Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Clarification one the first steps

Started by Fidelity , Jul 07 2008 11:28 AM

  • This topic is locked This topic is locked

#1
Fidelity
Posted 07 July 2008 - 11:28 AM

Fidelity

    New Member

  • Member
  • Pip
  • 3 posts
Hello,
Im new here and was conducting the preliminary steps you asked before posting a log of a nasty infection I have encountered at my new job.

Quote:
SUPERAntiSpyware...
"Under Scanner Options make sure the following are checked:

1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Please leave the others unchecked..."

When I entered the menu there were many boxes, and some that were not, after checking the boxes you asked for, it made me wonder if those are the ONLY boxes to be checked, or if I am to add those checks to the ones that were already there... thanks in advance for this.
Fidelity
  • 0

Advertisements

#2
Mike
Posted 08 July 2008 - 06:41 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Let's do this instead.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.
  • 0

#3
Fidelity
Posted 09 July 2008 - 11:00 AM

Fidelity

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks Mike for the help.

So I have not encountered a problem of this magnitude ever.
I will just start the with an explanation of the circumstances...
Computer Tech by trade, I was traveling Mexico and ran out of money. In Colima there was a nice little Internet / Xbox cafe, so I stopped in to check my Email and saw the pile of broken / virus filled PCs in the corner. Long story short, I work here now and that pile of broken computers in the corner is now my problem...
Another problem is I speak very little spanish.
15 PCs...
Since the cafe opened 2 years ago, they have never any type of technical administration.
The Cafe is up and running with 10 (somewhat) functional computers. After repairing / replacing hardware, I moved on to software and after getting windows to start, successfully installing some anti-virus, most of the computers where reporting 200+ infections.
Now all the systems have a wide variety of Anti-virus-malware-spyware because I cannot seem to get them completed no matter what I try.
List of programs still installed:

ATF Cleaner
MBAM
SUPER anti spyware
Hijackthis
Adaware
Spybot- Search & Destroy
Avast Anti-Virus
NOD32
AVG 8.0

Ok, now the programs I run like every hour will sometimes report an infection (1, maybe 2), yet the problems persist.
/NETSTAT shows 50 to 100 connections (mostly to www.007guard.com), The computer will randomly restart, scans freeze frequently, task manager will sometimes show 80 - 200 processes (however many it takes to entirely consume the memory), Internet is intermittent, 3 min on - 10 minutes off.

Ill post the last MBAM log, because you asked, but it returned as no infections detected...
________________________________________________________________________________
_______

Malwarebytes' Anti-Malware 1.19
Database version: 930
Windows 5.1.2600 Service Pack 2

11:25:14 09/07/2008
mbam-log-7-9-2008 (11-25-14).txt

Scan type: Quick Scan
Objects scanned: 35403
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

______________________________________________________________________

Ill post the other logs in a new post...
  • 0

#4
Fidelity
Posted 09 July 2008 - 11:01 AM

Fidelity

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Deckard's System Scanner v20071014.68
Run by Administrador on 2008-07-09 11:59:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrador.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:34, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\DNA\btdna.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\esclavo.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\notepad.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrador\Escritorio\dss.exe
C:\ARCHIV~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{78eb0e5d-a730-d601-ab73-be45ee4ec1c7}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{49894e63-0a65-a9d7-52b5-265d5bbfca4f}.dll" DllInit
O4 - HKLM\..\Run: [SearchSettings] C:\Archivos de programa\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Archivos de programa\DNA\btdna.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ABC Water Group - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cargador del Terminal (escSrv) - Unknown owner - C:\WINDOWS\system32\escsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing)

--
End of file - 8013 bytes

-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-07 19:45:25 41885 --a------ C:\WINDOWS\system32\escmult.exe
2008-07-07 14:51:41 0 d-------- C:\Archivos de programa\MSXML 6.0
2008-07-07 14:48:21 0 d-------- C:\Archivos de programa\MSXML 4.0
2008-07-07 13:34:44 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-07 12:21:49 0 d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-07-07 12:15:52 0 d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-07-07 12:03:09 0 d-------- C:\Archivos de programa\Trend Micro
2008-07-07 11:56:44 0 d-------- C:\Archivos de programa\Panda Security
2008-07-06 13:54:27 0 d-------- C:\WINDOWS\BDOSCAN8
2008-07-05 18:15:50 0 d-------- C:\WINDOWS\pss
2008-07-04 00:02:14 0 d-------- C:\WINDOWS\OPTIONS
2008-07-04 00:02:14 0 d-------- C:\Archivos de programa\Realtek
2008-07-04 00:02:14 0 d--h----- C:\Archivos de programa\InstallShield Installation Information
2008-07-03 17:34:17 53248 --a------ C:\WINDOWS\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-07-03 17:34:17 0 d-------- C:\Archivos de programa\Intel
2008-07-03 03:23:35 0 d-------- C:\Intel
2008-07-03 03:08:44 0 d-------- C:\TEMP
2008-07-02 19:32:59 0 d--h----- C:\WINDOWS\PIF
2008-07-01 17:58:58 0 d-------- C:\Archivos de programa\Alwil Software
2008-07-01 17:58:26 0 d-------- C:\Archivos de programa\Lavasoft
2008-07-01 00:27:19 0 d-------- C:\Archivos de programa\DNA
2008-06-29 23:15:48 0 d-------- C:\Archivos de programa\Zylom Games
2008-06-27 20:07:52 0 d-------- C:\Archivos de programa\Archivos comunes\Blizzard Entertainment
2008-06-20 02:48:25 53376 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-20 02:16:14 0 d-------- C:\WINDOWS\system32\rserver30
2008-06-18 01:39:44 0 d-------- C:\Archivos de programa\DsNET Corp
2008-06-15 19:51:20 0 d-------- C:\Archivos de programa\Dealio
2008-06-15 19:50:35 0 d-------- C:\Archivos de programa\Free Video Converter


-- Find3M Report ---------------------------------------------------------------

2008-07-09 11:52:33 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\DNA
2008-07-09 09:32:24 256 --a------ C:\WINDOWS\system32\escnompc.dat
2008-07-07 12:21:49 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2008-07-07 12:21:33 0 d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-07-07 12:15:55 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
2008-07-06 13:09:21 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Identities
2008-07-05 19:20:55 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Mozilla
2008-07-05 19:03:31 0 d-------- C:\Archivos de programa\LimeWire
2008-07-05 19:03:09 0 d-------- C:\Archivos de programa\Sony Ericsson
2008-07-04 00:02:07 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\InstallShield
2008-06-27 20:07:52 0 d-------- C:\Archivos de programa\Archivos comunes
2008-06-24 03:20:09 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-20 02:48:04 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\mIRC
2008-06-20 02:19:25 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Radmin
2008-06-08 17:59:38 0 d-------- C:\Archivos de programa\Ares
2008-06-05 02:15:48 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\U3
2008-05-31 23:51:04 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\LimeWire
2008-05-19 15:38:44 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Corel
2008-05-18 11:53:18 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Adobe
2008-05-18 11:26:04 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Sun
2008-05-15 11:06:19 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\BSplayer Pro
2008-05-15 11:04:02 0 d-------- C:\Archivos de programa\Archivos comunes\InstallShield
2008-05-15 10:27:08 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Media Player Classic
2008-05-12 21:10:51 446624 --a------ C:\WINDOWS\system32\perfh00A.dat
2008-05-12 21:10:51 74808 --a------ C:\WINDOWS\system32\perfc00A.dat
2008-05-10 23:30:32 0 d-------- C:\Archivos de programa\Corel
2008-05-10 23:30:32 0 d-------- C:\Archivos de programa\Archivos comunes\Corel
2008-05-10 21:37:25 59528 --a------ C:\WINDOWS\system32\esclent.exe
2008-05-10 21:37:24 53248 --a------ C:\WINDOWS\system32\escdll.dll
2008-05-10 18:32:40 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Talkback
2008-05-10 18:32:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-10 06:48:15 4 --a------ C:\WINDOWS\system32\escartic.dat
2008-05-10 06:41:33 1024000 --a------ C:\WINDOWS\system32\esclavo.exe
2008-05-10 06:40:59 32303 --a------ C:\WINDOWS\system32\escsrv.exe
2008-05-10 06:39:40 0 d-------- C:\Archivos de programa\Windows Live
2008-05-10 06:39:23 0 d--hs--c- C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-05-10 06:31:01 2552 --a------ C:\WINDOWS\unins000.dat
2008-05-10 06:29:59 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-10 06:18:50 6120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-10 06:18:49 51909 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-05-10 06:11:00 0 d-------- C:\Archivos de programa\TuneUp Utilities 2008
2008-05-10 05:54:40 0 d-------- C:\Archivos de programa\Microsoft Works
2008-05-10 05:54:32 0 d-------- C:\Archivos de programa\MSBuild
2008-05-10 05:53:45 0 d-------- C:\Archivos de programa\Microsoft.NET
2008-05-10 05:51:32 0 d-------- C:\Archivos de programa\Microsoft Visual Studio 8
2008-05-09 23:23:29 0 d-------- C:\Archivos de programa\Archivos comunes\ODBC
2008-05-09 23:23:26 0 d-------- C:\Archivos de programa\Archivos comunes\SpeechEngines
2008-05-09 23:23:11 62 --ahs---- C:\Documents and Settings\Administrador\Datos de programa\desktop.ini
2008-05-09 22:39:28 220160 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Sistema operativo Microsoft® Windows®>
2008-05-09 22:39:14 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\TuneUp Software
2008-05-09 22:39:06 0 d-------- C:\Archivos de programa\Real Alternative
2008-05-09 22:39:04 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Real
2008-05-09 22:39:02 0 d-------- C:\Archivos de programa\QuickTime Alternative
2008-05-09 22:38:29 0 d-------- C:\Archivos de programa\Windows Media Connect 2
2008-05-09 22:37:43 274432 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-09 22:37:30 0 d-------- C:\Archivos de programa\Java
2008-05-09 22:37:30 0 d-------- C:\Archivos de programa\Archivos comunes\Java
2008-05-09 22:37:15 0 d-------- C:\Documents and Settings\Administrador\Datos de programa\Macromedia
2008-05-09 22:36:48 0 d-------- C:\Archivos de programa\Webteh
2008-05-09 22:36:41 0 d-------- C:\Archivos de programa\Archivos comunes\Adobe
2008-05-09 22:30:51 0 -rahs---- C:\MSDOS.SYS
2008-05-09 22:30:51 0 -rahs---- C:\IO.SYS
2008-05-09 22:30:51 0 --a------ C:\CONFIG.SYS
2008-05-09 22:30:51 0 --a------ C:\AUTOEXEC.BAT
2008-05-09 22:30:46 0 d--h----- C:\Archivos de programa\WindowsUpdate
2008-05-09 22:29:06 0 d-------- C:\Archivos de programa\Archivos comunes\MSSoap
2008-05-09 22:28:27 21900 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-09 22:27:51 0 d-------- C:\Archivos de programa\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 01:19]
"{78eb0e5d-a730-d601-ab73-be45ee4ec1c7}"="C:\WINDOWS\system32\{49894e63-0a65-a9d7-52b5-265d5bbfca4f}.dll" []
"SearchSettings"="C:\Archivos de programa\Search Settings\SearchSettings.exe" []
"RTHDCPL"="RTHDCPL.EXE" [24/10/2007 22:57 C:\WINDOWS\RTHDCPL.EXE]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [15/02/2008 12:46]
"nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [09/05/2008 22:37]
"ISUSScheduler"="C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [11/08/2005 16:30]
"ISUSPM Startup"="C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" [11/08/2005 16:30]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [15/02/2008 12:46]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [15/02/2008 12:46]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00:47]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 05:43 C:\WINDOWS\ALCMTR.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 15:42]
"ares"="C:\Archivos de programa\Ares\Ares.exe" [20/02/2008 16:33]
"TaskSwitchXP"="C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe" []
"SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" []
"BitTorrent DNA"="C:\Archivos de programa\DNA\btdna.exe" [01/07/2008 00:27]
"amva"="C:\WINDOWS\system32\amvo.exe" []
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/07/2008 12:41]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\Administrador\Men£ Inicio\Programas\Inicio\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [19/03/2007 0:05:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoRun"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoViewContextMenu"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [07/07/2008 12:41 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL 07/07/2008 12:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts upnphost SSDPSRV

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18ba3e28-2d6a-11dd-bdc5-00196656a2a6}]
AutoRun\command- F:\GETMYPIX.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{238e1e42-325f-11dd-bdd9-00196656a2a6}]
AutoRun\command- F:\adb.com
explore\Command- F:\adb.com
open\Command- F:\adb.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{238e1e47-325f-11dd-bdd9-00196656a2a6}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b3d7e28-335d-11dd-bddb-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\drv32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\drv32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483ee5b8-413d-11dd-bdfc-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483ee5b9-413d-11dd-bdfc-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483ee5ba-413d-11dd-bdfc-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d84bc7e-4210-11dd-bdff-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d84bc85-4210-11dd-bdff-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e7b9f84-1ec8-11dd-bd87-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52861bda-47b5-11dd-be0d-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6317bb69-2729-11dd-bdad-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e7f0452-3962-11dd-bdec-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dc7310c-3aee-11dd-bdf2-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\autorun.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f8db4c4-4607-11dd-be08-00196656a2a6}]
AutoRun\command- G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f8db4c5-4607-11dd-be08-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a13cd366-3718-11dd-bde2-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b055dc9d-33de-11dd-bddc-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\drv32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\drv32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7a06054-42c2-11dd-be02-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7a06055-42c2-11dd-be02-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dir32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d083158e-2592-11dd-bda4-00196656a2a6}]
AutoRun\command- F:\adb.com
explore\Command- F:\adb.com
open\Command- F:\adb.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c1f5f0-34c6-11dd-bdde-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\drv32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\drv32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7926493-1e08-11dd-bd81-a67327b5c7e0}]
AutoRun\command- vy.cmd
explore\Command- vy.cmd
open\Command- vy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e31e468c-3573-11dd-bde0-00196656a2a6}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\drv32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\drv32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5010f7e-212c-11dd-bd90-00196656a2a6}]
AutoRun\command- F:\adb.com
explore\Command- F:\adb.com
open\Command- F:\adb.com




-- End of Deckard's System Scanner: finished at 2008-07-09 12:00:01 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Spanish

CPU 0: Genuine Intel® CPU 2160 @ 1.80GHz
CPU 1: Genuine Intel® CPU 2160 @ 1.80GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2039.23 MiB / 1480.41 MiB
Pagefile Memory (total/avail): 3413.37 MiB / 2923.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.64 MiB

C: is Fixed (NTFS) - 40.02 GiB total, 20.14 GiB free.
D: is Fixed (NTFS) - 109.02 GiB total, 100.1 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-00NCB1 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Sistema de archivos instalables - 40.02 GiB - C:
\PARTITION1 - Extendido con Inter. 13 extendida - 109.02 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrador\Datos de programa
CommonProgramFiles=C:\Archivos de programa\Archivos comunes
COMPUTERNAME=PC7
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrador
LOGONSERVER=\\PC7
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Archivos de programa
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\Windows\Temp\
TMP=C:\Windows\Temp\
USERDOMAIN=PC7
USERNAME=Administrador
USERPROFILE=C:\Documents and Settings\Administrador
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrador (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Actualización para Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Actualización para Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Actualización para Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Actualización para Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Actualización para Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Actualización para Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 - Español --> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A70800000002}
Adobe Shockwave Player --> MsiExec.exe /X{43BFB9E2-169C-46A9-BB81-141A37FD9750}
Ares 2.0.9 --> "C:\Archivos de programa\Ares\uninstall.exe"
avast! Antivirus --> C:\Archivos de programa\Alwil Software\Avast4\aswRunDll.exe "C:\Archivos de programa\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BSPlayer --> "C:\Archivos de programa\Webteh\BSplayerPro\uninstall.exe"
Compresor WinRAR --> C:\Archivos de programa\WinRAR\uninstall.exe
CorelDRAW Graphics Suite X3 --> MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
DNA --> "C:\Archivos de programa\DNA\btdna.exe" /UNINSTALL
ES --> MsiExec.exe /I{CBFAD664-763E-4A7D-BF92-BB0E493F3C66}
FontNav --> MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
HijackThis 2.0.2 --> "C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malwarebytes' Anti-Malware --> "C:\Archivos de programa\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}
Microsoft Office Groove MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00BA-0C0A-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0044-0C0A-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00A1-0C0A-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}
Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0) --> C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{79ACDEE9-29B6-4E2A-8C65-4352774D5BEA}
NOD32 antivirus system --> C:\Archivos de programa\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Archivos de programa\Eset\unins000.exe"
Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Panda ActiveScan 2.0 --> C:\Archivos de programa\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime Alternative 1.76 --> "C:\Archivos de programa\QuickTime Alternative\unins000.exe"
Real Alternative 1.51 Lite --> "C:\Archivos de programa\Real Alternative\unins000.exe"
REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Archivos de programa\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x000a -removeonly
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Revisión para el Reproductor de Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Revisión para Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Spybot - Search & Destroy --> "C:\Archivos de programa\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Windows Live installer --> MsiExec.exe /X{9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1}
Windows Live Messenger --> MsiExec.exe /X{FC411B47-30BF-428C-9C1E-F6C54A94EA7E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
World of Warcraft --> C:\Archivos de programa\Archivos comunes\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2098 / Success
Event Submitted/Written: 07/08/2008 10:16:44 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2072 / Success
Event Submitted/Written: 07/07/2008 03:34:03 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2064 / Success
Event Submitted/Written: 07/07/2008 02:59:07 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2027 / Success
Event Submitted/Written: 07/07/2008 01:33:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2023 / Success
Event Submitted/Written: 07/07/2008 00:52:15 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3491 / Warning
Event Submitted/Written: 07/09/2008 09:32:46 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP alcanzó el límite de seguridad impuesto sobre el número de intentos de conexión TCP simultáneas.

Event Record #/Type3486 / Warning
Event Submitted/Written: 07/08/2008 07:06:09 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP alcanzó el límite de seguridad impuesto sobre el número de intentos de conexión TCP simultáneas.

Event Record #/Type3485 / Warning
Event Submitted/Written: 07/08/2008 05:16:24 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP alcanzó el límite de seguridad impuesto sobre el número de intentos de conexión TCP simultáneas.

Event Record #/Type3483 / Warning
Event Submitted/Written: 07/08/2008 04:00:40 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP alcanzó el límite de seguridad impuesto sobre el número de intentos de conexión TCP simultáneas.

Event Record #/Type3478 / Warning
Event Submitted/Written: 07/08/2008 10:31:31 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP alcanzó el límite de seguridad impuesto sobre el número de intentos de conexión TCP simultáneas.



-- End of Deckard's System Scanner: finished at 2008-07-09 11:26:45 ------------
  • 0

#5
therock247uk
Posted 09 July 2008 - 11:12 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Please read our terms of use... http://www.geekstogo...boardrules.html

We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.


Closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP