Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan [CLOSED]

Started by aquevedo831 , Jun 07 2008 06:55 PM

This topic is locked

#1
aquevedo831

Posted 07 June 2008 - 06:55 PM

Member

Member
215 posts

I keep getting a notice from my norton 360 that i have a trojan. I push fix and it reboots and says it is fixed yet it keeps popping up. I have also noticed. If i open internet explorer it opens one, and goes to a page that I am not trying to visit and then keeps opening more and more browsers for internet explorer. Even if you close out of one. More keep opening. The only way to stop it is if you kill the iexplorer service using the task manager. I also notice. When I am browsing the web with one of my other internet browsers, a new tab opens and goes to some porn website that I do not wish to be at. Here is my hijack this log. I hope someone can help me clean my laptop. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:56:10 p.m., on 07/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Arturo\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXQklml.dll,#1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\qOIbXQGA.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\iiFYRJby.dll,c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BM55ccda45] Rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\sspvlwwp.dll",s
O4 - HKCU\..\Run: [56ffe9d9] rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\ppdarhqx.dll",b
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7820ABEA-4909-492B-9217-CC59FDBB9EB8}: NameServer = 69.49.208.10 69.7.80.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5792 bytes

#2
Octagonal

Posted 07 June 2008 - 07:09 PM

Member 2k

Member
2,528 posts

Hi aquevedo831,

Welcome to Geeks to Go.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3
aquevedo831

Posted 08 June 2008 - 10:29 AM

Member

Topic Starter
Member
215 posts

here are the logs:

Deckard's System Scanner v20071014.68
Run by Arturo on 2008-06-08 11:05:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-06-03 19:27:57 UTC - RP80 - Windows Update
1: 2008-06-01 15:32:50 UTC - RP79 - Quitado Windows Live installer

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 88% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).

-- HijackThis (run as Arturo.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:13 a.m., on 08/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Arturo\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Users\Arturo\Desktop\Arturo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXQklml.dll,#1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\nnnnMExy.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\iiFYRJby.dll,c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [56ffe9d9] rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\ppdarhqx.dll",b
O4 - HKCU\..\Run: [BM55ccda45] Rundll32.exe "C:\Users\Arturo\AppData\Local\Temp\sspvlwwp.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6747 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 TimerStop - \??\c:\windows\system32\timerstop.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-08 11:00:02 488 --a------ C:\Windows\Tasks\1-Click Maintenance.job

-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2099-05-13 19:31:11 0 d-------- C:\Windows\SoftwareDistribution
2099-05-13 19:29:52 0 d-------- C:\Windows\system32\catroot2
2099-05-13 19:29:38 0 d-------- C:\Windows\Debug
2099-05-13 19:29:38 0 d-------- C:\Windows\CSC
2099-05-13 19:27:45 0 d-------- C:\Windows\Prefetch
2099-05-13 19:27:34 0 d--hs---- C:\System Volume Information
2099-05-13 13:25:52 0 d-------- C:\Windows\Panther
2099-05-13 13:25:36 0 d--hs---- C:\Boot
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Reciente
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Plantillas
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Mis documentos
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Menú Inicio
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Impresoras
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Entorno de red
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Datos de programa
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Configuración local
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Plantillas
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Menú Inicio
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Favoritos
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Escritorio
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Documentos
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Datos de programa
2099-05-12 21:38:03 0 d--hs---- C:\Program Files\Archivos comunes
2099-05-12 21:38:03 0 d--hs---- C:\Archivos de programa
2008-06-06 12:47:48 171136 -rahs---- C:\grldr
2008-06-03 21:31:41 0 d-------- C:\Windows\en-US
2008-06-03 21:31:34 0 d-------- C:\Windows\system32\en
2008-06-03 21:31:34 0 d-------- C:\Windows\system32\0409
2008-06-03 21:31:29 0 d-------- C:\Windows\system32\drivers\en-US
2008-05-31 13:08:09 0 d--hs---- C:\Diskeeper
2008-05-31 12:49:53 0 d-------- C:\Users\All Users\Diskeeper Corporation
2008-05-31 12:13:31 0 d-------- C:\Program Files\Diskeeper Corporation
2008-05-30 15:14:52 59392 --a------ C:\Windows\system32\byXQklml.dll
2008-05-29 08:16:44 0 d-------- C:\Users\All Users\Adobe
2008-05-29 08:15:20 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 21:56:32 0 d-------- C:\Users\All Users\TamoSoft
2008-05-28 21:56:20 0 d-------- C:\Program Files\CommViewWiFi
2008-05-28 14:42:09 57344 --a------ C:\Windows\system32\mlJAqpqr.dll
2008-05-28 13:59:40 0 d-------- C:\Program Files\Norton 360
2008-05-28 13:55:40 0 d-------- C:\Program Files\Symantec
2008-05-28 13:52:28 0 d-------- C:\Users\All Users\Symantec
2008-05-28 13:37:27 57344 --a------ C:\Windows\system32\Wnaspint.dll <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-05-28 13:37:27 32768 --a------ C:\Windows\system32\Wnaspi32.dll <Not Verified; Frog ASPI / Millenod; frogaspi.dll>
2008-05-28 13:37:25 0 d-------- C:\Program Files\Acoustica MP3 CD Burner
2008-05-28 08:41:20 57344 --a------ C:\Windows\system32\gEWqqRhh.dll
2008-05-28 08:03:32 57344 --a------ C:\Windows\system32\fcccawTm.dll
2008-05-23 17:01:41 0 d-------- C:\PerfLogs
2008-05-23 13:15:27 0 d-------- C:\Users\All Users\Azureus
2008-05-23 13:13:46 0 d-------- C:\Program Files\Azureus
2008-05-23 07:14:16 32 --a------ C:\Windows\go
2008-05-21 10:19:54 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 21:00:19 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-20 20:59:37 0 d-------- C:\Program Files\Windows Live
2008-05-20 20:58:41 0 d-------- C:\Users\All Users\WLInstaller
2008-05-19 22:03:13 0 d-------- C:\Users\All Users\LightScribe
2008-05-19 10:39:25 0 d-------- C:\Program Files\Java
2008-05-19 10:30:47 0 d-------- C:\Program Files\Common Files\Java
2008-05-18 17:13:15 0 d-------- C:\Program Files\Lexmark 5200 series
2008-05-18 16:54:23 0 d-------- C:\Users\All Users\Corel
2008-05-18 16:54:22 0 d-------- C:\Program Files\Corel
2008-05-17 15:48:28 0 d-------- C:\Program Files\Hide IP NG
2008-05-16 22:41:45 0 d-------- C:\Program Files\hkSFV
2008-05-16 12:13:08 0 d-------- C:\Windows\system32\x64
2008-05-15 10:50:21 0 d-------- C:\Windows\system32\Macromed
2008-05-15 10:43:37 0 d-------- C:\Windows\system32\Lang
2008-05-15 10:19:27 0 d-------- C:\Users\All Users\TuneUp Software
2008-05-15 10:19:10 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-15 10:18:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 15:39:11 0 d-------- C:\Program Files\uTorrent
2008-05-14 08:48:42 0 d-------- C:\Program Files\Opera
2008-05-14 08:34:02 0 d-------- C:\Windows\Options
2008-05-14 08:34:02 0 d-------- C:\Program Files\Atheros
2008-05-14 08:33:28 0 d-------- C:\Users\All Users\Atheros
2008-05-14 08:33:19 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 08:25:45 0 d-------- C:\Program Files\NetWaiting
2008-05-14 08:20:10 0 d-------- C:\Program Files\Apoint2K
2008-05-13 20:59:07 0 d-------- C:\Windows\system32\appmgmt
2008-05-13 20:22:06 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-13 20:22:06 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-05-13 20:22:06 593920 --a------ C:\Windows\system32\xvidcore.dll
2008-05-13 20:22:05 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-13 20:22:05 73728 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 20:22:05 740442 --a------ C:\Windows\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 20:22:04 10752 --a------ C:\Windows\system32\ff_vfw.dll
2008-05-13 20:22:02 0 d-------- C:\Users\All Users\Real
2008-05-13 20:22:02 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-13 19:41:23 0 --a------ C:\Windows\nsreg.dat
2008-05-13 19:28:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-13 19:16:10 0 d-------- C:\Users\All Users\Nero
2008-05-13 19:16:10 0 d-------- C:\Program Files\Nero
2008-05-13 19:16:10 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-13 19:08:41 0 d-------- C:\Program Files\Microsoft Works
2008-05-13 19:07:38 0 d-------- C:\Windows\PCHEALTH
2008-05-13 19:07:38 0 d-------- C:\Program Files\Microsoft.NET
2008-05-13 19:05:11 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-13 19:04:15 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-13 19:03:47 0 dr-h----- C:\MSOCache
2008-05-13 18:52:06 0 d-------- C:\Program Files\CONEXANT
2008-05-13 18:48:55 0 d-------- C:\Program Files\Realtek
2008-05-13 18:48:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 18:45:43 53248 --a------ C:\Windows\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-05-13 18:45:43 0 d-------- C:\Program Files\Intel
2008-05-13 18:45:35 0 d-------- C:\Intel
2008-05-13 18:45:34 0 d-------- C:\swsetup
2008-05-13 18:45:11 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-12 22:02:52 0 d--hs---- C:\Windows\Installer
2008-05-12 21:55:06 0 d-------- C:\Program Files\[bleep] NFO Viewer
2008-05-12 21:54:22 0 d-------- C:\Program Files\Radmin
2008-05-12 21:46:29 3584 -ra------ C:\Windows\system32\timerstop.sys

-- Find3M Report ---------------------------------------------------------------

2099-05-12 21:38:37 0 d-------- C:\Users\Arturo\AppData\Roaming\Identities
2099-05-12 21:38:03 0 d-------- C:\Program Files\Windows NT
2008-06-06 15:45:56 664388 --a------ C:\Windows\system32\perfh00A.dat
2008-06-06 15:45:56 128552 --a------ C:\Windows\system32\perfc00A.dat
2008-06-06 15:40:15 0 d-------- C:\Users\Arturo\AppData\Roaming\uTorrent
2008-06-03 21:31:55 0 d-------- C:\Program Files\Windows Sidebar
2008-06-03 21:31:55 0 d-------- C:\Program Files\Windows Calendar
2008-06-03 21:31:55 0 d-------- C:\Program Files\Movie Maker
2008-06-03 21:31:51 0 d-------- C:\Program Files\Windows Mail
2008-06-03 21:31:49 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-03 21:31:49 0 d-------- C:\Program Files\Windows Collaboration
2008-06-03 21:31:48 0 d-------- C:\Program Files\Windows Journal
2008-06-03 21:31:46 0 d-------- C:\Program Files\Windows Defender
2008-06-03 10:55:16 0 d-------- C:\Users\Arturo\AppData\Roaming\Azureus
2008-05-29 08:27:27 0 d-------- C:\Users\Arturo\AppData\Roaming\Adobe
2008-05-29 08:15:20 0 d-------- C:\Program Files\Common Files
2008-05-28 21:51:24 0 d-------- C:\Users\Arturo\AppData\Roaming\Symantec
2008-05-28 13:37:25 0 d-------- C:\Users\Arturo\AppData\Roaming\Acoustica
2008-05-26 10:49:25 0 d-------- C:\Users\Arturo\AppData\Roaming\HideIP
2008-05-23 17:17:27 174 --ahs---- C:\Program Files\desktop.ini
2008-05-23 14:44:14 0 d-------- C:\Users\Arturo\AppData\Roaming\ArtOfPing
2008-05-18 17:00:57 0 d-------- C:\Users\Arturo\AppData\Roaming\Corel
2008-05-17 15:51:40 0 d-------- C:\Users\Arturo\AppData\Roaming\Hide IP NG
2008-05-15 10:50:45 0 d-------- C:\Users\Arturo\AppData\Roaming\Macromedia
2008-05-15 10:20:14 0 d-------- C:\Users\Arturo\AppData\Roaming\TuneUp Software
2008-05-14 21:35:08 0 d-------- C:\Users\Arturo\AppData\Roaming\Ahead
2008-05-14 08:48:52 0 d-------- C:\Users\Arturo\AppData\Roaming\Opera
2008-05-13 20:22:27 0 d-------- C:\Users\Arturo\AppData\Roaming\Media Player Classic
2008-05-13 20:22:02 0 d-------- C:\Users\Arturo\AppData\Roaming\Real
2008-05-13 19:41:49 0 d-------- C:\Users\Arturo\AppData\Roaming\Talkback
2008-05-13 19:41:19 0 d-------- C:\Users\Arturo\AppData\Roaming\Mozilla
2008-05-13 19:23:26 0 d-------- C:\Users\Arturo\AppData\Roaming\WinRAR
2008-05-13 19:08:30 0 d-------- C:\Program Files\MSBuild
2008-05-13 18:45:11 0 d-------- C:\Users\Arturo\AppData\Roaming\InstallShield

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
23/02/2008 09:08 p.m. 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
28/05/2008 02:01 p.m. 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [23/02/2008 09:08 p.m. 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 02:38 a.m.]
"MSServer"="C:\Windows\system32\byXQklml.dll" [30/05/2008 03:14 p.m.]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/02/2008 02:37 p.m.]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [26/02/2008 09:50 a.m.]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 p.m.]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"="C:\Users\Arturo\AppData\Local\Temp\nnnnMExy.dll,#1" []
"cmds"="C:\Users\Arturo\AppData\Local\Temp\iiFYRJby.dll,c" []
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 a.m.]
"56ffe9d9"="C:\Users\Arturo\AppData\Local\Temp\ppdarhqx.dll,b" []
"BM55ccda45"="C:\Users\Arturo\AppData\Local\Temp\sspvlwwp.dll,s" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{06E12C36-760F-4D92-8509-5E5DBF12C423}"= C:\Windows\system32\fcccawTm.dll [28/05/2008 08:03 a.m. 57344]
"{7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31}"= C:\Windows\system32\byXQklml.dll [30/05/2008 03:14 p.m. 59392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23276ff5-2923-11dd-b65f-001b38ee7580}]
AutoRun\command- D:\Autorun.exe /run
Shell00\Command- D:\Autorun.exe /run
Shell01\Command- D:\Autorun.exe /action
Shell02\Command- D:\Autorun.exe /uninstall

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-06-08 11:18:03 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X86; Language: Spanish

CPU 0: Intel® Pentium® Dual CPU T2330 @ 1.60GHz
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 1013.27 MiB / 187.58 MiB
Pagefile Memory (total/avail): 2292.89 MiB / 1286.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1854.29 MiB

C: is Fixed (NTFS) - 111.79 GiB total, 64.08 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS542512K9SA00 ATA Device - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Arturo\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AQUEVEDO831
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Arturo
LOCALAPPDATA=C:\Users\Arturo\AppData\Local
LOGONSERVER=\\AQUEVEDO831
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\DISKEE~1\DISKEE~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Arturo\AppData\Local\Temp
TMP=C:\Users\Arturo\AppData\Local\Temp
USERDOMAIN=aquevedo831
USERNAME=Arturo
USERPROFILE=C:\Users\Arturo
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Arturo
Invitado (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0403-0000-0000000FF1CE} /uninstall {A5B6B786-2D6F-4B75-940F-42B32D01D146}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0C0A-0000-0000000FF1CE} /uninstall {35B14BD6-6042-4A55-B326-58309DC8C72A}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0C0A-0000-0000000FF1CE} /uninstall {2CC8520D-6A74-4CCA-9539-8E774E2B50D1}
Acoustica MP3 CD Burner --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Español --> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81200000003}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0xa -removeonly
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Backup --> MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CommView for WiFi --> C:\PROGRA~1\COMMVI~1\CV.exe /u
Compresor WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ILEOHERza.INF
Corel Painter X --> C:\Program Files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\Users\Arturo\AppData\Local\Temp\PainterX.log
Corel Painter X --> MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A}
Diskeeper 2008 EnterpriseServer --> MsiExec.exe /X{A5DA3D48-60F6-455D-AD2B-7E8B183BB77B}
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Mega Codec Pack 2.2.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Office Access MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}
Microsoft Office Groove MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00BA-0C0A-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0044-0C0A-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00A1-0C0A-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}
Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{9A3D392C-B0BB-400A-A761-4B1497911033}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x000a -removeonly
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360 --> MsiExec.exe /I{F413B69D-4AD6-42ab-AEA5-0548989FAD50}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp --> MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Opera 9.27 --> MsiExec.exe /X{04DB4871-BC1D-44BF-AADB-47326365EB8C}
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x000a -removeonly
Remote Administrator v2.2 --> C:\Program Files\Radmin\uninstal.exe
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Touch Pad Driver --> C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

-- Application Event Log -------------------------------------------------------

Event Record #/Type6572 / Error
Event Submitted/Written: 06/08/2008 10:19:45 AM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....ootstl.cabDatos no válidos.

Event Record #/Type6571 / Error
Event Submitted/Written: 06/08/2008 10:19:45 AM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....ootstl.cabDatos no válidos.

Event Record #/Type6570 / Error
Event Submitted/Written: 06/08/2008 10:19:45 AM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....ootstl.cabDatos no válidos.

Event Record #/Type6569 / Error
Event Submitted/Written: 06/08/2008 10:19:45 AM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....ootstl.cabDatos no válidos.

Event Record #/Type6568 / Error
Event Submitted/Written: 06/08/2008 10:19:44 AM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....ootstl.cabDatos no válidos.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type31080 / Error
Event Submitted/Written: 06/08/2008 10:00:57 AM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type31034 / Error
Event Submitted/Written: 06/07/2008 05:14:09 PM
Event ID/Source: 10010 / DCOM
Event Description:
{0002DF01-0000-0000-C000-000000000046}

Event Record #/Type30931 / Error
Event Submitted/Written: 06/07/2008 05:04:51 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type30918 / Warning
Event Submitted/Written: 06/06/2008 04:25:35 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:

Event Record #/Type30902 / Error
Event Submitted/Written: 06/06/2008 04:06:48 PM
Event ID/Source: 11 / disk
Event Description:
The driver detected a controller error on \Device\Harddisk2\DR3.

-- End of Deckard's System Scanner: finished at 2008-06-08 11:18:03 ------------

#4
Octagonal

Posted 08 June 2008 - 08:29 PM

Member 2k

Member
2,528 posts

You do not have Vista activated, is there a reason for this? If you have a crack installed to cicumvent the activation process then I cannot help you.

Please run the MGA Diagnostic Tool and post back the report it shall produce:

Download MGADiag to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

#5
aquevedo831

Posted 08 June 2008 - 10:35 PM

Member

Topic Starter
Member
215 posts

My copy of windows is genuine. I do not have any crack installed. I am however very offended by your accusation. Whether or not my windows is activated is irrelevant to you helping me. If you do not wish to help me I will find someone else. Here are the results for what you told me to do...

Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: 0x0
Cached Validation Code: 0x0
Windows Product Key: *****-*****-YQQTB-FWK9V-932CC
Windows Product Key Hash: L1zPHHGNQ04Nunm9BorPaqFl4jI=
Windows Product ID: 86780-OEM-7332134-00043
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010100.1.0.001
CSVLK Server: N/A
CSVLK PID: N/A
ID: {C7675383-9G69-4FC0-9C17-803A97B232KU}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista ™ Ultimate
Architecture: 0x00000000
Build lab: 6001.longhorn_rtm.080118-1840
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 103
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

By JSntgRvr: Edited some of the data as it was affecting the window's size.

Spsys.log Content: 0x80070002

#6
Octagonal

Posted 09 June 2008 - 03:01 AM

Member 2k

Member
2,528 posts

Hello aquevedo831,

You may be offended by what I asked, however,

My copy of windows is genuine. I do not have any crack installed.

If you can you explain a valid reason why the following file is residing on your system

C:\Windows\system32\timerstop.sys

then I will gladly help you with your Malware problem.

#7
aquevedo831

Posted 09 June 2008 - 05:42 PM

Member

Topic Starter
Member
215 posts

I honestly do not know what that is. I have removed it from my system. Can we proceed with you helping me?

#8
Octagonal

Posted 10 June 2008 - 01:47 PM

Member 2k

Member
2,528 posts

Hello aquevedo831,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Run another Deckard's System Scanner (dss.exe) again, this time it will only produce one log (main.txt).

Post the results of MBAM and DSS in your next reply.

#9
aquevedo831

Posted 10 June 2008 - 10:39 PM

Member

Topic Starter
Member
215 posts

Malwarebytes' Anti-Malware 1.17
Database version: 846

11:26:09 p.m. 10/06/2008
mbam-log-6-10-2008 (23-26-09).txt

Scan type: Quick Scan
Objects scanned: 36688
Time elapsed: 20 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06e12c36-760f-4d92-8509-5e5dbf12c423} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7d7db869-3021-4cd2-af0a-b3cad75ece31} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Arturo\AppData\Local\Temp\bkohcmor.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Arturo\AppData\Local\Temp\fcccCsts.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Arturo\AppData\Local\Temp\khfFVMcd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Arturo\AppData\Local\Temp\kuotqkeg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Arturo\AppData\Local\Temp\ssqNEVmJ.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Arturo\AppData\Local\Temp\tmp0000bf67 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Arturo\AppData\Local\Temp\tmp0000d71c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Arturo\AppData\Local\Temp\tmp00011f81 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Arturo\AppData\Local\Temp\tmp0001c689 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Arturo\AppData\Local\Temp\hGvWMdEx.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\gEWqqRhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mlJAqpqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Deckard's System Scanner v20071014.68
Run by Arturo on 2008-06-10 23:27:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]Total Physical Memory: 1014 MiB (1024 MiB recommended).

-- HijackThis (run as Arturo.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:00 p.m., on 10/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Arturo\Desktop\dss.exe
C:\Users\Arturo\Desktop\Arturo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\hGvWMdEx.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7820ABEA-4909-492B-9217-CC59FDBB9EB8}: NameServer = 69.49.208.10 69.7.80.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6698 bytes

-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2099-05-13 19:31:11 0 d-------- C:\Windows\SoftwareDistribution
2099-05-13 19:29:52 0 d-------- C:\Windows\system32\catroot2
2099-05-13 19:29:38 0 d-------- C:\Windows\Debug
2099-05-13 19:29:38 0 d-------- C:\Windows\CSC
2099-05-13 19:27:45 0 d-------- C:\Windows\Prefetch
2099-05-13 19:27:34 0 d--hs---- C:\System Volume Information
2099-05-13 13:25:52 0 d-------- C:\Windows\Panther
2099-05-13 13:25:36 0 d--hs---- C:\Boot
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Reciente
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Plantillas
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Mis documentos
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Menú Inicio
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Impresoras
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Entorno de red
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Datos de programa
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Configuración local
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Plantillas
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Menú Inicio
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Favoritos
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Escritorio
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Documentos
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Datos de programa
2099-05-12 21:38:03 0 d--hs---- C:\Program Files\Archivos comunes
2099-05-12 21:38:03 0 d--hs---- C:\Archivos de programa
2008-06-10 22:51:21 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-10 22:51:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 23:11:38 0 d-------- C:\Users\All Users\Office Genuine Advantage
2008-06-08 21:43:13 0 d-------- C:\Program Files\MediaMonkey
2008-06-06 12:47:48 171136 -rahs---- C:\grldr
2008-06-03 21:31:41 0 d-------- C:\Windows\en-US
2008-06-03 21:31:34 0 d-------- C:\Windows\system32\en
2008-06-03 21:31:34 0 d-------- C:\Windows\system32\0409
2008-06-03 21:31:29 0 d-------- C:\Windows\system32\drivers\en-US
2008-05-31 13:08:09 0 d--hs---- C:\Diskeeper
2008-05-31 12:49:53 0 d-------- C:\Users\All Users\Diskeeper Corporation
2008-05-31 12:13:31 0 d-------- C:\Program Files\Diskeeper Corporation
2008-05-29 08:16:44 0 d-------- C:\Users\All Users\Adobe
2008-05-29 08:15:20 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 21:56:32 0 d-------- C:\Users\All Users\TamoSoft
2008-05-28 21:56:20 0 d-------- C:\Program Files\CommViewWiFi
2008-05-28 13:59:40 0 d-------- C:\Program Files\Norton 360
2008-05-28 13:55:40 0 d-------- C:\Program Files\Symantec
2008-05-28 13:52:28 0 d-------- C:\Users\All Users\Symantec
2008-05-28 13:37:27 57344 --a------ C:\Windows\system32\Wnaspint.dll <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-05-28 13:37:27 32768 --a------ C:\Windows\system32\Wnaspi32.dll <Not Verified; Frog ASPI / Millenod; frogaspi.dll>
2008-05-28 13:37:25 0 d-------- C:\Program Files\Acoustica MP3 CD Burner
2008-05-23 17:01:41 0 d-------- C:\PerfLogs
2008-05-23 13:15:27 0 d-------- C:\Users\All Users\Azureus
2008-05-23 13:13:46 0 d-------- C:\Program Files\Azureus
2008-05-23 07:14:16 32 --a------ C:\Windows\go
2008-05-21 10:19:54 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 21:00:19 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-20 20:59:37 0 d-------- C:\Program Files\Windows Live
2008-05-20 20:58:41 0 d-------- C:\Users\All Users\WLInstaller
2008-05-19 22:03:13 0 d-------- C:\Users\All Users\LightScribe
2008-05-19 10:39:25 0 d-------- C:\Program Files\Java
2008-05-19 10:30:47 0 d-------- C:\Program Files\Common Files\Java
2008-05-18 17:13:15 0 d-------- C:\Program Files\Lexmark 5200 series
2008-05-18 16:54:23 0 d-------- C:\Users\All Users\Corel
2008-05-18 16:54:22 0 d-------- C:\Program Files\Corel
2008-05-17 15:48:28 0 d-------- C:\Program Files\Hide IP NG
2008-05-16 22:41:45 0 d-------- C:\Program Files\hkSFV
2008-05-16 12:13:08 0 d-------- C:\Windows\system32\x64
2008-05-15 10:50:21 0 d-------- C:\Windows\system32\Macromed
2008-05-15 10:43:37 0 d-------- C:\Windows\system32\Lang
2008-05-15 10:19:27 0 d-------- C:\Users\All Users\TuneUp Software
2008-05-15 10:19:10 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-15 10:18:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 15:39:11 0 d-------- C:\Program Files\uTorrent
2008-05-14 08:48:42 0 d-------- C:\Program Files\Opera
2008-05-14 08:34:02 0 d-------- C:\Windows\Options
2008-05-14 08:34:02 0 d-------- C:\Program Files\Atheros
2008-05-14 08:33:28 0 d-------- C:\Users\All Users\Atheros
2008-05-14 08:33:19 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 08:25:45 0 d-------- C:\Program Files\NetWaiting
2008-05-14 08:20:10 0 d-------- C:\Program Files\Apoint2K
2008-05-13 20:59:07 0 d-------- C:\Windows\system32\appmgmt
2008-05-13 20:22:06 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-13 20:22:06 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-05-13 20:22:06 593920 --a------ C:\Windows\system32\xvidcore.dll
2008-05-13 20:22:05 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-13 20:22:05 73728 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 20:22:05 740442 --a------ C:\Windows\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 20:22:04 10752 --a------ C:\Windows\system32\ff_vfw.dll
2008-05-13 20:22:02 0 d-------- C:\Users\All Users\Real
2008-05-13 20:22:02 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-13 19:41:23 0 --a------ C:\Windows\nsreg.dat
2008-05-13 19:28:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-13 19:16:10 0 d-------- C:\Users\All Users\Nero
2008-05-13 19:16:10 0 d-------- C:\Program Files\Nero
2008-05-13 19:16:10 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-13 19:08:41 0 d-------- C:\Program Files\Microsoft Works
2008-05-13 19:07:38 0 d-------- C:\Windows\PCHEALTH
2008-05-13 19:07:38 0 d-------- C:\Program Files\Microsoft.NET
2008-05-13 19:05:11 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-13 19:04:15 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-13 19:03:47 0 dr-h----- C:\MSOCache
2008-05-13 18:52:06 0 d-------- C:\Program Files\CONEXANT
2008-05-13 18:48:55 0 d-------- C:\Program Files\Realtek
2008-05-13 18:48:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 18:45:43 53248 --a------ C:\Windows\system32\CSVer.dll <\Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-05-13 18:45:43 0 d-------- C:\Program Files\Intel
2008-05-13 18:45:35 0 d-------- C:\Intel
2008-05-13 18:45:34 0 d-------- C:\swsetup
2008-05-13 18:45:11 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-12 22:02:52 0 d--hs---- C:\Windows\Installer
2008-05-12 21:55:06 0 d-------- C:\Program Files\[bleep] NFO Viewer
2008-05-12 21:54:22 0 d-------- C:\Program Files\Radmin

-- Find3M Report ---------------------------------------------------------------

2099-05-12 21:38:37 0 d-------- C:\Users\Arturo\AppData\Roaming\Identities
2099-05-12 21:38:03 0 d-------- C:\Program Files\Windows NT
2008-06-10 22:51:46 0 d-------- C:\Users\Arturo\AppData\Roaming\Malwarebytes
2008-06-08 21:31:55 664388 --a------ C:\Windows\system32\perfh00A.dat
2008-06-08 21:31:55 128552 --a------ C:\Windows\system32\perfc00A.dat
2008-06-06 15:40:15 0 d-------- C:\Users\Arturo\AppData\Roaming\uTorrent
2008-06-03 21:31:55 0 d-------- C:\Program Files\Windows Sidebar
2008-06-03 21:31:55 0 d-------- C:\Program Files\Windows Calendar
2008-06-03 21:31:55 0 d-------- C:\Program Files\Movie Maker
2008-06-03 21:31:51 0 d-------- C:\Program Files\Windows Mail
2008-06-03 21:31:49 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-03 21:31:49 0 d-------- C:\Program Files\Windows Collaboration
2008-06-03 21:31:48 0 d-------- C:\Program Files\Windows Journal
2008-06-03 21:31:46 0 d-------- C:\Program Files\Windows Defender
2008-06-03 10:55:16 0 d-------- C:\Users\Arturo\AppData\Roaming\Azureus
2008-05-29 08:27:27 0 d-------- C:\Users\Arturo\AppData\Roaming\Adobe
2008-05-29 08:15:20 0 d-------- C:\Program Files\Common Files
2008-05-28 21:51:24 0 d-------- C:\Users\Arturo\AppData\Roaming\Symantec
2008-05-28 13:37:25 0 d-------- C:\Users\Arturo\AppData\Roaming\Acoustica
2008-05-26 10:49:25 0 d-------- C:\Users\Arturo\AppData\Roaming\HideIP
2008-05-23 17:17:27 174 --ahs---- C:\Program Files\desktop.ini
2008-05-23 14:44:14 0 d-------- C:\Users\Arturo\AppData\Roaming\ArtOfPing
2008-05-18 17:00:57 0 d-------- C:\Users\Arturo\AppData\Roaming\Corel
2008-05-17 15:51:40 0 d-------- C:\Users\Arturo\AppData\Roaming\Hide IP NG
2008-05-15 10:50:45 0 d-------- C:\Users\Arturo\AppData\Roaming\Macromedia
2008-05-15 10:20:14 0 d-------- C:\Users\Arturo\AppData\Roaming\TuneUp Software
2008-05-14 21:35:08 0 d-------- C:\Users\Arturo\AppData\Roaming\Ahead
2008-05-14 08:48:52 0 d-------- C:\Users\Arturo\AppData\Roaming\Opera
2008-05-13 20:22:27 0 d-------- C:\Users\Arturo\AppData\Roaming\Media Player Classic
2008-05-13 20:22:02 0 d-------- C:\Users\Arturo\AppData\Roaming\Real
2008-05-13 19:41:49 0 d-------- C:\Users\Arturo\AppData\Roaming\Talkback
2008-05-13 19:41:19 0 d-------- C:\Users\Arturo\AppData\Roaming\Mozilla
2008-05-13 19:23:26 0 d-------- C:\Users\Arturo\AppData\Roaming\WinRAR
2008-05-13 19:08:30 0 d-------- C:\Program Files\MSBuild
2008-05-13 18:45:11 0 d-------- C:\Users\Arturo\AppData\Roaming\InstallShield

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
23/02/2008 09:08 p.m. 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
28/05/2008 02:01 p.m. 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [23/02/2008 09:08 p.m. 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 02:38 a.m.]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/02/2008 02:37 p.m.]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [26/02/2008 09:50 a.m.]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 p.m.]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []
"MRT"="C:\Windows\system32\MRT.exe" [29/05/2008 06:35 p.m.]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [10/06/2008 07:02 p.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 a.m.]
"cmds"="C:\Users\Arturo\AppData\Local\Temp\hGvWMdEx.dll,c" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23276ff5-2923-11dd-b65f-001b38ee7580}]
AutoRun\command- D:\Autorun.exe /run
Shell00\Command- D:\Autorun.exe /run
Shell01\Command- D:\Autorun.exe /action
Shell02\Command- D:\Autorun.exe /uninstall

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-06-10 23:32:22 ------------

#10
Octagonal

Posted 12 June 2008 - 07:04 AM

Member 2k

Member
2,528 posts

Hello aquevedo831,

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
C:\Windows\system32\byXQklml.dll
C:\Users\Arturo\AppData\Local\Temp\qOIbXQGA.dll
C:\Windows\system32\fcccawTm.dll
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the computer did not reboot, then please restart the computer.

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Please do an online scan with Kaspersky WebScanner

Please note: You must use Internet Explorer for this as it uses an ActiveX component.

This scan may take a while to complete, so please be patient and let it finish.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Select a target to scan; click on My Computer.
The scan will take a while so be patient and let it run.
Once the scan is complete choose the option to Save as Text.
Save the file to your desktop.
Copy and paste that information in your next post.

Also do a fresh DSS scan. I would like to see the results to ensure that some files and registry keys aren't respawning.

Please post the OTMoveIt2 results, Kaspersky results and the DSS results in your next reply. Also let me know how the computer is now behaving.

#11
aquevedo831

Posted 13 June 2008 - 09:56 PM

Member

Topic Starter
Member
215 posts

I was not able to run the online scan from kaspersky. It says the software was blocked because it could not verify the publisher. So I can not run it. Here are my new logs though.

Deckard's System Scanner v20071014.68
Run by Arturo on 2008-06-13 22:51:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).

-- HijackThis (run as Arturo.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:38 p.m., on 13/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Arturo\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Users\Arturo\Desktop\Arturo.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Arturo\AppData\Local\Temp\hGvWMdEx.dll,c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{7820ABEA-4909-492B-9217-CC59FDBB9EB8}: NameServer = 69.49.208.10 69.7.80.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6325 bytes

-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2099-05-13 19:31:11 0 d-------- C:\Windows\SoftwareDistribution
2099-05-13 19:29:52 0 d-------- C:\Windows\system32\catroot2
2099-05-13 19:29:38 0 d-------- C:\Windows\Debug
2099-05-13 19:29:38 0 d-------- C:\Windows\CSC
2099-05-13 19:27:45 0 d-------- C:\Windows\Prefetch
2099-05-13 19:27:34 0 d--hs---- C:\System Volume Information
2099-05-13 13:25:52 0 d-------- C:\Windows\Panther
2099-05-13 13:25:36 0 d--hs---- C:\Boot
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Reciente
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Plantillas
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Mis documentos
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Menú Inicio
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Impresoras
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Entorno de red
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Datos de programa
2099-05-12 21:38:03 0 d--hs---- C:\Users\Default\Configuración local
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Plantillas
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Menú Inicio
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Favoritos
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Escritorio
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Documentos
2099-05-12 21:38:03 0 d--hs---- C:\Users\All Users\Datos de programa
2099-05-12 21:38:03 0 d--hs---- C:\Program Files\Archivos comunes
2099-05-12 21:38:03 0 d--hs---- C:\Archivos de programa
2008-06-10 22:51:21 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-10 22:51:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 23:11:38 0 d-------- C:\Users\All Users\Office Genuine Advantage
2008-06-08 21:43:13 0 d-------- C:\Program Files\MediaMonkey
2008-06-06 12:47:48 171136 -rahs---- C:\grldr
2008-06-03 21:31:41 0 d-------- C:\Windows\en-US
2008-06-03 21:31:34 0 d-------- C:\Windows\system32\en
2008-06-03 21:31:34 0 d-------- C:\Windows\system32\0409
2008-06-03 21:31:29 0 d-------- C:\Windows\system32\drivers\en-US
2008-05-31 13:08:09 0 d--hs---- C:\Diskeeper
2008-05-31 12:49:53 0 d-------- C:\Users\All Users\Diskeeper Corporation
2008-05-31 12:13:31 0 d-------- C:\Program Files\Diskeeper Corporation
2008-05-29 08:16:44 0 d-------- C:\Users\All Users\Adobe
2008-05-29 08:15:20 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 21:56:32 0 d-------- C:\Users\All Users\TamoSoft
2008-05-28 21:56:20 0 d-------- C:\Program Files\CommViewWiFi
2008-05-28 13:59:40 0 d-------- C:\Program Files\Norton 360
2008-05-28 13:55:40 0 d-------- C:\Program Files\Symantec
2008-05-28 13:52:28 0 d-------- C:\Users\All Users\Symantec
2008-05-28 13:37:27 57344 --a------ C:\Windows\system32\Wnaspint.dll <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-05-28 13:37:27 32768 --a------ C:\Windows\system32\Wnaspi32.dll <Not Verified; Frog ASPI / Millenod; frogaspi.dll>
2008-05-28 13:37:25 0 d-------- C:\Program Files\Acoustica MP3 CD Burner
2008-05-23 17:01:41 0 d-------- C:\PerfLogs
2008-05-23 13:15:27 0 d-------- C:\Users\All Users\Azureus
2008-05-23 13:13:46 0 d-------- C:\Program Files\Azureus
2008-05-23 07:14:16 32 --a------ C:\Windows\go
2008-05-21 10:19:54 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 21:00:19 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-20 20:59:37 0 d-------- C:\Program Files\Windows Live
2008-05-20 20:58:41 0 d-------- C:\Users\All Users\WLInstaller
2008-05-19 22:03:13 0 d-------- C:\Users\All Users\LightScribe
2008-05-19 10:39:25 0 d-------- C:\Program Files\Java
2008-05-19 10:30:47 0 d-------- C:\Program Files\Common Files\Java
2008-05-18 17:13:15 0 d-------- C:\Program Files\Lexmark 5200 series
2008-05-18 16:54:23 0 d-------- C:\Users\All Users\Corel
2008-05-18 16:54:22 0 d-------- C:\Program Files\Corel
2008-05-17 15:48:28 0 d-------- C:\Program Files\Hide IP NG
2008-05-16 22:41:45 0 d-------- C:\Program Files\hkSFV
2008-05-16 12:13:08 0 d-------- C:\Windows\system32\x64
2008-05-15 10:50:21 0 d-------- C:\Windows\system32\Macromed
2008-05-15 10:43:37 0 d-------- C:\Windows\system32\Lang
2008-05-15 10:19:27 0 d-------- C:\Users\All Users\TuneUp Software
2008-05-15 10:19:10 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-15 10:18:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 15:39:11 0 d-------- C:\Program Files\uTorrent
2008-05-14 08:48:42 0 d-------- C:\Program Files\Opera
2008-05-14 08:34:02 0 d-------- C:\Windows\Options
2008-05-14 08:34:02 0 d-------- C:\Program Files\Atheros
2008-05-14 08:33:28 0 d-------- C:\Users\All Users\Atheros
2008-05-14 08:33:19 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 08:25:45 0 d-------- C:\Program Files\NetWaiting
2008-05-14 08:20:10 0 d-------- C:\Program Files\Apoint2K
2008-05-13 20:59:07 0 d-------- C:\Windows\system32\appmgmt
2008-05-13 20:22:06 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-13 20:22:06 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-05-13 20:22:06 593920 --a------ C:\Windows\system32\xvidcore.dll
2008-05-13 20:22:05 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-13 20:22:05 73728 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 20:22:05 740442 --a------ C:\Windows\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 20:22:04 10752 --a------ C:\Windows\system32\ff_vfw.dll
2008-05-13 20:22:02 0 d-------- C:\Users\All Users\Real
2008-05-13 20:22:02 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-13 19:41:23 0 --a------ C:\Windows\nsreg.dat
2008-05-13 19:28:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-13 19:16:10 0 d-------- C:\Users\All Users\Nero
2008-05-13 19:16:10 0 d-------- C:\Program Files\Nero
2008-05-13 19:16:10 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-13 19:08:41 0 d-------- C:\Program Files\Microsoft Works
2008-05-13 19:07:38 0 d-------- C:\Windows\PCHEALTH
2008-05-13 19:07:38 0 d-------- C:\Program Files\Microsoft.NET
2008-05-13 19:05:11 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-13 19:04:15 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-13 19:03:47 0 dr-h----- C:\MSOCache
2008-05-13 18:52:06 0 d-------- C:\Program Files\CONEXANT
2008-05-13 18:48:55 0 d-------- C:\Program Files\Realtek
2008-05-13 18:48:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 18:45:43 53248 --a------ C:\Windows\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-05-13 18:45:43 0 d-------- C:\Program Files\Intel
2008-05-13 18:45:35 0 d-------- C:\Intel
2008-05-13 18:45:34 0 d-------- C:\swsetup
2008-05-13 18:45:11 0 d-------- C:\Program Files\Hewlett-Packard

-- Find3M Report ---------------------------------------------------------------

2099-05-12 21:38:37 0 d-------- C:\Users\Arturo\AppData\Roaming\Identities
2099-05-12 21:38:03 0 d-------- C:\Program Files\Windows NT
2008-06-11 23:40:56 0 d-------- C:\Program Files\Windows Mail
2008-06-10 22:51:46 0 d-------- C:\Users\Arturo\AppData\Roaming\Malwarebytes
2008-06-08 21:31:55 664388 --a------ C:\Windows\system32\perfh00A.dat
2008-06-08 21:31:55 128552 --a------ C:\Windows\system32\perfc00A.dat
2008-06-06 15:40:15 0 d-------- C:\Users\Arturo\AppData\Roaming\uTorrent
2008-06-03 21:31:55 0 d-------- C:\Program Files\Windows Sidebar
2008-06-03 21:31:55 0 d-------- C:\Program Files\Windows Calendar
2008-06-03 21:31:55 0 d-------- C:\Program Files\Movie Maker
2008-06-03 21:31:49 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-03 21:31:49 0 d-------- C:\Program Files\Windows Collaboration
2008-06-03 21:31:48 0 d-------- C:\Program Files\Windows Journal
2008-06-03 21:31:46 0 d-------- C:\Program Files\Windows Defender
2008-06-03 10:55:16 0 d-------- C:\Users\Arturo\AppData\Roaming\Azureus
2008-05-29 08:27:27 0 d-------- C:\Users\Arturo\AppData\Roaming\Adobe
2008-05-29 08:15:20 0 d-------- C:\Program Files\Common Files
2008-05-28 21:51:24 0 d-------- C:\Users\Arturo\AppData\Roaming\Symantec
2008-05-28 13:37:25 0 d-------- C:\Users\Arturo\AppData\Roaming\Acoustica
2008-05-26 10:49:25 0 d-------- C:\Users\Arturo\AppData\Roaming\HideIP
2008-05-23 17:17:27 174 --ahs---- C:\Program Files\desktop.ini
2008-05-23 14:44:14 0 d-------- C:\Users\Arturo\AppData\Roaming\ArtOfPing
2008-05-18 17:00:57 0 d-------- C:\Users\Arturo\AppData\Roaming\Corel
2008-05-17 15:51:40 0 d-------- C:\Users\Arturo\AppData\Roaming\Hide IP NG
2008-05-15 10:50:45 0 d-------- C:\Users\Arturo\AppData\Roaming\Macromedia
2008-05-15 10:20:14 0 d-------- C:\Users\Arturo\AppData\Roaming\TuneUp Software
2008-05-14 21:35:08 0 d-------- C:\Users\Arturo\AppData\Roaming\Ahead
2008-05-14 08:48:52 0 d-------- C:\Users\Arturo\AppData\Roaming\Opera
2008-05-13 20:22:27 0 d-------- C:\Users\Arturo\AppData\Roaming\Media Player Classic
2008-05-13 20:22:02 0 d-------- C:\Users\Arturo\AppData\Roaming\Real
2008-05-13 19:41:49 0 d-------- C:\Users\Arturo\AppData\Roaming\Talkback
2008-05-13 19:41:19 0 d-------- C:\Users\Arturo\AppData\Roaming\Mozilla
2008-05-13 19:23:26 0 d-------- C:\Users\Arturo\AppData\Roaming\WinRAR
2008-05-13 19:08:30 0 d-------- C:\Program Files\MSBuild
2008-05-13 18:45:11 0 d-------- C:\Users\Arturo\AppData\Roaming\InstallShield
2008-05-12 21:55:06 0 d-------- C:\Program Files\[bleep] NFO Viewer
2008-05-12 21:54:47 0 d-------- C:\Program Files\Radmin

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
23/02/2008 09:08 p.m. 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
28/05/2008 02:01 p.m. 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [23/02/2008 09:08 p.m. 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 02:38 a.m.]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/02/2008 02:37 p.m.]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [26/02/2008 09:50 a.m.]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cmds"="C:\Users\Arturo\AppData\Local\Temp\hGvWMdEx.dll,c" []
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 a.m.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware Reboot]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23276ff5-2923-11dd-b65f-001b38ee7580}]
AutoRun\command- D:\Autorun.exe /run
Shell00\Command- D:\Autorun.exe /run
Shell01\Command- D:\Autorun.exe /action
Shell02\Command- D:\Autorun.exe /uninstall

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-06-13 22:55:02 ------------

File/Folder C:\Windows\system32\byXQklml.dll not found.
File/Folder C:\Users\Arturo\AppData\Local\Temp\qOIbXQGA.dll not found.
File/Folder C:\Windows\system32\fcccawTm.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06122008_223052

#12
Octagonal

Posted 14 June 2008 - 09:02 PM

Member 2k

Member
2,528 posts

It is important to backup the Registry before we make any changes so that we have a fresh copy in case of misfortune. Please click on Start then Run and copy the following code into the command line.

regedit /e C:\BackupReg.reg

Click the OK button or press the Enter key. This will save a copy of the Registry to a file (C:\BackupReg.reg) on your local hard drive.

Open Notepad, and copy the contents of the code box below into a new text file. Save it on your Desktop as FixReg.reg. For the "save as type" choose all files.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cmds"=-

Locate FixReg.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Reboot the computer.

Seeing that you couldn't get Kaspersky to run let's try an alternative.

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

Go to http://support.f-sec.../home/ols.shtml
Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found, check Submit samples to F-Secure then select Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

When the cleaning option is presented, Uncheck Submit samples to F-Secure
Click Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:
This scan will only work with Internet Explorer
You must have administrator rights to run this scan
This scan can take several hours, so please be patient

Please post the following in your next reply:

F-Secure results
A fresh HijackThis log
Let me know how the computer is now behaving

#13
aquevedo831

Posted 15 June 2008 - 08:32 PM

Member

Topic Starter
Member
215 posts

I cannot run any online scans because of my internet explorer settings. It wont let me run any of them.

#14
Octagonal

Posted 16 June 2008 - 06:08 AM

Member 2k

Member
2,528 posts

Hello aquevedo831,

I would really like to see the results of an online AV scan.

I cannot run any online scans because of my internet explorer settings. It wont let me run any of them.

I notice that you have Opera installed.

Kaspersky now works with Opera 9 and runs by way of Java. If you don't have Opera 9 could you please upgrade to this version.

Once installed click on Opera 9 and select Run As Administrator to run it. .

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Please post the following in your next reply:

Kaspersky results
A fresh HijackThis log
Let me know how the computer is now behaving

#15
aquevedo831

Posted 18 June 2008 - 11:08 AM

Member

Topic Starter
Member
215 posts

Hey sorry i havent been able to reply. We just had a few tornadoes recently hit where i live out her in Odell, Texas. I will try to everything you said as soon as possible. Sorry once again.