to start the program again. The page go blank and I have to start over.
I use Superantispyware and Adaware frecuently and use Tuneup Utilities to keep everything ok.
I really dont know whats happening, also my Pc is slow at startup and when I close it but the system is already optimized (or so I think). Maybe I screw up something but I suspect is some kind of infection.
This is the hijack this log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:07 p.m., on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\TuneUp Utilities 2008\memoptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Archivos de programa\TuneUp Utilities 2008\memoptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F656BE73-6269-4AB7-B7EC-1FFFF67DB56B}: NameServer = 200.48.225.130,200.48.225.146
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Archivos de programa\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Archivos de programa\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Servicio Lector del diario USN de Carpetas para compartir de Messenger (usnjsvc) - Unknown owner - C:\Archivos de programa\MSN Messenger\usnsvc.exe (file missing)

--
End of file - 6579 bytes

Please help me, I would really apreciate it.
Albert
  • 0

Advertisements

#2
Rorschach112
Posted 13 March 2008 - 11:39 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
cuervo77
Posted 14 March 2008 - 04:13 PM

cuervo77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello and thanks for the help,
these are the DSS files:

Main:

Deckard's System Scanner v20071014.68
Run by pc on 2008-03-14 15:03:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2008-03-14 20:03:57 UTC - RP20 - Deckard's System Scanner Restore Point
19: 2008-03-13 18:30:09 UTC - RP19 - Punto de control del sistema
18: 2008-03-12 18:04:44 UTC - RP18 - Software Distribution Service 3.0
17: 2008-03-12 02:51:31 UTC - RP17 - Quitado Java™ 6 Update 3
16: 2008-03-12 02:47:37 UTC - RP16 - Instalado Java™ 6 Update 5


-- First Restore Point --
1: 2008-03-09 01:37:40 UTC - RP1 - Punto de control del sistema


Performed disk cleanup.



-- HijackThis (run as pc.exe) --------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-14 15:04:15
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
C:\Archivos de programa\Alwil Software\Avast4\ashDisp.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\TuneUp Utilities 2008\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\pc\Escritorio\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.pe/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Archivos de programa\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Archivos de programa\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Archivos de programa\TuneUp Utilities 2008\memoptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{F656BE73-6269-4AB7-B7EC-1FFFF67DB56B}: NameServer = 200.48.225.130,200.48.225.146
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Archivos de programa\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Archivos de programa\Spyware Doctor\swdsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe
O23 - Service: Servicio Lector del diario USN de Carpetas para compartir de Messenger (usnjsvc) - Unknown owner - C:\Archivos de programa\MSN Messenger\usnsvc.exe


--
End of file - 8100 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - jsfile - DefaultIcon - "C:\Archivos de programa\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Archivos de programa\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\archivos de programa\superantispyware\sasdifsv.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Windows ® 2000 DDK provider; OSA I/O Port Driver Version 1.0.5>
R2 SIODRV - c:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>
R3 smbusp (Intel® SMBus 2.0 Driver) - c:\windows\system32\drivers\intelsmb.sys <Not Verified; Intel Corporation; Intel® SMBus Controller>

S0 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys (file missing)
S1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys (file missing)
S1 IKSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys (file missing)
S1 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 genmcmn (Scroll Mouse Driver) - c:\windows\system32\drivers\gmfiltr.sys (file missing)
S3 SASENUM - c:\archivos de programa\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ANIWZCSdService (ANIWZCSd Service) - c:\archivos de programa\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
R2 Apple Mobile Device - "c:\archivos de programa\archivos comunes\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Servicio Bonjour) - "c:\archivos de programa\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 iHCService (Intel® Desktop Utilities Service) - "c:\program files\intel\idu\iduserv.exe" <Not Verified; OSA Technologies, Inc.; Intel® Desktop Utilities>

S2 sdAuxService (PC Tools Auxiliary Service) - c:\archivos de programa\spyware doctor\svcntaux.exe (file missing)
S2 sdCoreService (PC Tools Security Service) - c:\archivos de programa\spyware doctor\swdsvc.exe (file missing)
S3 FLEXnet Licensing Service - "c:\archivos de programa\archivos comunes\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 usnjsvc (Servicio Lector del diario USN de Carpetas para compartir de Messenger) - "c:\archivos de programa\msn messenger\usnsvc.exe" (file missing)
S4 NMIndexingService - "c:\archivos de programa\archivos comunes\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)
Device ID: PCI\VEN_1814&DEV_0302&SUBSYS_3C091186&REV_00\4&23C0B1C&0&08F0
Manufacturer: D-Link
Name: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)
PNP Device ID: PCI\VEN_1814&DEV_0302&SUBSYS_3C091186&REV_00\4&23C0B1C&0&08F0
Service: RT61


-- Scheduled Tasks -------------------------------------------------------------

2008-02-29 17:18:04 384 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-02-14 and 2008-03-14 -----------------------------

2008-03-12 12:05:19 0 d-------- C:\Archivos de programa\Combined Community Codec Pack
2008-03-10 11:36:33 335 --a------ C:\WINDOWS\mozregistry.dat
2008-03-10 11:11:47 0 d-------- C:\Archivos de programa\eMule
2008-03-10 11:11:47 0 d-------- C:\Archivos de programa\CyberLink
2008-03-10 11:11:47 0 d-------- C:\Archivos de programa\Corel Painter IX.5
2008-03-10 11:11:46 0 d-------- C:\Archivos de programa\Yahoo!
2008-03-10 11:11:46 0 d-------- C:\Archivos de programa\VideoLAN
2008-03-10 11:11:42 0 d-------- C:\Archivos de programa\Stardock
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\Skype
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\PowerTab Editor
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\PFConfig
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\Online Services
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\Nero
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\Microsoft Works
2008-03-10 11:11:40 0 d-------- C:\Archivos de programa\InterVideo Information Service
2008-03-10 11:11:40 0 d-------- C:\Archivos de programa\Intelore
2008-03-10 11:11:39 0 d-------- C:\Archivos de programa\Illustrate
2008-03-10 11:11:39 0 d-------- C:\Archivos de programa\GlobalSCAPE
2008-03-10 11:11:39 0 d-------- C:\Archivos de programa\AusLogics Disk Defrag
2008-03-08 23:48:15 0 d-------- C:\Archivos de programa\Trend Micro
2008-03-08 23:34:02 0 d-------- C:\Archivos de programa\Windows Live Safety Center
2008-03-08 18:37:16 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-08 18:37:16 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-08 18:37:16 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-08 18:37:16 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-06 19:36:09 0 d--h----- C:\WINDOWS\PIF
2008-02-22 19:15:47 0 d-------- C:\Archivos de programa\Archivos comunes\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2008-03-14 10:33:55 0 d-------- C:\Archivos de programa\LimeWire
2008-03-14 10:22:52 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-12 15:27:00 0 d-------- C:\Documents and Settings\pc\Datos de programa\uTorrent
2008-03-11 21:50:53 0 d-------- C:\Archivos de programa\Java
2008-03-10 11:12:04 0 d-------- C:\Documents and Settings\pc\Datos de programa\WinPatrol
2008-03-10 11:11:58 0 d-------- C:\Archivos de programa\uTorrent
2008-03-10 11:11:49 0 d-------- C:\Archivos de programa\Lavasoft
2008-03-10 11:11:49 0 d-------- C:\Archivos de programa\EvilLyrics
2008-03-09 18:13:30 0 d-------- C:\Archivos de programa\Windows Media Connect 2
2008-03-09 17:29:00 0 d-------- C:\Archivos de programa\Soulseek
2008-03-09 16:49:24 0 d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-03-08 19:18:35 0 d-------- C:\Archivos de programa\iTunes
2008-03-08 19:18:24 0 d-------- C:\Archivos de programa\iPod
2008-03-08 19:17:38 0 d-------- C:\Archivos de programa\QuickTime
2008-03-08 19:03:22 0 d-------- C:\Documents and Settings\pc\Datos de programa\Leadertech
2008-03-08 18:57:02 0 d-------- C:\Documents and Settings\pc\Datos de programa\Adobe
2008-03-08 18:50:25 3407 --a------ C:\WINDOWS\mozver.dat
2008-03-08 18:29:54 0 d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-03-08 18:05:38 0 d-------- C:\Archivos de programa\SpywareBlaster
2008-03-06 20:33:18 0 d-------- C:\Documents and Settings\pc\Datos de programa\GlobalSCAPE
2008-03-06 20:32:58 0 d--h----- C:\Archivos de programa\InstallShield Installation Information
2008-03-06 00:13:04 0 d-------- C:\Documents and Settings\pc\Datos de programa\LimeWire
2008-03-05 19:29:50 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe
2008-02-28 18:36:02 0 d-------- C:\Documents and Settings\pc\Datos de programa\Alien Skin
2008-02-22 19:15:47 0 d-------- C:\Archivos de programa\Archivos comunes
2008-02-10 15:40:37 0 d-------- C:\Archivos de programa\Creative
2008-02-10 15:40:29 0 d--h----- C:\Archivos de programa\Creative Installation Information
2008-01-30 10:18:54 0 d-------- C:\Archivos de programa\Archivos comunes\Java
2008-01-26 14:00:33 0 d-------- C:\Documents and Settings\pc\Datos de programa\PrevxCSI
2008-01-18 17:53:07 0 d-------- C:\Documents and Settings\pc\Datos de programa\Winamp
2008-01-18 17:42:13 0 d-------- C:\Archivos de programa\Windows Installer Clean Up
2008-01-18 17:42:00 0 d-------- C:\Archivos de programa\MSECACHE
2008-01-18 17:31:44 0 d-------- C:\Archivos de programa\Winamp
2008-01-18 17:29:10 0 d-------- C:\Archivos de programa\Bonjour
2008-01-18 16:17:24 0 d-------- C:\Documents and Settings\pc\Datos de programa\Sunbelt Software
2008-01-18 16:02:41 0 d-------- C:\Archivos de programa\TuneUp Utilities 2008
2008-01-18 15:11:18 499240 --a------ C:\WINDOWS\system32\perfh00A.dat
2008-01-18 15:11:18 96852 --a------ C:\WINDOWS\system32\perfc00A.dat
2008-01-17 18:20:57 0 d-------- C:\Documents and Settings\pc\Datos de programa\SUPERAntiSpyware.com
2008-01-05 13:45:36 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe" [15/07/2005 04:48 p.m.]
"avast!"="C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 08:00 a.m.]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [19/02/2008 01:10 p.m.]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 a.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Archivos de programa\TuneUp Utilities 2008\memoptimizer.exe" [21/12/2007 03:17 p.m.]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 08:42 a.m.]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"=6 (0x6)
"NoSharedDocuments"=00000000
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 p.m. 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 08/03/2008 05:02 p.m. 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"CTSyncU.exe"="C:\Archivos de programa\Creative\Sync Manager Unicode\CTSyncU.exe"
"Realtek HD Audio Control Panel"=C:\Archivos de programa\Realtek\Audio\InstallShield\RTHDCPL.exe
"SUPERAntiSpyware"=C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=C:\WINDOWS\vVX1000.exe
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
"CTCheck"=C:\Archivos de programa\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"QuickTime Task"="C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2db0682e-cc15-11dc-a3e6-0015e92b055b}]
AutoRun\command- E:\AutoTransfer.exe




-- End of Deckard's System Scanner: finished at 2008-03-14 15:04:43 ------------

Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Spanish

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1021.73 MiB / 590.14 MiB
Pagefile Memory (total/avail): 2458.89 MiB / 2108.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.39 MiB

C: is Fixed (NTFS) - 39.06 GiB total, 21.34 GiB free.
D: is Fixed (NTFS) - 109.98 GiB total, 45.4 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160811AS - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Sistema de archivos instalables - 39.06 GiB - C:
\PARTITION1 - Extendido con Inter. 13 extendida - 109.98 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 080313-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"="C:\\Archivos de programa\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Archivos de programa\\Soulseek\\slsk.exe"="C:\\Archivos de programa\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Archivos de programa\\LimeWire\\LimeWire.exe"="C:\\Archivos de programa\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"="C:\\Archivos de programa\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Archivos de programa\\Microsoft LifeCam\\LifeCam.exe"="C:\\Archivos de programa\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Archivos de programa\\Microsoft LifeCam\\LifeExp.exe"="C:\\Archivos de programa\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"="C:\\Archivos de programa\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"="C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\iTunes\\iTunes.exe"="C:\\Archivos de programa\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\pc\Datos de programa
CLASSPATH=.;C:\Archivos de programa\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Archivos de programa\Archivos comunes
COMPUTERNAME=ALBERTO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\pc
LOGONSERVER=\\ALBERTO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Archivos de programa\ATI Technologies\ATI Control Panel;C:\Archivos de programa\Autodesk\Backburner;C:\Archivos de programa\Archivos comunes\Autodesk Shared;C:\Archivos de programa\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Archivos de programa
PROMPT=$P$G
QTJAVA=C:\Archivos de programa\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\pc\CONFIG~1\Temp
TMP=C:\DOCUME~1\pc\CONFIG~1\Temp
USERDOMAIN=ALBERTO
USERNAME=pc
USERPROFILE=C:\Documents and Settings\pc
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

pc (admin)
Daniela (admin)
Administrador (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Archivos de programa\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /nolog/l0x000a
--> "C:\Archivos de programa\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Archivos de programa\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /nolog/l0x0009
--> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0xa
--> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0xa
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actualización de seguridad para Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Actualización para Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Actualización para Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Archivos de programa\Archivos comunes\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Archivos de programa\Archivos comunes\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> C:\Archivos de programa\Archivos comunes\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{D7A53E41-3F32-4A44-989C-53DDEBB2130C}
Adobe Fireworks CS3 --> C:\Archivos de programa\Archivos comunes\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe
Adobe Fireworks CS3 --> MsiExec.exe /I{E16110F7-1C85-4675-99F4-7938F832C825}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Archivos de programa\Archivos comunes\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Archivos de programa\Archivos comunes\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Archivos de programa\Archivos comunes\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 - Espańol --> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{15C768E2-AB61-4DE3-952F-6B237A834951}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0 --> C:\Archivos de programa\Archivos comunes\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Archivos de programa\Archivos comunes\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AirPlus G --> C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0EA44599-1E9D-4517-A088-9588A9FAB211} /l1034
Alien Skin Exposure 2 --> C:\ARCHIV~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\EXPOSU~1\Unwise32.exe C:\ARCHIV~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\EXPOSU~1\INSTALL.LOG
ANIO Service --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Utilidad de desinstalación de software --> C:\Archivos de programa\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
µTorrent --> "C:\Archivos de programa\uTorrent\uTorrent.exe" /UNINSTALL
avast! Antivirus --> rundll32 C:\ARCHIV~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon iP4300 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x000a
CCleaner (remove only) --> "C:\Archivos de programa\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-01-24 --> "C:\Archivos de programa\Combined Community Codec Pack\unins000.exe"
Creative Software AutoUpdate --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0xa /remove
Creative ZEN --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0xa /remove
DFX 8 for Winamp --> "C:\Archivos de programa\Winamp\uninstall_dfx.exe"
Easy-WebPrint --> C:\WINDOWS\IsUn040a.exe -f"C:\Archivos de programa\Canon\Easy-WebPrint\Uninst.isu"
EvilLyrics --> "C:\Archivos de programa\EvilLyrics\uninst.exe"
FoxyTunes for Internet Explorer --> C:\Archivos de programa\FoxyTunes\ForInternetExplorer\Uninstall.exe
getPlus®_dll --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
Google Gmail Notifier --> "C:\Archivos de programa\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 1.99.1 --> C:\ARCHIV~1\HIJACK~1\HijackThis.exe /uninstall
Información del sistema de Creative --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0xa /remove
Intel® Desktop Utilities --> C:\Archivos de programa\Archivos comunes\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE1FD294-CF2A-4936-92F4-B1B778371627}
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam --> MsiExec.exe /X{CF097EEC-2D4A-471B-A02E-BFAED6598C55}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.12) --> C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe
Panel de Control de ATI --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerISO --> "C:\Archivos de programa\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek High Definition Audio Driver --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0xa -removeonly
Revisión para Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
SoulSeek Client 156c --> "C:\Archivos de programa\Soulseek\uninstall.exe"
SpywareBlaster 4.0 --> "C:\Archivos de programa\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Winamp --> "C:\Archivos de programa\Winamp\UninstWA.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger --> MsiExec.exe /I{1692CC0E-8798-493A-9580-23555E21C14B}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Archivos de programa\WinRAR\uninstall.exe
XMLinst --> MsiExec.exe /I{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}
ZEN Media Explorer --> "C:\Archivos de programa\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /nolog/l0x0009
ZENcast Organizer --> "C:\Archivos de programa\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /nolog/l0x0009


-- Application Event Log -------------------------------------------------------

Event Record #/Type686 / Error
Event Submitted/Written: 03/14/2008 10:21:25 AM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicación con errores: winamp.exe, versión: 5.5.2.1800, módulo con error: unknown, versión 0.0.0.0, dirección de error 0x1390a3fd.
Procesando suceso específico de medio para [winamp.exe!ws!]

Event Record #/Type685 / Error
Event Submitted/Written: 03/14/2008 10:20:26 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplicación que no responde: winamp.exe, versión 5.5.2.1800, módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Event Record #/Type610 / Error
Event Submitted/Written: 03/12/2008 01:03:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicación con errores: explorer.exe, versión: 6.0.2900.3156, módulo con error: unknown, versión 0.0.0.0, dirección de error 0x03b6c530.
Procesando suceso específico de medio para [explorer.exe!ws!]

Event Record #/Type579 / Error
Event Submitted/Written: 03/10/2008 09:09:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplicación con errores: explorer.exe, versión: 6.0.2900.3156, módulo con error: unknown, versión 0.0.0.0, dirección de error 0x05a8c530.
Procesando suceso específico de medio para [explorer.exe!ws!]

Event Record #/Type578 / Error
Event Submitted/Written: 03/10/2008 03:22:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplicación que no responde: firefox.exe, versión 1.8.20080.20121, módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type42814 / Error
Event Submitted/Written: 03/14/2008 02:53:52 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
El controlador de inicialización siguiente no se cargó correctamente:
BANTExt
IKFileSec
IKSysFlt
IKSysSec

Event Record #/Type42813 / Error
Event Submitted/Written: 03/14/2008 02:53:52 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
El servicio PC Tools Security Service no pudo iniciarse debido al siguiente error:
%%2

Event Record #/Type42812 / Error
Event Submitted/Written: 03/14/2008 02:53:52 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
El servicio PC Tools Auxiliary Service no pudo iniciarse debido al siguiente error:
%%2

Event Record #/Type42763 / Error
Event Submitted/Written: 03/14/2008 09:46:05 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
El controlador de inicialización siguiente no se cargó correctamente:
BANTExt
IKFileSec
IKSysFlt
IKSysSec

Event Record #/Type42762 / Error
Event Submitted/Written: 03/14/2008 09:46:05 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
El servicio PC Tools Security Service no pudo iniciarse debido al siguiente error:
%%2



-- End of Deckard's System Scanner: finished at 2008-03-14 15:04:43 ------------

And this is the Kaspersky Report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 14, 2008 5:11:34 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/03/2008
Kaspersky Anti-Virus database records: 630142
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 134848
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:42:27

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\pc\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\pc\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pc\Configuración local\Datos de programa\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\pc\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\pc\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\pc\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\pc\Configuración local\Historial\History.IE5\MSHist012008031420080315\index.dat Object is locked skipped
C:\Documents and Settings\pc\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\pc\ntuser.dat Object is locked skipped
C:\Documents and Settings\pc\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F74A54A2-26B4-459C-836C-C9E0CB64AB6C}\RP20\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked
  • 0

#4
Rorschach112
Posted 14 March 2008 - 07:00 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\d3d9caps.dat
E:\AutoTransfer.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2db0682e-cc15-11dc-a3e6-0015e92b055b}
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log and tell me how your PC is running
  • 0

#5
cuervo77
Posted 14 March 2008 - 08:19 PM

cuervo77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello,
The PC is still at the same speed, it takes a while to load windows and it take a while to shut down.
About the IE7, as soon as I open my hotmail it shuts down inmediately, I dont know why...
These entries didnt show up when I run HiJackthis:
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - (no file)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)

I did what you told me about the OtMoveIt2 and this is what came up:

C:\WINDOWS\system32\d3d9caps.dat moved successfully.
File/Folder E:\AutoTransfer.exe not found.
[Custom Input]
< purity >
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2db0682e-cc15-11dc-a3e6-0015e92b055b} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2db0682e-cc15-11dc-a3e6-0015e92b055b}\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03142008_210409


This is the new log file:

Deckard's System Scanner v20071014.68
Run by pc on 2008-03-14 21:10:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as pc.exe) --------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-14 21:10:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
C:\Archivos de programa\Alwil Software\Avast4\ashDisp.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\TuneUp Utilities 2008\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Archivos de programa\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pc\Escritorio\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.pe/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Archivos de programa\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Archivos de programa\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Archivos de programa\TuneUp Utilities 2008\memoptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{F656BE73-6269-4AB7-B7EC-1FFFF67DB56B}: NameServer = 200.48.225.130,200.48.225.146
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Archivos de programa\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Archivos de programa\Spyware Doctor\swdsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe
O23 - Service: Servicio Lector del diario USN de Carpetas para compartir de Messenger (usnjsvc) - Unknown owner - C:\Archivos de programa\MSN Messenger\usnsvc.exe


--
End of file - 8040 bytes

-- Files created between 2008-02-14 and 2008-03-14 -----------------------------

2008-03-14 15:06:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-12 12:05:19 0 d-------- C:\Archivos de programa\Combined Community Codec Pack
2008-03-10 11:36:33 335 --a------ C:\WINDOWS\mozregistry.dat
2008-03-10 11:11:47 0 d-------- C:\Archivos de programa\eMule
2008-03-10 11:11:47 0 d-------- C:\Archivos de programa\CyberLink
2008-03-10 11:11:47 0 d-------- C:\Archivos de programa\Corel Painter IX.5
2008-03-10 11:11:46 0 d-------- C:\Archivos de programa\Yahoo!
2008-03-10 11:11:46 0 d-------- C:\Archivos de programa\VideoLAN
2008-03-10 11:11:42 0 d-------- C:\Archivos de programa\Stardock
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\Skype
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\PowerTab Editor
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\PFConfig
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\Online Services
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\Nero
2008-03-10 11:11:41 0 d-------- C:\Archivos de programa\Microsoft Works
2008-03-10 11:11:40 0 d-------- C:\Archivos de programa\InterVideo Information Service
2008-03-10 11:11:40 0 d-------- C:\Archivos de programa\Intelore
2008-03-10 11:11:39 0 d-------- C:\Archivos de programa\Illustrate
2008-03-10 11:11:39 0 d-------- C:\Archivos de programa\GlobalSCAPE
2008-03-10 11:11:39 0 d-------- C:\Archivos de programa\AusLogics Disk Defrag
2008-03-08 23:48:15 0 d-------- C:\Archivos de programa\Trend Micro
2008-03-08 23:34:02 0 d-------- C:\Archivos de programa\Windows Live Safety Center
2008-03-08 18:37:16 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-08 18:37:16 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-08 18:37:16 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-08 18:37:16 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-06 19:36:09 0 d--h----- C:\WINDOWS\PIF
2008-02-22 19:15:47 0 d-------- C:\Archivos de programa\Archivos comunes\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2008-03-14 10:33:55 0 d-------- C:\Archivos de programa\LimeWire
2008-03-12 15:27:00 0 d-------- C:\Documents and Settings\pc\Datos de programa\uTorrent
2008-03-11 21:50:53 0 d-------- C:\Archivos de programa\Java
2008-03-10 11:12:04 0 d-------- C:\Documents and Settings\pc\Datos de programa\WinPatrol
2008-03-10 11:11:58 0 d-------- C:\Archivos de programa\uTorrent
2008-03-10 11:11:49 0 d-------- C:\Archivos de programa\Lavasoft
2008-03-10 11:11:49 0 d-------- C:\Archivos de programa\EvilLyrics
2008-03-09 18:13:30 0 d-------- C:\Archivos de programa\Windows Media Connect 2
2008-03-09 17:29:00 0 d-------- C:\Archivos de programa\Soulseek
2008-03-09 16:49:24 0 d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-03-08 19:18:35 0 d-------- C:\Archivos de programa\iTunes
2008-03-08 19:18:24 0 d-------- C:\Archivos de programa\iPod
2008-03-08 19:17:38 0 d-------- C:\Archivos de programa\QuickTime
2008-03-08 19:03:22 0 d-------- C:\Documents and Settings\pc\Datos de programa\Leadertech
2008-03-08 18:57:02 0 d-------- C:\Documents and Settings\pc\Datos de programa\Adobe
2008-03-08 18:50:25 3407 --a------ C:\WINDOWS\mozver.dat
2008-03-08 18:29:54 0 d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-03-08 18:05:38 0 d-------- C:\Archivos de programa\SpywareBlaster
2008-03-06 20:33:18 0 d-------- C:\Documents and Settings\pc\Datos de programa\GlobalSCAPE
2008-03-06 20:32:58 0 d--h----- C:\Archivos de programa\InstallShield Installation Information
2008-03-06 00:13:04 0 d-------- C:\Documents and Settings\pc\Datos de programa\LimeWire
2008-03-05 19:29:50 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe
2008-02-28 18:36:02 0 d-------- C:\Documents and Settings\pc\Datos de programa\Alien Skin
2008-02-22 19:15:47 0 d-------- C:\Archivos de programa\Archivos comunes
2008-02-10 15:40:37 0 d-------- C:\Archivos de programa\Creative
2008-02-10 15:40:29 0 d--h----- C:\Archivos de programa\Creative Installation Information
2008-01-30 10:18:54 0 d-------- C:\Archivos de programa\Archivos comunes\Java
2008-01-26 14:00:33 0 d-------- C:\Documents and Settings\pc\Datos de programa\PrevxCSI
2008-01-18 17:53:07 0 d-------- C:\Documents and Settings\pc\Datos de programa\Winamp
2008-01-18 17:42:13 0 d-------- C:\Archivos de programa\Windows Installer Clean Up
2008-01-18 17:42:00 0 d-------- C:\Archivos de programa\MSECACHE
2008-01-18 17:31:44 0 d-------- C:\Archivos de programa\Winamp
2008-01-18 17:29:10 0 d-------- C:\Archivos de programa\Bonjour
2008-01-18 16:17:24 0 d-------- C:\Documents and Settings\pc\Datos de programa\Sunbelt Software
2008-01-18 16:02:41 0 d-------- C:\Archivos de programa\TuneUp Utilities 2008
2008-01-18 15:11:18 499240 --a------ C:\WINDOWS\system32\perfh00A.dat
2008-01-18 15:11:18 96852 --a------ C:\WINDOWS\system32\perfc00A.dat
2008-01-17 18:20:57 0 d-------- C:\Documents and Settings\pc\Datos de programa\SUPERAntiSpyware.com
2008-01-05 13:45:36 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe" [15/07/2005 04:48 p.m.]
"avast!"="C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 08:00 a.m.]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [19/02/2008 01:10 p.m.]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 a.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Archivos de programa\TuneUp Utilities 2008\memoptimizer.exe" [21/12/2007 03:17 p.m.]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 08:42 a.m.]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"=6 (0x6)
"NoSharedDocuments"=00000000
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 p.m. 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 08/03/2008 05:02 p.m. 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"CTSyncU.exe"="C:\Archivos de programa\Creative\Sync Manager Unicode\CTSyncU.exe"
"Realtek HD Audio Control Panel"=C:\Archivos de programa\Realtek\Audio\InstallShield\RTHDCPL.exe
"SUPERAntiSpyware"=C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VX1000"=C:\WINDOWS\vVX1000.exe
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
"CTCheck"=C:\Archivos de programa\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"QuickTime Task"="C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-03-14 21:10:55 ------------


Thanks
A.
  • 0

#6
Rorschach112
Posted 15 March 2008 - 07:29 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.


Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#7
cuervo77
Posted 15 March 2008 - 10:06 AM

cuervo77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks for all the help, my pc is faster now and I'm following the recomendations.
Just one thing keeps me bugging: the IE7 thing, as soons as I open my Inbox and try to open an email it suddenly shuts down. I use Firefox for some time know so I only use IE7 when it easier to use it instead of Firefox but I always use the Windows Messenger and sometimes you get notifications of new mail and its frustrating what I'm telling you.
The rest is pretty good nice, if you could help me with the problem I'm describing, I already googled the problem but haven't found anything.
Thanks a lot for all your help, I really appreciate it.
Albert
  • 0

#8
Rorschach112
Posted 15 March 2008 - 02:14 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I am not sure about that problem, maybe some add-on is responsible. I had the same problem myself, it just went away after a while. If you have loads of windows open that may be why.

If it persists I would post in the Windows XP forum about it


Anything else ?
  • 0

#9
cuervo77
Posted 15 March 2008 - 02:20 PM

cuervo77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
That's it man :)
I really appreciate your help, thanks!!
cheers
Albert
  • 0

#10
Rorschach112
Posted 15 March 2008 - 03:08 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP