I repeat all steps again and here are the log files:
====================================================
Ad-Aware SE Build 1.06r1
Logfile Created on:miércoles, 31 de agosto de 2005 11:58:54
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R63 24.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):6 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):32 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R63 24.08.2005
Internal build : 73
File location : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 512535 Bytes
Total size : 1543974 Bytes
Signature data size : 1510909 Bytes
Reference data size : 32553 Bytes
Signatures total : 42991
CSI Fingerprints total : 1029
CSI data size : 36589 Bytes
Target categories : 15
Target families : 736
Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:58 %
Total physical memory:1048044 kb
Available physical memory:601712 kb
Total page file size:2521264 kb
Available on page file:2233520 kb
Total virtual memory:2097024 kb
Available virtual memory:2043632 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
31-08-2005 11:58:54 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 488
ThreadCreationTime : 31-08-2005 9:52:21
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 536
ThreadCreationTime : 31-08-2005 9:52:22
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 560
ThreadCreationTime : 31-08-2005 9:52:23
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 604
ThreadCreationTime : 31-08-2005 9:52:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 616
ThreadCreationTime : 31-08-2005 9:52:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 812
ThreadCreationTime : 31-08-2005 9:52:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 860
ThreadCreationTime : 31-08-2005 9:52:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 924
ThreadCreationTime : 31-08-2005 9:52:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1032
ThreadCreationTime : 31-08-2005 9:52:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1076
ThreadCreationTime : 31-08-2005 9:52:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1284
ThreadCreationTime : 31-08-2005 9:52:25
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [ewidoctrl.exe]
ModuleName : C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Archivos de programa\ewido\security suite\ewidoctrl.exe"
ProcessID : 1424
ThreadCreationTime : 31-08-2005 9:52:31
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:13 [inetinfo.exe]
ModuleName : C:\WINDOWS\system32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\system32\inetsrv\inetinfo.exe
ProcessID : 1456
ThreadCreationTime : 31-08-2005 9:52:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Servicios de Internet Information Server
CompanyName : Microsoft Corporation
FileDescription : Servicios de Internet Information Server
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : INETINFO.EXE
#:14 [mdm.exe]
ModuleName : C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1472
ThreadCreationTime : 31-08-2005 9:52:31
BasePriority : Normal
FileVersion : 7.10.4290
ProductVersion : 7.10.4290
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:15 [sqlservr.exe]
ModuleName : C:\Archivos de programa\Microsoft SQL Server\MSSQL$NetSDK\Binn\sqlservr.exe
Command Line : "C:\Archivos de programa\Microsoft SQL Server\MSSQL$NetSDK\Binn\sqlservr.exe" -sNetSDK
ProcessID : 1536
ThreadCreationTime : 31-08-2005 9:52:31
BasePriority : Normal
FileVersion : 2000.080.0384.00
ProductVersion : 8.00.384
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2000 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86
#:16 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : C:\WINDOWS\system32\nvsvc32.exe
ProcessID : 1696
ThreadCreationTime : 31-08-2005 9:52:34
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:17 [tmntsrv.exe]
ModuleName : C:\Archivos de programa\Trend Micro\Internet Security\Tmntsrv.exe
Command Line : "C:\Archivos de programa\Trend Micro\Internet Security\Tmntsrv.exe"
ProcessID : 1800
ThreadCreationTime : 31-08-2005 9:52:34
BasePriority : Normal
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : Tmntsrv.exe
#:18 [tmproxy.exe]
ModuleName : C:\Archivos de programa\Trend Micro\Internet Security\tmproxy.exe
Command Line : "C:\Archivos de programa\Trend Micro\Internet Security\tmproxy.exe"
ProcessID : 1844
ThreadCreationTime : 31-08-2005 9:52:34
BasePriority : Normal
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : TmProxy.exe
#:19 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1904
ThreadCreationTime : 31-08-2005 9:52:34
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:20 [pccpfw.exe]
ModuleName : C:\Archivos de programa\Trend Micro\Internet Security\PccPfw.exe
Command Line : "C:\Archivos de programa\Trend Micro\Internet Security\PccPfw.exe"
ProcessID : 364
ThreadCreationTime : 31-08-2005 9:52:35
BasePriority : Normal
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : PCCPFW
InternalName : PCCPFW
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCPFW.exe
#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2244
ThreadCreationTime : 31-08-2005 9:53:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 2676
ThreadCreationTime : 31-08-2005 9:53:29
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : EXPLORER.EXE
#:23 [pccguide.exe]
ModuleName : C:\Archivos de programa\Trend Micro\Internet Security\PCCGUIDE.EXE
Command Line : "C:\Archivos de programa\Trend Micro\Internet Security\PCCGUIDE.EXE"
ProcessID : 2704
ThreadCreationTime : 31-08-2005 9:53:30
BasePriority : Normal
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCGuide
#:24 [pcclient.exe]
ModuleName : C:\Archivos de programa\Trend Micro\Internet Security\PCClient.exe
Command Line : "C:\Archivos de programa\Trend Micro\Internet Security\PCClient.exe"
ProcessID : 2988
ThreadCreationTime : 31-08-2005 9:53:34
BasePriority : Normal
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : PCClient
InternalName : PCClient
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCClient
#:25 [tmoagent.exe]
ModuleName : C:\Archivos de programa\Trend Micro\Internet Security\TMOAgent.exe
Command Line : "C:\Archivos de programa\Trend Micro\Internet Security\TMOAgent.exe" /run
ProcessID : 3064
ThreadCreationTime : 31-08-2005 9:53:35
BasePriority : Normal
FileVersion : 11.0.0.1295
ProductVersion : 11.0.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
LegalCopyright : Copyright © 1995-2003 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : TMOAgent.EXE
#:26 [icqlite.exe]
ModuleName : C:\Archivos de programa\ICQLite\ICQLite.exe
Command Line : "C:\Archivos de programa\ICQLite\ICQLite.exe" -minimize
ProcessID : 3104
ThreadCreationTime : 31-08-2005 9:53:36
BasePriority : Normal
FileVersion : 20, 32, 2315, 0
ProductVersion : 20, 32, 2315, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright © 2002
OriginalFilename : ICQLite.exe
#:27 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 3308
ThreadCreationTime : 31-08-2005 9:53:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:28 [msmsgs.exe]
ModuleName : C:\Archivos de programa\Messenger\msmsgs.exe
Command Line : "C:\Archivos de programa\Messenger\msmsgs.exe" /background
ProcessID : 3496
ThreadCreationTime : 31-08-2005 9:53:41
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:29 [sqlmangr.exe]
ModuleName : C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Command Line : "C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe" /n
ProcessID : 3560
ThreadCreationTime : 31-08-2005 9:53:43
BasePriority : Normal
FileVersion : 2000.080.0382.00
ProductVersion : 8.00.382
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Service Manager
InternalName : SQLMANGR
LegalCopyright : © 1988-2000 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows is a trademark of Microsoft Corporation
OriginalFilename : SQLMANGR.exe
Comments : NT INTEL X86
#:30 [hpoavn07.exe]
ModuleName : C:\Archivos de programa\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
Command Line : "C:\Archivos
ProcessID : 3612
ThreadCreationTime : 31-08-2005 9:53:43
BasePriority : Normal
FileVersion : 2.00
ProductVersion : A.14.06.09
ProductName : hp officejet g series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOAVN07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOAVN07.EXE
Comments : HP OfficeJet G Series COM Device Objects
#:31 [hpoevm07.exe]
ModuleName : C:\ARCHIV~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
Command Line : C:\ARCHIV~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
ProcessID : 4088
ThreadCreationTime : 31-08-2005 9:53:51
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.06.09
ProductName : hp officejet g series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOEVM07.EXE
Comments : HP OfficeJet COM Event Manager
#:32 [hpoipm07.exe]
ModuleName : C:\WINDOWS\system32\hpoipm07.exe
Command Line : hpoipm07.exe
ProcessID : 1236
ThreadCreationTime : 31-08-2005 9:53:51
BasePriority : Normal
FileVersion : 4, 5, 0, 767
ProductVersion : 4, 5, 0, 767
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:33 [hposts07.exe]
ModuleName : C:\Archivos de programa\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
Command Line : "C:\Archivos de programa\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe" /DeviceID 1102583978 /Startup
ProcessID : 2916
ThreadCreationTime : 31-08-2005 9:54:11
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.06.09
ProductName : hp officejet g series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOCPY07.EXE
Comments : HP OfficeJet Status
#:34 [hpofxm07.exe]
ModuleName : C:\Archivos de programa\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
Command Line : "C:\Archivos
ProcessID : 2944
ThreadCreationTime : 31-08-2005 9:54:11
BasePriority : Normal
FileVersion : 1.00
ProductVersion : A.14.06.09
ProductName : hp officejet g series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet G Series Fax Manager
InternalName : HPOFXM07
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2000
OriginalFilename : HPOFXM07.EXE
Comments : HP OfficeJet G Series Fax Manager
#:35 [ad-aware.exe]
ModuleName : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 284
ThreadCreationTime : 31-08-2005 9:57:40
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUI3n5ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUB3D5om
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUE3v5nt
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUT3h5rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUT3h5rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUL3n5Title
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUI3g5noreS
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUS3t5atusOfSInst
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-602162358-1708537768-854245398-1106\software\aurora
Value : AUL3a5stSSChckin
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 28
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "
http://www.abetterinternet.com" TAC Rating : 3
Category : Vulnerability
Comment : (
http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "
http://www.abetterinternet.com" TAC Rating : 3
Category : Vulnerability
Comment : (
http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "
http://www.abetterinternet.com" TAC Rating : 3
Category : Vulnerability
Comment : (
http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "
http://www.abetterinternet.com" TAC Rating : 3
Category : Vulnerability
Comment : (
http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "
http://www.abetterinternet.com" TAC Rating : 3
Category : Vulnerability
Comment : (
http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "
http://www.abetterinternet.com" TAC Rating : 3
Category : Vulnerability
Comment : (
http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 34
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
4 entries scanned.
New critical objects:0
Objects found so far: 34
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
VX2 Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
VX2 Object Recognized!
Type : File
Data : abiuninst.htm
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 39
12:08:27 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:33.69
Objects scanned:186696
Objects identified:39
Objects ignored:0
New critical objects:39
====================================================
---------------------------------------------------------
ewido security suite - Report de exploración
---------------------------------------------------------
+ Creado en: 12:38:51, 31/08/2005
+ Report-Checksum: 5D3ABB18
+ Scan result:
[1284] C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Limpio con backup
[2676] VM_00980000 -> Adware.BetterInternet : Error durante limpieza
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Limpio con backup
C:\WINDOWS\pxcrrwnxfr.exe -> Adware.BetterInternet : Limpio con backup
C:\WINDOWS\system32\DrPMon.dll -> Trojan.Agent.db : Limpio con backup
::Fin Report
====================================================
Logfile of HijackThis v1.99.1
Scan saved at 12:45:07, on 31/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Archivos de programa\Trend Micro\Internet Security\pccguide.exe
C:\Archivos de programa\Trend Micro\Internet Security\PCClient.exe
C:\Archivos de programa\Trend Micro\Internet Security\TMOAgent.exe
C:\Archivos de programa\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Archivos de programa\Microsoft SQL Server\MSSQL$NetSDK\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Trend Micro\Internet Security\Tmntsrv.exe
C:\Archivos de programa\Trend Micro\Internet Security\tmproxy.exe
C:\Archivos de programa\Trend Micro\Internet Security\PccPfw.exe
C:\ARCHIV~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Archivos de programa\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Archivos de programa\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Downloads\AntiVir\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://transmodal50/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 66.213.198.101 www.nqli.com
O1 - Hosts: 66.213.198.101 connect.nqli.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Archivos de programa\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Archivos de programa\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Archivos de programa\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [ICQ Lite] C:\Archivos de programa\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Archivos de programa\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Administrador de servicios.lnk = C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Archivos de programa\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmbacklinks.html
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Archivos de programa\ICQlite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Archivos de programa\ICQlite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = transmodalbots.com
O17 - HKLM\Software\..\Telephony: DomainName = transmodalbots.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B184BF09-7EF7-48FB-9CA8-72DFE28EDEE7}: NameServer = 192.168.30.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = transmodalbots.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Archivos de programa\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Archivos de programa\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Archivos de programa\Trend Micro\Internet Security\tmproxy.exe