Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BAGLE [RESOLVED]

Started by toyma , Aug 02 2008 10:39 AM

  • This topic is locked This topic is locked

#1
toyma
Posted 02 August 2008 - 10:39 AM

toyma

    Member

  • Member
  • PipPip
  • 83 posts
Hi everyone!!

I'm back..........I've been safe for quite a long time now, but somehow, got both my laptop and desktop infected by BAGLE, I'm quite sure.

Will anyone help me???

THANKS AGAIN!!

:)
  • 0

Advertisements

#2
toyma
Posted 02 August 2008 - 10:43 AM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
This is my log from the desktop.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:15 a.m., on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\jetsuite\JETSTAT.EXE
c:\jetsuite\JSFMAN.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Thelma\Local Settings\Temporary Internet Files\Content.IE5\R4OMU5CO\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE
O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O15 - Trusted Zone: http://cards.123greetings.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://download.macromedia.com
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: http://sdc.shockwave.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 11397 bytes
  • 0

#3
toyma
Posted 02 August 2008 - 10:47 AM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
And this is the log from my LAPTOP:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:01 a.m., on 02/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\drivers\downld\94021.exe
C:\Users\Thelma\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Exterminate It!\ExterminateIt.exe
C:\Users\Thelma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJGVTINE\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://ak.imgag.com/...llerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUplden-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - http://www.plaxo.com...upldr-2k-xp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 {es_ES} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11426 bytes
  • 0

#4
Jimmy2012
Posted 02 August 2008 - 11:19 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma. I'm currently reading over your log right now and I'll do my best to try to get your system clean. :)

Since I'm still in training, there may be a slight delay between my posts because they must be checked by an expert.
  • 0

#5
toyma
Posted 02 August 2008 - 11:26 AM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Thanks, Jimmy!!
I am glued to the machines waiting for your help.......
  • 0

#6
Jimmy2012
Posted 02 August 2008 - 11:34 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma,
If you have any questions please feel free to ask. :)
We will be working with your Desktop first, so please only do these steps on your Desktop.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Edited by Jimmy2012, 02 August 2008 - 11:36 PM.

  • 0

#7
toyma
Posted 03 August 2008 - 07:08 AM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Jimmy!
I will get to work right away and post the results.
BTW, I was so desperate with the laptop, an as it was fairly new and didn't have too much info on it, I formatted it and I am in the rpocess of reinstalling everything back.

Thanks again!!
  • 0

#8
toyma
Posted 03 August 2008 - 07:35 AM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Jimmy,

Here is the fresh combo-fix report as well as the HJT :) :

ComboFix 08-08-02.01 - Thelma 2008-08-03 8:18:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.174 [GMT -5:00]
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Corina Finkler\Datos de programa\hidires
C:\Documents and Settings\Thelma\Application Data\m
C:\Documents and Settings\Thelma\Application Data\m\data.oct
C:\Documents and Settings\Thelma\Application Data\m\flec006.exe
C:\Documents and Settings\Thelma\Application Data\m\list.oct
C:\Documents and Settings\Thelma\Application Data\m\shared
C:\Documents and Settings\Thelma\Application Data\m\shared\@PROMT French-Spanish Internet Translator 7.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\18 Wheels of Steel Pedal to the Metal 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\1Click Spyclean 1.4.9.36 Crack.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\310-878 - SUN Certified Field Engineer Practice Exam Questions 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\3D Realistic Flag Screensaver 1.6 [Serial].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\3D Supernova 1.1 [KeyGen].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\A1 SpeechTRON 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Access Password Recover 2.00.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Adit Testdesk Server 1.40 build 415a (KeyGen).zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Adobe Type Reunion Deluxe Updater 2.6.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Advanced Control (Add-on MSIE) 2.1 (Serial).zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Advanced Maillist Manager 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Advanced MP3 WMA Recorder 6.5 [Key].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Agent Undercover 2.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\AimOne All to MP3 Converter 1.61.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\AL Pictures Slideshow Studio 3.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\All Audio Converter 2.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Amethyst PLT-2-DWG 2.01.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Audiocorder (OS X) 4.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\AVG.Anti-Virus.Professional.7.5.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Babylon-Pro 6.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Bitdefender.v9.Pro.Plus.Fr.Incl-Serial.Par.Emule-Paradise.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Blaze TrayAudio 3.0 (Serial).zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Britney Spears Mirror 1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Brosix 1.7.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Button Collector 1.0 (Crack).zip
C:\Documents and Settings\Thelma\Application Data\m\shared\CaptureEze Pro 8.09.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Click'n View LE 4.0.3.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\ClickOk 1.01.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\ClumsyFingers 1.3.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\CO air 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Cookie Spy SE 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\crack.avast.4.7.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Crystal Art Screensaver 1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\CubeMultiClock 1.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Data Doctor Recovery Digital Camera 3.0.1.5.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Dhaatu
C:\Documents and Settings\Thelma\Application Data\m\shared\Dialupass 2.43.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\dsSHA 1.02.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\DVD Album Creator 3.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\eCatalogDX 3.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\EditiX 5.2.2 build 100407.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\EMCO MSI Package Builder Lite 3.3.1.24 [Key+Serial].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\ESP+ 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\EulerQuaternion 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\eXpress sticky organizer 2.0 Patch.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\EZ-Forms-MSDS 5.50.ec.220 Key+Serial.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\EZzone Trading Training 1.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\First Aid Guide 1.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\FontMap 2.41 With Crack.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\FRISK.F-Prot.Antivirus.for.Linux.x86.File.Servers.v4.6.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\GetRightToGo 1.0.4.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Global Mapper 8.0 Crack.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\GOFLOW Visual Designer 3.5.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\GraphicConverter (OS X) 5.9.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Hidden & Dangerous 2 multiplayer demo patch 1.05.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\HTML Scripting Pages 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\IB LogManager Viewer 2.6.0.2.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\ICCAD 1.2 (Cracked).zip
C:\Documents and Settings\Thelma\Application Data\m\shared\IE7 Runonce Remover 1.0.5.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\ImageIsle 1.01.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Internet Business Promoter (IBP) 9.7.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Invoice! 2002 3.2 [KeyGen].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\iShow Tutorial Builder Professional 2.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\JOC Press Release 2.12 build 1.00 [Crack].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Jpg Animated Slide Show 1.10.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\KeyMakerPRO 2.20.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\KiloCalc 2.12.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\LanguageStudio Portuguese 2.1s build 69 (Serial).zip
C:\Documents and Settings\Thelma\Application Data\m\shared\LingvoSoft Talking Picture Dictionary 2007 German - Arabic 1.1.19.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\LiveCricket 1.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\MailMender 1.1.1.108.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\MAPILab Toolbox for Outlook 3.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Max Payne - Matrix II map.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\MemoryLifter 1.7.2.5.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Mistmare 1.4.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\MP3 Virtual CD 2.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\MSDict Concise Oxford Spanish Dictionary (Symbian Series 60) 2.40.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Multi-DBServer (OS X) 1.6.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Multi-Screensaver 1.0 (Crack).zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Music Catalogue 4.5 Cracked.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\MX Lookup 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\MyREDButton Home 2.03 [Patch].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\MySafePass Editor 2.5.1 [KeyGen].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Nightmare Before Christmas 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\pastego 2.0.2.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\penelope 0.1a19.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Personal Organizer 3.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Pictoscope 4.0.11.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Police Field Contact Manager 7.0.1.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\pyLogViewer 0.1.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Quick ‘n Easy Mail Server 3.2.5.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\RAD Rotator 2.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Random Factor Mahjong 1.0.2.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Reel New Media Toolbar For Firefox 1.0.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Resolution Xtra 2.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\RSS Viewer 2.0.0 beta.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\RYSO EasyThumbs 2.00.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Secrets Protector Pro 2006 3.09.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\SharpCalculation Component 2.1.198.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\SID SoundInDepth 1.1.0.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\SideStep Toolbar 4.1.20.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\SlideWhere 1.7.7.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Soldat 1.3.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Speak Lite 1.0.41.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\SpiderSEO 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Spy 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Spyware Killer 3.12 [Key].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\SQL Key 7.11 [KeyGen].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Star Trek Voyager - Elite Force Pool Table map.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Stellar Phoenix FAT Data Recovery Software 10.01 Key+Serial.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\test three 333333.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Torrent Searcher SA 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\TrendyFlash Intro Builder 1.0 Key+Serial.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Triologic Video Player 4.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Troubleshooting Motor Controls 3.0 (KeyGen).zip
C:\Documents and Settings\Thelma\Application Data\m\shared\TV On PC Elite 2.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\TVGuide 0.5.2.3.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\TVideoGrabber 5.2.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Vordur Install Manager 1.6 Patch.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\VSProTimer 1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\VVPhoto 1.8 (Patch).zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Warcraft III - The Three Baronies - Prologue.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Warning Forever 1.4.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Web Designers Toolkit with Slideshows 1.0.61.01 [Cracked].zip
C:\Documents and Settings\Thelma\Application Data\m\shared\WebPen 1.0.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\WFTPD 3.25.1.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\Wordsmith 1.3.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\WyvernWorks Defender 2004 1.1.zip
C:\Documents and Settings\Thelma\Application Data\m\shared\ZippyLock 2.1.0 Build 10000.zip
C:\Documents and Settings\Thelma\Application Data\m\srvlist.oct
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\116359.exe
C:\WINDOWS\system32\drivers\downld\119109.exe
C:\WINDOWS\system32\drivers\downld\127812.exe
C:\WINDOWS\system32\drivers\downld\135015.exe
C:\WINDOWS\system32\drivers\downld\19834953.exe
C:\WINDOWS\system32\drivers\downld\19840875.exe
C:\WINDOWS\system32\drivers\downld\19848343.exe
C:\WINDOWS\system32\drivers\downld\19849671.exe
C:\WINDOWS\system32\drivers\downld\19867078.exe
C:\WINDOWS\system32\drivers\downld\19867890.exe
C:\WINDOWS\system32\drivers\downld\19878593.exe
C:\WINDOWS\system32\drivers\downld\19881484.exe
C:\WINDOWS\system32\drivers\downld\19950578.exe
C:\WINDOWS\system32\drivers\downld\19979734.exe
C:\WINDOWS\system32\drivers\downld\207968.exe
C:\WINDOWS\system32\drivers\downld\218875.exe
C:\WINDOWS\system32\drivers\downld\249375.exe
C:\WINDOWS\system32\drivers\downld\260359.exe
C:\WINDOWS\system32\drivers\downld\273187.exe
C:\WINDOWS\system32\drivers\downld\286687.exe
C:\WINDOWS\system32\drivers\downld\310296.exe
C:\WINDOWS\system32\drivers\downld\318203.exe
C:\WINDOWS\system32\drivers\downld\330953.exe
C:\WINDOWS\system32\drivers\downld\336265.exe
C:\WINDOWS\system32\drivers\downld\342515.exe
C:\WINDOWS\system32\drivers\downld\34387687.exe
C:\WINDOWS\system32\drivers\downld\34404640.exe
C:\WINDOWS\system32\drivers\downld\34412546.exe
C:\WINDOWS\system32\drivers\downld\34421218.exe
C:\WINDOWS\system32\drivers\downld\34421906.exe
C:\WINDOWS\system32\drivers\downld\34427093.exe
C:\WINDOWS\system32\drivers\downld\34430046.exe
C:\WINDOWS\system32\drivers\downld\34497953.exe
C:\WINDOWS\system32\drivers\downld\34512562.exe
C:\WINDOWS\system32\drivers\downld\360140.exe
C:\WINDOWS\system32\drivers\downld\361828.exe
C:\WINDOWS\system32\drivers\downld\374671.exe
C:\WINDOWS\system32\drivers\downld\381625.exe
C:\WINDOWS\system32\drivers\downld\38502843.exe
C:\WINDOWS\system32\drivers\downld\38512437.exe
C:\WINDOWS\system32\drivers\downld\38521453.exe
C:\WINDOWS\system32\drivers\downld\38524203.exe
C:\WINDOWS\system32\drivers\downld\38530859.exe
C:\WINDOWS\system32\drivers\downld\38532468.exe
C:\WINDOWS\system32\drivers\downld\38537390.exe
C:\WINDOWS\system32\drivers\downld\38552734.exe
C:\WINDOWS\system32\drivers\downld\38559562.exe
C:\WINDOWS\system32\drivers\downld\38567609.exe
C:\WINDOWS\system32\drivers\downld\38576140.exe
C:\WINDOWS\system32\drivers\downld\38577359.exe
C:\WINDOWS\system32\drivers\downld\38582609.exe
C:\WINDOWS\system32\drivers\downld\38596781.exe
C:\WINDOWS\system32\drivers\downld\38604968.exe
C:\WINDOWS\system32\drivers\downld\38614390.exe
C:\WINDOWS\system32\drivers\downld\38633859.exe
C:\WINDOWS\system32\drivers\downld\38635437.exe
C:\WINDOWS\system32\drivers\downld\38640437.exe
C:\WINDOWS\system32\drivers\downld\38643250.exe
C:\WINDOWS\system32\drivers\downld\38727187.exe
C:\WINDOWS\system32\drivers\downld\38746968.exe
C:\WINDOWS\system32\drivers\downld\389640.exe
C:\WINDOWS\system32\drivers\downld\39082468.exe
C:\WINDOWS\system32\drivers\downld\39088000.exe
C:\WINDOWS\system32\drivers\downld\39095937.exe
C:\WINDOWS\system32\drivers\downld\39098437.exe
C:\WINDOWS\system32\drivers\downld\39108125.exe
C:\WINDOWS\system32\drivers\downld\39109703.exe
C:\WINDOWS\system32\drivers\downld\39115703.exe
C:\WINDOWS\system32\drivers\downld\39119093.exe
C:\WINDOWS\system32\drivers\downld\39144921.exe
C:\WINDOWS\system32\drivers\downld\391484.exe
C:\WINDOWS\system32\drivers\downld\39154484.exe
C:\WINDOWS\system32\drivers\downld\39169296.exe
C:\WINDOWS\system32\drivers\downld\39181765.exe
C:\WINDOWS\system32\drivers\downld\39183906.exe
C:\WINDOWS\system32\drivers\downld\39240843.exe
C:\WINDOWS\system32\drivers\downld\39245734.exe
C:\WINDOWS\system32\drivers\downld\39252546.exe
C:\WINDOWS\system32\drivers\downld\39261156.exe
C:\WINDOWS\system32\drivers\downld\39262406.exe
C:\WINDOWS\system32\drivers\downld\39266421.exe
C:\WINDOWS\system32\drivers\downld\39271484.exe
C:\WINDOWS\system32\drivers\downld\39286281.exe
C:\WINDOWS\system32\drivers\downld\39293921.exe
C:\WINDOWS\system32\drivers\downld\39308765.exe
C:\WINDOWS\system32\drivers\downld\39319031.exe
C:\WINDOWS\system32\drivers\downld\39320390.exe
C:\WINDOWS\system32\drivers\downld\39324250.exe
C:\WINDOWS\system32\drivers\downld\39380125.exe
C:\WINDOWS\system32\drivers\downld\39385125.exe
C:\WINDOWS\system32\drivers\downld\39392187.exe
C:\WINDOWS\system32\drivers\downld\39393234.exe
C:\WINDOWS\system32\drivers\downld\39399812.exe
C:\WINDOWS\system32\drivers\downld\39401359.exe
C:\WINDOWS\system32\drivers\downld\39405218.exe
C:\WINDOWS\system32\drivers\downld\39410718.exe
C:\WINDOWS\system32\drivers\downld\39433671.exe
C:\WINDOWS\system32\drivers\downld\39445328.exe
C:\WINDOWS\system32\drivers\downld\39464593.exe
C:\WINDOWS\system32\drivers\downld\39466265.exe
C:\WINDOWS\system32\drivers\downld\39471375.exe
C:\WINDOWS\system32\drivers\downld\413187.exe
C:\WINDOWS\system32\drivers\downld\419593.exe
C:\WINDOWS\system32\drivers\downld\436281.exe
C:\WINDOWS\system32\drivers\downld\4606406.exe
C:\WINDOWS\system32\drivers\downld\4614593.exe
C:\WINDOWS\system32\drivers\downld\4622984.exe
C:\WINDOWS\system32\drivers\downld\4627937.exe
C:\WINDOWS\system32\drivers\downld\4635312.exe
C:\WINDOWS\system32\drivers\downld\4636781.exe
C:\WINDOWS\system32\drivers\downld\4642906.exe
C:\WINDOWS\system32\drivers\downld\4657796.exe
C:\WINDOWS\system32\drivers\downld\467250.exe
C:\WINDOWS\system32\drivers\downld\4684359.exe
C:\WINDOWS\system32\drivers\downld\4709843.exe
C:\WINDOWS\system32\drivers\downld\4732890.exe
C:\WINDOWS\system32\drivers\downld\4742046.exe
C:\WINDOWS\system32\drivers\downld\4744390.exe
C:\WINDOWS\system32\drivers\downld\4753453.exe
C:\WINDOWS\system32\drivers\downld\4755140.exe
C:\WINDOWS\system32\drivers\downld\4762171.exe
C:\WINDOWS\system32\drivers\downld\482656.exe
C:\WINDOWS\system32\drivers\downld\492250.exe
C:\WINDOWS\system32\drivers\downld\501859.exe
C:\WINDOWS\system32\drivers\downld\512328.exe
C:\WINDOWS\system32\drivers\downld\513984.exe
C:\WINDOWS\system32\drivers\downld\5170312.exe
C:\WINDOWS\system32\drivers\downld\5189578.exe
C:\WINDOWS\system32\drivers\downld\5199281.exe
C:\WINDOWS\system32\drivers\downld\5213109.exe
C:\WINDOWS\system32\drivers\downld\5221250.exe
C:\WINDOWS\system32\drivers\downld\5230734.exe
C:\WINDOWS\system32\drivers\downld\5233250.exe
C:\WINDOWS\system32\drivers\downld\5243156.exe
C:\WINDOWS\system32\drivers\downld\5262453.exe
C:\WINDOWS\system32\drivers\downld\527406.exe
C:\WINDOWS\system32\drivers\downld\5291406.exe
C:\WINDOWS\system32\drivers\downld\5299281.exe
C:\WINDOWS\system32\drivers\downld\5309703.exe
C:\WINDOWS\system32\drivers\downld\5311437.exe
C:\WINDOWS\system32\drivers\downld\5320500.exe
C:\WINDOWS\system32\drivers\downld\5323593.exe
C:\WINDOWS\system32\drivers\downld\534843.exe
C:\WINDOWS\system32\drivers\downld\5414265.exe
C:\WINDOWS\system32\drivers\downld\5426359.exe
C:\WINDOWS\system32\drivers\downld\547125.exe
C:\WINDOWS\system32\drivers\downld\558531.exe
C:\WINDOWS\system32\drivers\downld\570015.exe
C:\WINDOWS\system32\drivers\downld\572531.exe
C:\WINDOWS\system32\drivers\downld\591609.exe
C:\WINDOWS\system32\drivers\downld\602468.exe
C:\WINDOWS\system32\drivers\downld\620109.exe
C:\WINDOWS\system32\drivers\downld\627250.exe
C:\WINDOWS\system32\drivers\downld\635937.exe
C:\WINDOWS\system32\drivers\downld\649062.exe
C:\WINDOWS\system32\drivers\downld\650437.exe
C:\WINDOWS\system32\drivers\downld\74984.exe
C:\WINDOWS\system32\drivers\downld\76390.exe
C:\WINDOWS\system32\drivers\downld\83656.exe
C:\WINDOWS\system32\drivers\downld\96015.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-02 12:10 . 2008-08-03 08:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 11:33 . 2008-08-02 11:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-02 01:25 . 2008-08-02 01:25 <DIR> d-------- C:\Documents and Settings\Thelma\Application Data\Malwarebytes
2008-08-02 01:25 . 2008-08-02 01:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-02 01:05 . 2006-10-17 12:04 68,672 -ra------ C:\WINDOWS\system32\drivers\2WirePCP.sys
2008-08-01 15:34 . 2008-08-02 15:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 21:52 --------- d-----w C:\Program Files\BrainsBreaker
2008-08-02 00:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 23:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-08-01 19:20 --------- d-----w C:\Documents and Settings\Thelma\Application Data\U3
2008-08-01 08:47 --------- d-----w C:\Program Files\eMule
2008-08-01 07:09 --------- d-----w C:\Program Files\palmOne
2008-07-23 20:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-06-30 02:29 --------- d-----w C:\Documents and Settings\Thelma\Application Data\Costco Photo Viewer MX
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 01:02 --------- d-----w C:\Documents and Settings\Thelma\Application Data\Costco Photo Organizer
2008-06-16 22:51 --------- d-----w C:\Program Files\MSN Messenger
2008-06-16 22:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 04:51 --------- d-----w C:\Program Files\MosaicCreator
2008-06-12 03:30 --------- d-----w C:\Program Files\Costco
2008-06-12 03:30 --------- d-----w C:\Program Files\Common Files\HP
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-06-12 01:10 712712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 14:10 221184]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 03:07 102400]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 11:00 1116920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-06 14:58 172032]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 20:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 20:09 842584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 12:23 15961088 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\Thelma\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP LaserJet 3150 Status.lnk - C:\jetsuite\JETSTAT.EXE [2007-08-18 13:53:51 147456]
Inicio r pido de Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2007-09-28 19:31:30 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 22:06]
R1 jsmux;jsmux;C:\WINDOWS\system32\drivers\jsmux.sys [1999-09-22 13:48]
R1 jsscan;jsscan;C:\WINDOWS\system32\drivers\jsscan.sys [1999-09-22 13:48]
R2 jsfax;jsfax;C:\WINDOWS\system32\drivers\jsfax.sys [1999-09-22 13:48]
S4 jsdbg;jsdbg;C:\WINDOWS\system32\drivers\jsdbg.sys [1999-09-22 13:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0d807a-7104-11dc-aece-0016767fde02}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0d807b-7104-11dc-aece-0016767fde02}]
\Shell\AutoRun\command - H:\nideiect.com
\Shell\explore\Command - H:\nideiect.com
\Shell\open\Command - H:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3f73b55-5c07-11dc-9bbd-0016767fde02}]
\Shell\AutoRun\command - F:\WD_Windows_Tools\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 00:35]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Anexar a PDF existente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir a Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir destino de vínculo a PDF existente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir destino de vínculo en archivo Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir selección a Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir selección a archivo PDF existente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir vínculos seleccionados a Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convertir vínculos seleccionados a PDF existente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 08:22:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\jetsuite\JSDAEMON.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
.
**************************************************************************
.
Completion time: 2008-08-03 8:23:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-03 13:23:42

Pre-Run: 24,025,722,880 bytes free
Post-Run: 24,148,008,960 bytes free

453 --- E O F --- 2008-07-25 16:03:18







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33:24 a.m., on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Thelma\Local Settings\Temporary Internet Files\Content.IE5\85BNS3C1\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prodigy.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE
O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O15 - Trusted Zone: http://cards.123greetings.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://download.macromedia.com
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: http://sdc.shockwave.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 10415 bytes
  • 0

#9
Jimmy2012
Posted 04 August 2008 - 10:39 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma

STEP 1
You are currently using HijackThis from a temporary directory, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder
1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

2. Download HijackThis to the new folder:

3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

STEP 2
I see that you have a P2P(Peer to Peer) program on your computer.While the programs it self may be safe the files you get can be illegal and can also have malware in them also. I recommend you remove the following program.(if you do not want to remove the P2P program please skip this step and go to the next one)

Please click start>control panel>add/remove programs. And remove the following program(if present)Also remove any other P2P programs you may have.
eMule

Once you have done that please remove following folder(if present)
C:\Program Files\eMule

STEP 3
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
G:\LaunchU3.exe
H:\nideiect.com
F:\WD_Windows_Tools\setup.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0d807a-7104-11dc-aece-0016767fde02}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0d807b-7104-11dc-aece-0016767fde02}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3f73b55-5c07-11dc-9bbd-0016767fde02}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report into your next reply:
  • Combofix.txt

STEP 4
Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~
In your next reply please have these logs.
The ComboFix log
The Kaspersky log
And a fresh HijackThis log
  • 0

#10
toyma
Posted 04 August 2008 - 11:50 AM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Thanks Jimmy!!
I am working on it... will send you the logs once I have them.... and btw my laptop seems almost fine, but I have a few questions I will ask you once we clean the desktop..... :)
  • 0

Advertisements

#11
toyma
Posted 04 August 2008 - 03:56 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Jimmy!

I did everything you requested. Hopefully we are on the right track!!! Thanks again for staying with me.... :)

ComboFix 08-08-02.01 - Thelma 2008-08-04 12:45:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.120 [GMT -5:00]
Running from: C:\Documents and Settings\Thelma\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Thelma\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
F:\WD_Windows_Tools\setup.exe
G:\LaunchU3.exe
H:\nideiect.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-04 12:27 . 2008-08-04 12:34 <DIR> d-------- C:\HJT
2008-08-03 10:42 . 2008-08-03 10:42 <DIR> d-------- C:\Program Files\Asistente Prodigy
2008-08-03 10:28 . 2005-02-24 13:16 929,792 -ra------ C:\WINDOWS\system32\PRISME5.dll
2008-08-03 10:28 . 2005-02-24 13:16 15,781 -ra------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-08-03 10:27 . 2008-08-03 10:28 <DIR> d-------- C:\Program Files\Prodigy Infinitum
2008-08-02 12:10 . 2008-08-03 08:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 11:33 . 2008-08-02 11:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-02 01:25 . 2008-08-02 01:25 <DIR> d-------- C:\Documents and Settings\Thelma\Application Data\Malwarebytes
2008-08-02 01:25 . 2008-08-02 01:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-02 01:05 . 2006-10-17 12:04 68,672 -ra------ C:\WINDOWS\system32\drivers\2WirePCP.sys
2008-08-01 15:34 . 2008-08-02 15:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 20:42 --------- d-----w C:\Program Files\BrainsBreaker
2008-08-03 15:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 00:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 23:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-08-01 19:20 --------- d-----w C:\Documents and Settings\Thelma\Application Data\U3
2008-08-01 07:09 --------- d-----w C:\Program Files\palmOne
2008-07-23 20:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-06-30 02:29 --------- d-----w C:\Documents and Settings\Thelma\Application Data\Costco Photo Viewer MX
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 01:02 --------- d-----w C:\Documents and Settings\Thelma\Application Data\Costco Photo Organizer
2008-06-16 22:51 --------- d-----w C:\Program Files\MSN Messenger
2008-06-16 22:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 04:51 --------- d-----w C:\Program Files\MosaicCreator
2008-06-12 03:30 --------- d-----w C:\Program Files\Costco
2008-06-12 03:30 --------- d-----w C:\Program Files\Common Files\HP
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-06-12 01:10 712712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 14:10 221184]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 03:07 102400]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 11:00 1116920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-06 14:58 172032]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 20:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 20:09 842584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 12:23 15961088 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\Thelma\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP LaserJet 3150 Status.lnk - C:\jetsuite\JETSTAT.EXE [2007-08-18 13:53:51 147456]
Inicio r pido de Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2007-09-28 19:31:30 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 22:06]
R1 jsmux;jsmux;C:\WINDOWS\system32\drivers\jsmux.sys [1999-09-22 13:48]
R1 jsscan;jsscan;C:\WINDOWS\system32\drivers\jsscan.sys [1999-09-22 13:48]
R2 jsfax;jsfax;C:\WINDOWS\system32\drivers\jsfax.sys [1999-09-22 13:48]
S4 jsdbg;jsdbg;C:\WINDOWS\system32\drivers\jsdbg.sys [1999-09-22 13:48]
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 00:35]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PRISMSVR.EXE - C:\WINDOWS\system32\PRISMSVR.EXE


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 12:48:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-04 12:50:26
ComboFix-quarantined-files.txt 2008-08-04 17:50:09
ComboFix2.txt 2008-08-03 13:23:50

Pre-Run: 34,545,807,360 bytes free
Post-Run: 34,559,315,968 bytes free

127 --- E O F --- 2008-07-25 16:03:18



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 4, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 04, 2008 16:07:43
Records in database: 1053458
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 99171
Threat name: 7
Infected objects: 195
Suspicious objects: 0
Duration of the scan: 01:44:37


File name / Threat name / Threats count
C:\Program Files\Asistente Prodigy\ctrbt.exe Infected: Trojan.Win32.Reboot.h 1
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.wi 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\18 Wheels of Steel Pedal to the Metal 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\1Click Spyclean 1.4.9.36 Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\310-878 - SUN Certified Field Engineer Practice Exam Questions 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\3D Realistic Flag Screensaver 1.6 [Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\3D Supernova 1.1 [KeyGen].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\@PROMT French-Spanish Internet Translator 7.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\A1 SpeechTRON 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Access Password Recover 2.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Adit Testdesk Server 1.40 build 415a (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Adobe Type Reunion Deluxe Updater 2.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Advanced Control (Add-on MSIE) 2.1 (Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Advanced Maillist Manager 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Advanced MP3 WMA Recorder 6.5 [Key].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Agent Undercover 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\AimOne All to MP3 Converter 1.61.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\AL Pictures Slideshow Studio 3.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\All Audio Converter 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Amethyst PLT-2-DWG 2.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Audiocorder (OS X) 4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\AVG.Anti-Virus.Professional.7.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Babylon-Pro 6.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Bitdefender.v9.Pro.Plus.Fr.Incl-Serial.Par.Emule-Paradise.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Blaze TrayAudio 3.0 (Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Britney Spears Mirror 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Brosix 1.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Button Collector 1.0 (Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\CaptureEze Pro 8.09.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Click'n View LE 4.0.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\ClickOk 1.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\ClumsyFingers 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\CO air 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Cookie Spy SE 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\crack.avast.4.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Crystal Art Screensaver 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\CubeMultiClock 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Data Doctor Recovery Digital Camera 3.0.1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Dialupass 2.43.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\dsSHA 1.02.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\DVD Album Creator 3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\eCatalogDX 3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\EditiX 5.2.2 build 100407.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\EMCO MSI Package Builder Lite 3.3.1.24 [Key+Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\ESP+ 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\EulerQuaternion 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\eXpress sticky organizer 2.0 Patch.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\EZ-Forms-MSDS 5.50.ec.220 Key+Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\EZzone Trading Training 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\First Aid Guide 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\FontMap 2.41 With Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\FRISK.F-Prot.Antivirus.for.Linux.x86.File.Servers.v4.6.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\GetRightToGo 1.0.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Global Mapper 8.0 Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\GOFLOW Visual Designer 3.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\GraphicConverter (OS X) 5.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Hidden & Dangerous 2 multiplayer demo patch 1.05.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\HTML Scripting Pages 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\IB LogManager Viewer 2.6.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\ICCAD 1.2 (Cracked).zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\IE7 Runonce Remover 1.0.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\ImageIsle 1.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Internet Business Promoter (IBP) 9.7.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Invoice! 2002 3.2 [KeyGen].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\iShow Tutorial Builder Professional 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\JOC Press Release 2.12 build 1.00 [Crack].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Jpg Animated Slide Show 1.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\KeyMakerPRO 2.20.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\KiloCalc 2.12.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\LanguageStudio Portuguese 2.1s build 69 (Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\LingvoSoft Talking Picture Dictionary 2007 German - Arabic 1.1.19.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\LiveCricket 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\MailMender 1.1.1.108.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\MAPILab Toolbox for Outlook 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Max Payne - Matrix II map.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\MemoryLifter 1.7.2.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Mistmare 1.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\MP3 Virtual CD 2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\MSDict Concise Oxford Spanish Dictionary (Symbian Series 60) 2.40.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Multi-DBServer (OS X) 1.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Multi-Screensaver 1.0 (Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Music Catalogue 4.5 Cracked.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\MX Lookup 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\MyREDButton Home 2.03 [Patch].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\MySafePass Editor 2.5.1 [KeyGen].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Nightmare Before Christmas 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\pastego 2.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\penelope 0.1a19.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Personal Organizer 3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Pictoscope 4.0.11.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Police Field Contact Manager 7.0.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\pyLogViewer 0.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Quick ‘n Easy Mail Server 3.2.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\RAD Rotator 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Random Factor Mahjong 1.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Reel New Media Toolbar For Firefox 1.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Resolution Xtra 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\RSS Viewer 2.0.0 beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\RYSO EasyThumbs 2.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Secrets Protector Pro 2006 3.09.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\SharpCalculation Component 2.1.198.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\SID SoundInDepth 1.1.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\SideStep Toolbar 4.1.20.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\SlideWhere 1.7.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Soldat 1.3.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Speak Lite 1.0.41.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\SpiderSEO 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Spy 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Spyware Killer 3.12 [Key].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\SQL Key 7.11 [KeyGen].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Star Trek Voyager - Elite Force Pool Table map.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Stellar Phoenix FAT Data Recovery Software 10.01 Key+Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\test three 333333.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Torrent Searcher SA 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\TrendyFlash Intro Builder 1.0 Key+Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Triologic Video Player 4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Troubleshooting Motor Controls 3.0 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\TV On PC Elite 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\TVGuide 0.5.2.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\TVideoGrabber 5.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Vordur Install Manager 1.6 Patch.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\VSProTimer 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\VVPhoto 1.8 (Patch).zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Warcraft III - The Three Baronies - Prologue.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Warning Forever 1.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Web Designers Toolkit with Slideshows 1.0.61.01 [Cracked].zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\WebPen 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\WFTPD 3.25.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\Wordsmith 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\WyvernWorks Defender 2004 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\Documents and Settings\Thelma\Application Data\m\shared\ZippyLock 2.1.0 Build 10000.zip.vir Infected: Trojan-Downloader.Win32.Bagle.wv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\19834953.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\19848343.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\19849671.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\249375.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\273187.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\286687.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\330953.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\342515.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\34387687.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\34412546.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\374671.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\38502843.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\38521453.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\38524203.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\38552734.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\38567609.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\38596781.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\38614390.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\389640.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39082468.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39095937.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39098437.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39144921.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39169296.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39240843.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39252546.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39286281.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39308765.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39380125.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39392187.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39393234.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\39433671.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\436281.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4606406.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4622984.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4627937.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4657796.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4709843.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4742046.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\4744390.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\482656.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\501859.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\5170312.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\5199281.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\5213109.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\5230734.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\5233250.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\5262453.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\527406.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\5299281.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\547125.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\572531.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\602468.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\620109.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\635937.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\76390.exe.vir Infected: Backdoor.Win32.Hupigon.cjai 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\96015.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\hldrrr.exe.vir Infected: Trojan-Downloader.Win32.Bagle.wi 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\mdelk.exe.vir Infected: Trojan-Downloader.Win32.Bagle.wi 1
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir Infected: Trojan-Downloader.Win32.Bagle.vj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:49:55 p.m., on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\jetsuite\JETSTAT.EXE
c:\jetsuite\jsdaemon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE
O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O15 - Trusted Zone: http://cards.123greetings.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://download.macromedia.com
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: http://sdc.shockwave.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 11083 bytes
  • 0

#12
Jimmy2012
Posted 05 August 2008 - 11:40 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma,

Hopefully we are on the right track!!!

Yes things are looking better, hopefully just a few more things to do. :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Program Files\Asistente Prodigy\ctrbt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

SysRst::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#13
toyma
Posted 05 August 2008 - 04:20 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Jimmy!!

Here is what you requested. I hope it looks better!!!! :)

ComboFix 08-08-02.01 - Thelma 2008-08-05 17:10:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.131 [GMT -5:00]
Running from: C:\Documents and Settings\Thelma\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Thelma\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Asistente Prodigy\ctrbt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Asistente Prodigy\ctrbt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\downld

.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.

2008-08-04 12:27 . 2008-08-04 16:49 <DIR> d-------- C:\HJT
2008-08-03 10:42 . 2008-08-05 17:11 <DIR> d-------- C:\Program Files\Asistente Prodigy
2008-08-03 10:28 . 2005-02-24 13:16 929,792 -ra------ C:\WINDOWS\system32\PRISME5.dll
2008-08-03 10:28 . 2005-02-24 13:16 15,781 -ra------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-08-03 10:27 . 2008-08-03 10:28 <DIR> d-------- C:\Program Files\Prodigy Infinitum
2008-08-02 12:10 . 2008-08-03 08:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 11:33 . 2008-08-02 11:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-02 01:25 . 2008-08-02 01:25 <DIR> d-------- C:\Documents and Settings\Thelma\Application Data\Malwarebytes
2008-08-02 01:25 . 2008-08-02 01:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-02 01:05 . 2006-10-17 12:04 68,672 -ra------ C:\WINDOWS\system32\drivers\2WirePCP.sys
2008-08-01 15:34 . 2008-08-02 15:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 20:42 --------- d-----w C:\Program Files\BrainsBreaker
2008-08-03 15:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 00:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 23:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-08-01 19:20 --------- d-----w C:\Documents and Settings\Thelma\Application Data\U3
2008-08-01 07:09 --------- d-----w C:\Program Files\palmOne
2008-07-23 20:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-06-30 02:29 --------- d-----w C:\Documents and Settings\Thelma\Application Data\Costco Photo Viewer MX
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 01:02 --------- d-----w C:\Documents and Settings\Thelma\Application Data\Costco Photo Organizer
2008-06-16 22:51 --------- d-----w C:\Program Files\MSN Messenger
2008-06-16 22:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 04:51 --------- d-----w C:\Program Files\MosaicCreator
2008-06-12 03:30 --------- d-----w C:\Program Files\Costco
2008-06-12 03:30 --------- d-----w C:\Program Files\Common Files\HP
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

2000-08-31 08:00 6539 C:\Combo-Fix\Boot.bat
2000-08-31 08:00 6539 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001210.bat
2000-08-31 08:00 6539 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001355.bat

2008-08-03 17:54 484156 C:\Combo-Fix\C.bat
2008-08-03 17:54 484156 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001211.bat
2008-08-03 17:54 484156 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001356.bat

C:\Combo-Fix\CF29475.exe
2004-08-03 20:07 388608 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001212.exe

C:\Combo-Fix\CF5019.exe
2004-08-03 20:07 388608 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001357.exe

2008-08-05 17:10 21 C:\Combo-Fix\chcp.bat
2008-08-03 08:10 21 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001006.bat
2008-08-04 12:44 21 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001358.bat

2000-08-31 08:00 1024 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001213.sys
2000-08-31 08:00 1024 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001359.sys

C:\Combo-Fix\Combobatch.bat
2000-08-31 08:00 7011 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001205.bat
2000-08-31 08:00 7011 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP6\A0001404.bat

C:\Combo-Fix\Comspec.bat
2000-08-31 08:00 149 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001345.bat
2000-08-31 08:00 149 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001394.bat

2000-08-31 08:00 3378 C:\Combo-Fix\CregC.cmd
2000-08-31 08:00 3378 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001214.cmd
2000-08-31 08:00 3378 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001360.cmd

2000-08-31 08:00 1733 C:\Combo-Fix\DelClsid.bat
2000-08-31 08:00 1733 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001215.bat
2000-08-31 08:00 1733 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001361.bat

C:\Combo-Fix\Disclaimer.bat
2000-08-31 08:00 1158 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP1\A0000001.bat
2000-08-31 08:00 1158 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001397.bat

2000-08-31 08:00 6067 C:\Combo-Fix\Exe.reg
2000-08-31 08:00 6067 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001216.reg
2000-08-31 08:00 6067 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001362.reg

2000-08-31 08:00 92287 C:\Combo-Fix\FIND3M.bat
2000-08-31 08:00 92287 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001217.bat
2000-08-31 08:00 92287 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001363.bat

2000-08-31 08:00 3800 C:\Combo-Fix\FIXLSP.bat
2000-08-31 08:00 3800 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001218.bat
2000-08-31 08:00 3800 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001364.bat

2000-08-31 08:00 15388 C:\Combo-Fix\FProps.vbs
2000-08-31 08:00 15388 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001219.vbs
2000-08-31 08:00 15388 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001365.vbs

2000-08-31 08:00 2091 C:\Combo-Fix\history.bat
2000-08-31 08:00 2091 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001220.bat
2000-08-31 08:00 2091 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001366.bat

2000-08-31 08:00 69420 C:\Combo-Fix\Lang.bat
2000-08-31 08:00 69420 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001221.bat
2000-08-31 08:00 69420 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001367.bat

2000-08-31 08:00 349 C:\Combo-Fix\LFN.vbs
2000-08-31 08:00 349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001222.vbs
2000-08-31 08:00 349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001368.vbs

C:\Combo-Fix\List-C.bat
2000-08-31 08:00 209884 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001204.bat
2000-08-31 08:00 209884 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP6\A0001403.bat

2000-08-31 08:00 1528 C:\Combo-Fix\lnkread.vbs
2000-08-31 08:00 1528 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001223.vbs
2000-08-31 08:00 1528 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001369.vbs

2000-08-31 08:00 805 C:\Combo-Fix\LocalDrive.vbs
2000-08-31 08:00 805 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001224.vbs
2000-08-31 08:00 805 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001370.vbs

2000-08-31 08:00 2268 C:\Combo-Fix\MoveIt.bat
2000-08-31 08:00 2268 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001225.bat
2000-08-31 08:00 2268 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001371.bat

2000-08-31 08:00 1305 C:\Combo-Fix\ND_.bat
2000-08-31 08:00 1305 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001226.bat
2000-08-31 08:00 1305 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001372.bat

2000-08-31 08:00 28672 C:\Combo-Fix\nircmd.com
2000-08-31 08:00 28672 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001227.com
2000-08-31 08:00 28672 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001373.com

2000-08-31 08:00 657 C:\Combo-Fix\OSid.vbs
2000-08-31 08:00 657 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001228.vbs
2000-08-31 08:00 657 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001374.vbs

2000-08-31 08:00 3401 C:\Combo-Fix\Qoo.bat
2000-08-31 08:00 3401 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001229.bat
2000-08-31 08:00 3401 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001375.bat

C:\Combo-Fix\restore_pt.vbs
2000-08-31 08:00 232 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001010.vbs
2000-08-31 08:00 232 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP6\A0001400.vbs

2000-08-31 08:00 1537 C:\Combo-Fix\RestoreO4.bat
2000-08-31 08:00 1537 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001230.bat
2000-08-31 08:00 1537 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001376.bat

2000-08-31 08:00 15265 C:\Combo-Fix\SafeBootRepair.bat
2000-08-31 08:00 15265 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001231.bat
2000-08-31 08:00 15265 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001377.bat

2000-08-31 08:00 12121 C:\Combo-Fix\SetEnvmt.bat
2000-08-31 08:00 12121 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001232.bat
2000-08-31 08:00 12121 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001378.bat

2008-08-05 17:10 11610 C:\Combo-Fix\SetPath.bat
2008-08-03 08:11 11121 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001009.bat

2008-08-05 17:10 69 C:\Combo-Fix\sfx.cmd
2008-08-04 12:44 69 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001379.cmd

2000-08-31 08:00 1128 C:\Combo-Fix\SvcDrv.vbs
2000-08-31 08:00 1128 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001233.vbs
2000-08-31 08:00 1128 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001380.vbs

C:\Documents and Settings\Corina Finkler\Configuración local\temp\KeyGen.exe
2004-04-03 22:55 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001177.exe

2004-08-03 20:07 25600 C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2004-08-03 20:07 25600 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001244.dll
2004-08-03 20:07 25600 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP5\A0001392.dll

C:\Documents and Settings\Thelma\Application Data\m\flec006.exe
2008-08-03 07:57 94317 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001176.exe

C:\Program Files\Asistente Prodigy\ctrbt.exe
2001-12-05 19:58 44032 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP6\A0001401.exe

2008-07-16 12:52 663552 C:\Program Files\BrainsBreaker\_bbg.exe
2007-08-19 21:11 606208 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001277.exe

2008-07-16 12:50 1310720 C:\Program Files\BrainsBreaker\BBrk4.exe
2007-08-20 14:52 1277952 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001275.exe

2008-07-01 20:29 57344 C:\Program Files\BrainsBreaker\gdipacc.dll
2007-08-19 21:07 57344 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001276.dll

2008-08-03 15:41 682330 C:\Program Files\BrainsBreaker\unins000.exe
2007-09-07 19:08 682330 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001280.exe

2001-09-05 04:14 176128 C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2007-06-13 16:29 221184 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001259.dll

2001-09-05 04:18 225280 C:\Program Files\Common Files\InstallShield\IScript\iscript.dll
2007-06-13 16:29 221184 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001260.dll

C:\Program Files\eMule\emule.exe
2007-05-16 12:52 5308416 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001294.exe

C:\Program Files\eMule\lang\ar_AE.dll
2007-05-13 10:24 81920 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001299.dll

C:\Program Files\eMule\lang\ba_BA.dll
2007-05-13 10:23 106496 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001300.dll

C:\Program Files\eMule\lang\bg_BG.dll
2007-05-13 10:24 102400 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001301.dll

C:\Program Files\eMule\lang\ca_ES.dll
2007-05-13 10:24 106496 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001302.dll

C:\Program Files\eMule\lang\cz_CZ.dll
2007-05-13 10:23 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001303.dll

C:\Program Files\eMule\lang\da_DK.dll
2007-05-13 10:24 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001304.dll

C:\Program Files\eMule\lang\de_DE.dll
2007-05-13 10:24 106496 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001305.dll

C:\Program Files\eMule\lang\el_GR.dll
2007-05-13 10:24 110592 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001306.dll

C:\Program Files\eMule\lang\es_AS.dll
2007-05-13 10:23 102400 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001307.dll

C:\Program Files\eMule\lang\es_ES_T.dll
2007-05-13 10:24 110592 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001308.dll

C:\Program Files\eMule\lang\et_EE.dll
2007-05-13 10:23 94208 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001309.dll

C:\Program Files\eMule\lang\fa_IR.dll
2007-05-13 10:23 106496 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001310.dll

C:\Program Files\eMule\lang\fi_FI.dll
2007-05-13 10:23 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001311.dll

C:\Program Files\eMule\lang\fr_BR.dll
2007-05-13 10:23 106496 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001312.dll

C:\Program Files\eMule\lang\fr_FR.dll
2007-05-13 10:23 110592 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001313.dll

C:\Program Files\eMule\lang\gl_ES.dll
2007-05-13 10:23 106496 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001314.dll

C:\Program Files\eMule\lang\he_IL.dll
2007-05-13 10:23 81920 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001315.dll

C:\Program Files\eMule\lang\hu_HU.dll
2007-05-13 10:23 102400 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001316.dll

C:\Program Files\eMule\lang\it_IT.dll
2007-05-13 10:23 110592 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001317.dll

C:\Program Files\eMule\lang\jp_JP.dll
2007-05-13 10:23 65536 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001318.dll

C:\Program Files\eMule\lang\ko_KR.dll
2007-05-13 10:23 69632 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001319.dll

C:\Program Files\eMule\lang\lt_LT.dll
2007-05-13 10:23 102400 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001320.dll

C:\Program Files\eMule\lang\lv_LV.dll
2007-05-13 10:23 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001321.dll

C:\Program Files\eMule\lang\mt_MT.dll
2007-05-13 10:23 110592 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001322.dll

C:\Program Files\eMule\lang\nb_NO.dll
2007-05-13 10:23 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001323.dll

C:\Program Files\eMule\lang\nl_NL.dll
2007-05-13 10:23 106496 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001324.dll

C:\Program Files\eMule\lang\nn_NO.dll
2007-05-13 10:23 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001325.dll

C:\Program Files\eMule\lang\pl_PL.dll
2007-05-13 10:23 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001326.dll

C:\Program Files\eMule\lang\pt_BR.dll
2007-05-13 10:23 106496 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001327.dll

C:\Program Files\eMule\lang\pt_PT.dll
2007-05-13 10:23 110592 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001328.dll

C:\Program Files\eMule\lang\ro_RO.dll
2007-05-13 10:23 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001329.dll

C:\Program Files\eMule\lang\ru_RU.dll
2007-05-13 10:23 94208 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001330.dll

C:\Program Files\eMule\lang\sl_SI.dll
2007-05-13 10:23 102400 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001331.dll

C:\Program Files\eMule\lang\sq_AL.dll
2007-05-13 10:23 106496 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001332.dll

C:\Program Files\eMule\lang\sv_SE.dll
2007-05-13 10:23 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001333.dll

C:\Program Files\eMule\lang\tr_TR.dll
2007-05-13 10:23 102400 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001334.dll

C:\Program Files\eMule\lang\ua_UA.dll
2007-05-13 10:23 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001335.dll

C:\Program Files\eMule\lang\va_ES.dll
2007-05-13 10:23 106496 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001336.dll

C:\Program Files\eMule\lang\vi_VN.dll
2007-05-13 10:23 98304 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001337.dll

C:\Program Files\eMule\lang\zh_CN.dll
2007-05-13 10:23 49152 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001338.dll

C:\Program Files\eMule\lang\zh_TW.dll
2007-05-13 10:23 49152 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001339.dll

C:\Program Files\eMule\LinkCreator.exe
2006-03-22 16:12 270336 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001295.exe

C:\Program Files\eMule\uninstall.exe
2007-09-07 19:12 183929 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP4\A0001342.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2006-06-12 01:10 712712 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP6\A0001402.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
2008-07-30 20:15 73336 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001002.dll

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
2004-05-12 01:03 744960 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001001.dll

C:\WINDOWS\system32\drivers\downld\116359.exe
2008-08-02 20:25 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001011.exe

C:\WINDOWS\system32\drivers\downld\119109.exe
2008-08-02 20:25 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001012.exe

C:\WINDOWS\system32\drivers\downld\127812.exe
2008-08-02 20:25 25196 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001013.exe

C:\WINDOWS\system32\drivers\downld\135015.exe
2008-08-02 20:25 48751 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001014.exe

C:\WINDOWS\system32\drivers\downld\19834953.exe
2008-08-03 02:31 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001015.exe

C:\WINDOWS\system32\drivers\downld\19840875.exe
2008-08-03 02:31 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001016.exe

C:\WINDOWS\system32\drivers\downld\19848343.exe
2008-08-03 02:31 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001017.exe

C:\WINDOWS\system32\drivers\downld\19849671.exe
2008-08-03 02:32 94317 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001018.exe

C:\WINDOWS\system32\drivers\downld\19867078.exe
2008-08-03 02:32 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001019.exe

C:\WINDOWS\system32\drivers\downld\19867890.exe
2008-08-03 02:32 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001020.exe

C:\WINDOWS\system32\drivers\downld\19878593.exe
2008-08-03 02:32 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001021.exe

C:\WINDOWS\system32\drivers\downld\19881484.exe
2008-08-03 02:32 52160 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001022.exe

C:\WINDOWS\system32\drivers\downld\19950578.exe
2008-08-03 02:33 33589 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001023.exe

C:\WINDOWS\system32\drivers\downld\19979734.exe
2008-08-03 02:34 58268 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001024.exe

C:\WINDOWS\system32\drivers\downld\207968.exe
2008-08-02 20:26 33589 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001025.exe

C:\WINDOWS\system32\drivers\downld\218875.exe
2008-08-02 20:26 58226 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001026.exe

C:\WINDOWS\system32\drivers\downld\249375.exe
2008-08-02 20:27 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001027.exe

C:\WINDOWS\system32\drivers\downld\260359.exe
2008-08-02 20:27 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001028.exe

C:\WINDOWS\system32\drivers\downld\273187.exe
2008-08-02 20:27 69184 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001029.exe

C:\WINDOWS\system32\drivers\downld\286687.exe
2008-08-02 20:28 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001030.exe

C:\WINDOWS\system32\drivers\downld\310296.exe
2008-08-02 20:28 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001031.exe

C:\WINDOWS\system32\drivers\downld\318203.exe
2008-08-02 20:28 2564 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001032.exe

C:\WINDOWS\system32\drivers\downld\330953.exe
2008-08-02 20:28 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001033.exe

C:\WINDOWS\system32\drivers\downld\336265.exe
2008-08-02 20:28 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001034.exe

C:\WINDOWS\system32\drivers\downld\342515.exe
2008-08-02 20:28 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001035.exe

C:\WINDOWS\system32\drivers\downld\34387687.exe
2008-08-03 06:34 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001036.exe

C:\WINDOWS\system32\drivers\downld\34404640.exe
2008-08-03 06:34 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001037.exe

C:\WINDOWS\system32\drivers\downld\34412546.exe
2008-08-03 06:34 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001038.exe

C:\WINDOWS\system32\drivers\downld\34421218.exe
2008-08-03 06:34 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001039.exe

C:\WINDOWS\system32\drivers\downld\34421906.exe
2008-08-03 06:34 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001040.exe

C:\WINDOWS\system32\drivers\downld\34427093.exe
2008-08-03 06:34 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001041.exe

C:\WINDOWS\system32\drivers\downld\34430046.exe
2008-08-03 06:35 46498 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001042.exe

C:\WINDOWS\system32\drivers\downld\34497953.exe
2008-08-03 06:36 33589 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001043.exe

C:\WINDOWS\system32\drivers\downld\34512562.exe
2008-08-03 06:36 58258 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001044.exe

C:\WINDOWS\system32\drivers\downld\360140.exe
2008-08-02 20:29 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001045.exe

C:\WINDOWS\system32\drivers\downld\361828.exe
2008-08-02 20:29 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001046.exe

C:\WINDOWS\system32\drivers\downld\374671.exe
2008-08-02 20:29 715780 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001047.exe

C:\WINDOWS\system32\drivers\downld\381625.exe
2008-08-02 20:29 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001048.exe

C:\WINDOWS\system32\drivers\downld\38502843.exe
2008-08-03 07:42 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001049.exe

C:\WINDOWS\system32\drivers\downld\38512437.exe
2008-08-03 07:43 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001050.exe

C:\WINDOWS\system32\drivers\downld\38521453.exe
2008-08-03 07:43 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001051.exe

C:\WINDOWS\system32\drivers\downld\38524203.exe
2008-08-03 07:43 94317 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001052.exe

C:\WINDOWS\system32\drivers\downld\38530859.exe
2008-08-03 07:43 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001053.exe

C:\WINDOWS\system32\drivers\downld\38532468.exe
2008-08-03 07:43 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001054.exe

C:\WINDOWS\system32\drivers\downld\38537390.exe
2008-08-03 07:43 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001055.exe

C:\WINDOWS\system32\drivers\downld\38552734.exe
2008-08-03 07:43 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001056.exe

C:\WINDOWS\system32\drivers\downld\38559562.exe
2008-08-03 07:43 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001057.exe

C:\WINDOWS\system32\drivers\downld\38567609.exe
2008-08-03 07:44 94317 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001058.exe

C:\WINDOWS\system32\drivers\downld\38576140.exe
2008-08-03 07:44 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001059.exe

C:\WINDOWS\system32\drivers\downld\38577359.exe
2008-08-03 07:44 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001060.exe

C:\WINDOWS\system32\drivers\downld\38582609.exe
2008-08-03 07:44 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001061.exe

C:\WINDOWS\system32\drivers\downld\38596781.exe
2008-08-03 07:44 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001062.exe

C:\WINDOWS\system32\drivers\downld\38604968.exe
2008-08-03 07:44 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001063.exe

C:\WINDOWS\system32\drivers\downld\38614390.exe
2008-08-03 07:44 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001064.exe

C:\WINDOWS\system32\drivers\downld\38633859.exe
2008-08-03 07:45 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001065.exe

C:\WINDOWS\system32\drivers\downld\38635437.exe
2008-08-03 07:45 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001066.exe

C:\WINDOWS\system32\drivers\downld\38640437.exe
2008-08-03 07:45 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001067.exe

C:\WINDOWS\system32\drivers\downld\38643250.exe
2008-08-03 07:45 55342 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001068.exe

C:\WINDOWS\system32\drivers\downld\38727187.exe
2008-08-03 07:46 33589 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001069.exe

C:\WINDOWS\system32\drivers\downld\38746968.exe
2008-08-03 07:46 58216 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001070.exe

C:\WINDOWS\system32\drivers\downld\389640.exe
2008-08-02 20:29 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001071.exe

C:\WINDOWS\system32\drivers\downld\39082468.exe
2008-08-03 07:52 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001072.exe

C:\WINDOWS\system32\drivers\downld\39088000.exe
2008-08-03 07:52 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001073.exe

C:\WINDOWS\system32\drivers\downld\39095937.exe
2008-08-03 07:52 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001074.exe

C:\WINDOWS\system32\drivers\downld\39098437.exe
2008-08-03 07:52 94317 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001075.exe

C:\WINDOWS\system32\drivers\downld\39108125.exe
2008-08-03 07:52 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001076.exe

C:\WINDOWS\system32\drivers\downld\39109703.exe
2008-08-03 07:53 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001077.exe

C:\WINDOWS\system32\drivers\downld\39115703.exe
2008-08-03 07:53 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001078.exe

C:\WINDOWS\system32\drivers\downld\39119093.exe
2008-08-03 07:53 52324 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001079.exe

C:\WINDOWS\system32\drivers\downld\39144921.exe
2008-08-03 07:53 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001080.exe

C:\WINDOWS\system32\drivers\downld\391484.exe
2008-08-02 20:29 2052 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001081.exe

C:\WINDOWS\system32\drivers\downld\39154484.exe
2008-08-03 07:53 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001082.exe

C:\WINDOWS\system32\drivers\downld\39169296.exe
2008-08-03 07:54 94162 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001083.exe

C:\WINDOWS\system32\drivers\downld\39181765.exe
2008-08-03 07:54 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001084.exe

C:\WINDOWS\system32\drivers\downld\39183906.exe
2008-08-03 07:54 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001085.exe

C:\WINDOWS\system32\drivers\downld\39240843.exe
2008-08-03 07:55 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001086.exe

C:\WINDOWS\system32\drivers\downld\39245734.exe
2008-08-03 07:55 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001087.exe

C:\WINDOWS\system32\drivers\downld\39252546.exe
2008-08-03 07:55 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001088.exe

C:\WINDOWS\system32\drivers\downld\39261156.exe
2008-08-03 07:55 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001089.exe

C:\WINDOWS\system32\drivers\downld\39262406.exe
2008-08-03 07:55 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001090.exe

C:\WINDOWS\system32\drivers\downld\39266421.exe
2008-08-03 07:55 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001091.exe

C:\WINDOWS\system32\drivers\downld\39271484.exe
2008-08-03 07:55 56345 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001092.exe

C:\WINDOWS\system32\drivers\downld\39286281.exe
2008-08-03 07:55 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001093.exe

C:\WINDOWS\system32\drivers\downld\39293921.exe
2008-08-03 07:56 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001094.exe

C:\WINDOWS\system32\drivers\downld\39308765.exe
2008-08-03 07:56 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001095.exe

C:\WINDOWS\system32\drivers\downld\39319031.exe
2008-08-03 07:56 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001096.exe

C:\WINDOWS\system32\drivers\downld\39320390.exe
2008-08-03 07:56 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001097.exe

C:\WINDOWS\system32\drivers\downld\39324250.exe
2008-08-03 07:56 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001098.exe

C:\WINDOWS\system32\drivers\downld\39380125.exe
2008-08-03 07:57 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001099.exe

C:\WINDOWS\system32\drivers\downld\39385125.exe
2008-08-03 07:57 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001100.exe

C:\WINDOWS\system32\drivers\downld\39392187.exe
2008-08-03 07:57 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001101.exe

C:\WINDOWS\system32\drivers\downld\39393234.exe
2008-08-03 07:57 94317 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001102.exe

C:\WINDOWS\system32\drivers\downld\39399812.exe
2008-08-03 07:57 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001103.exe

C:\WINDOWS\system32\drivers\downld\39401359.exe
2008-08-03 07:57 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001104.exe

C:\WINDOWS\system32\drivers\downld\39405218.exe
2008-08-03 07:57 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001105.exe

C:\WINDOWS\system32\drivers\downld\39410718.exe
2008-08-03 07:58 52324 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001106.exe

C:\WINDOWS\system32\drivers\downld\39433671.exe
2008-08-03 07:58 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001107.exe

C:\WINDOWS\system32\drivers\downld\39445328.exe
2008-08-03 07:58 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001108.exe

C:\WINDOWS\system32\drivers\downld\39464593.exe
2008-08-03 07:58 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001109.exe

C:\WINDOWS\system32\drivers\downld\39466265.exe
2008-08-03 07:58 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001110.exe

C:\WINDOWS\system32\drivers\downld\39471375.exe
2008-08-03 07:59 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001111.exe

C:\WINDOWS\system32\drivers\downld\413187.exe
2008-08-02 20:30 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001112.exe

C:\WINDOWS\system32\drivers\downld\419593.exe
2008-08-02 20:30 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001113.exe

C:\WINDOWS\system32\drivers\downld\436281.exe
2008-08-02 21:08 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001114.exe

C:\WINDOWS\system32\drivers\downld\4606406.exe
2008-08-02 22:17 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001115.exe

C:\WINDOWS\system32\drivers\downld\4614593.exe
2008-08-02 22:18 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001116.exe

C:\WINDOWS\system32\drivers\downld\4622984.exe
2008-08-02 22:18 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001117.exe

C:\WINDOWS\system32\drivers\downld\4627937.exe
2008-08-02 22:18 94667 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001118.exe

C:\WINDOWS\system32\drivers\downld\4635312.exe
2008-08-02 22:18 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001119.exe

C:\WINDOWS\system32\drivers\downld\4636781.exe
2008-08-02 22:18 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001120.exe

C:\WINDOWS\system32\drivers\downld\4642906.exe
2008-08-02 22:18 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001121.exe

C:\WINDOWS\system32\drivers\downld\4657796.exe
2008-08-02 22:19 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001122.exe

C:\WINDOWS\system32\drivers\downld\467250.exe
2008-08-02 21:08 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001123.exe

C:\WINDOWS\system32\drivers\downld\4684359.exe
2008-08-02 22:19 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001124.exe

C:\WINDOWS\system32\drivers\downld\4709843.exe
2008-08-02 22:19 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001125.exe

C:\WINDOWS\system32\drivers\downld\4732890.exe
2008-08-02 22:20 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001126.exe

C:\WINDOWS\system32\drivers\downld\4742046.exe
2008-08-02 22:20 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001127.exe

C:\WINDOWS\system32\drivers\downld\4744390.exe
2008-08-02 22:20 94317 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001128.exe

C:\WINDOWS\system32\drivers\downld\4753453.exe
2008-08-02 22:20 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001129.exe

C:\WINDOWS\system32\drivers\downld\4755140.exe
2008-08-02 22:20 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001130.exe

C:\WINDOWS\system32\drivers\downld\4762171.exe
2008-08-02 22:20 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001131.exe

C:\WINDOWS\system32\drivers\downld\482656.exe
2008-08-02 21:09 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001132.exe

C:\WINDOWS\system32\drivers\downld\492250.exe
2008-08-02 21:09 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001133.exe

C:\WINDOWS\system32\drivers\downld\501859.exe
2008-08-02 21:09 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001134.exe

C:\WINDOWS\system32\drivers\downld\512328.exe
2008-08-02 21:09 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001135.exe

C:\WINDOWS\system32\drivers\downld\513984.exe
2008-08-02 21:09 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001136.exe

C:\WINDOWS\system32\drivers\downld\5170312.exe
2008-08-02 22:27 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001137.exe

C:\WINDOWS\system32\drivers\downld\5189578.exe
2008-08-02 22:27 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001138.exe

C:\WINDOWS\system32\drivers\downld\5199281.exe
2008-08-02 22:27 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001139.exe

C:\WINDOWS\system32\drivers\downld\5213109.exe
2008-08-02 22:28 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001140.exe

C:\WINDOWS\system32\drivers\downld\5221250.exe
2008-08-02 22:28 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001141.exe

C:\WINDOWS\system32\drivers\downld\5230734.exe
2008-08-02 22:28 69184 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001142.exe

C:\WINDOWS\system32\drivers\downld\5233250.exe
2008-08-02 22:28 94317 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001143.exe

C:\WINDOWS\system32\drivers\downld\5243156.exe
2008-08-02 22:28 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001144.exe

C:\WINDOWS\system32\drivers\downld\5262453.exe
2008-08-02 22:29 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001145.exe

C:\WINDOWS\system32\drivers\downld\527406.exe
2008-08-02 21:10 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001146.exe

C:\WINDOWS\system32\drivers\downld\5291406.exe
2008-08-02 22:29 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001147.exe

C:\WINDOWS\system32\drivers\downld\5299281.exe
2008-08-02 22:29 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001148.exe

C:\WINDOWS\system32\drivers\downld\5309703.exe
2008-08-02 22:29 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001149.exe

C:\WINDOWS\system32\drivers\downld\5311437.exe
2008-08-02 22:29 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001150.exe

C:\WINDOWS\system32\drivers\downld\5320500.exe
2008-08-02 22:29 34830 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001151.exe

C:\WINDOWS\system32\drivers\downld\5323593.exe
2008-08-02 22:29 55233 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001152.exe

C:\WINDOWS\system32\drivers\downld\534843.exe
2008-08-02 21:10 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001153.exe

C:\WINDOWS\system32\drivers\downld\5414265.exe
2008-08-02 22:31 33589 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001154.exe

C:\WINDOWS\system32\drivers\downld\5426359.exe
2008-08-02 22:31 58243 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001155.exe

C:\WINDOWS\system32\drivers\downld\547125.exe
2008-08-02 21:10 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001156.exe

C:\WINDOWS\system32\drivers\downld\558531.exe
2008-08-02 21:10 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001157.exe

C:\WINDOWS\system32\drivers\downld\570015.exe
2008-08-02 21:10 4316 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001158.exe

C:\WINDOWS\system32\drivers\downld\572531.exe
2008-08-02 21:10 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001159.exe

C:\WINDOWS\system32\drivers\downld\591609.exe
2008-08-02 21:11 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001160.exe

C:\WINDOWS\system32\drivers\downld\602468.exe
2008-08-02 21:11 69184 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001161.exe

C:\WINDOWS\system32\drivers\downld\620109.exe
2008-08-02 21:11 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001162.exe

C:\WINDOWS\system32\drivers\downld\627250.exe
2008-08-02 21:11 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001163.exe

C:\WINDOWS\system32\drivers\downld\635937.exe
2008-08-02 21:11 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001164.exe

C:\WINDOWS\system32\drivers\downld\649062.exe
2008-08-02 21:11 766 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001165.exe

C:\WINDOWS\system32\drivers\downld\650437.exe
2008-08-02 21:12 7749 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001166.exe

C:\WINDOWS\system32\drivers\downld\74984.exe
2008-08-02 21:02 22886 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001167.exe

C:\WINDOWS\system32\drivers\downld\76390.exe
2008-08-02 20:24 704004 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001168.exe

C:\WINDOWS\system32\drivers\downld\83656.exe
2008-08-02 20:24 6545 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001169.exe

C:\WINDOWS\system32\drivers\downld\96015.exe
2008-08-02 20:24 94317 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001170.exe

C:\WINDOWS\system32\drivers\hldrrr.exe
2006-06-12 01:10 712712 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001174.exe

C:\WINDOWS\system32\drivers\mdelk.exe
2006-06-12 01:10 712712 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001175.exe

C:\WINDOWS\system32\drivers\srosa.sys
2008-08-03 07:58 120084 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001171.sys

C:\WINDOWS\system32\mdelk.exe
2008-08-03 07:57 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001173.exe

C:\WINDOWS\system32\wintems.exe
2008-08-03 07:57 68349 {645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP2\A0001172.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 14:10 221184]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 03:07 102400]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 11:00 1116920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-06 14:58 172032]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 20:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 20:09 842584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 12:23 15961088 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\Thelma\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP LaserJet 3150 Status.lnk - C:\jetsuite\JETSTAT.EXE [2007-08-18 13:53:51 147456]
Inicio r pido de Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2007-09-28 19:31:30 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 22:06]
R1 jsmux;jsmux;C:\WINDOWS\system32\drivers\jsmux.sys [1999-09-22 13:48]
R1 jsscan;jsscan;C:\WINDOWS\system32\drivers\jsscan.sys [1999-09-22 13:48]
R2 jsfax;jsfax;C:\WINDOWS\system32\drivers\jsfax.sys [1999-09-22 13:48]
S4 jsdbg;jsdbg;C:\WINDOWS\system32\drivers\jsdbg.sys [1999-09-22 13:48]
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 00:35]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 17:13:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-05 17:15:25
ComboFix-quarantined-files.txt 2008-08-05 22:15:08
ComboFix2.txt 2008-08-04 17:50:27
ComboFix3.txt 2008-08-03 13:23:50

Pre-Run: 34,500,775,936 bytes free
Post-Run: 34,531,487,744 bytes free

669 --- E O F --- 2008-07-25 16:03:18


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:17:24 p.m., on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\jetsuite\JETSTAT.EXE
c:\jetsuite\jsdaemon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program File

Edited by toyma, 05 August 2008 - 04:40 PM.

  • 0

#14
toyma
Posted 05 August 2008 - 04:42 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
I don't know why the HJT report doesn't copy complete, so here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:17:24 p.m., on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\jetsuite\JETSTAT.EXE
c:\jetsuite\jsdaemon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE
O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O15 - Trusted Zone: http://cards.123greetings.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://download.macromedia.com
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: http://sdc.shockwave.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 10859 bytes
  • 0

#15
Jimmy2012
Posted 06 August 2008 - 02:15 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma,
You got infected because you downloaded cracks and keygens, in the future if you download them you will have to reformat because you won't get any help here.

STEP 1
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\Corina Finkler\Configuración local\temp\KeyGen.exe
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
~~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
The F-Secure log
And please let me know how your computer is running

Edited by Jimmy2012, 06 August 2008 - 02:21 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP