View Full Version : Virtumonde etc., + NO task manager, NO control over PC
Cheche Silveyra
2008-02-20, 06:51
Hello, I have Virtumonde, Malware Alarm etc. You name the bug, I probably have it. I can`t open the Task Manager, I can`t run the Kaspersky scan because I can`t install it because "I DON`T HAVE ADMINISTRATIVE PRIVILEGES" (or something like that). It's a mess.
I've tried Ad Aware, Spybot and the one from Microsoft but I can't get rid of it. My wallpaper is blue with a notice about being infected (which I read somewhere that is a symptom of Smitfraud).
Anyway, I do have the report from HJT. Can you guys help? Is it enough?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:29, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\mmhren1.exe
C:\Archivos de programa\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\QuickTime\QTTask.exe
C:\Archivos de programa\Windows Defender\MSASCui.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Windows Media Player\WMPNSCFG.exe
C:\ARCHIV~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Archivos de programa\TechSmith\SnagIt 8\SnagIt32.exe
C:\Archivos de programa\HPQ\Shared\hpqwmi.exe
C:\Archivos de programa\TechSmith\SnagIt 8\TSCHelp.exe
C:\Archivos de programa\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O3 - Toolbar: Asistente para Internet de Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Archivos de programa\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Archivos de programa\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\ARCHIV~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Archivos de programa\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKLM\..\Run: [BM7a789ed8] Rundll32.exe "C:\WINDOWS\system32\mokbdjko.dll",s
O4 - HKLM\..\RunServices: [System Support] torrent.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Archivos de programa\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Explore with &Instant Source - C:\Program Files\Instant Source\context.html
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel.com/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARCHIV~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\CHECHE~1.YOU\CONFIG~1\Temp\hpdj.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Archivos de programa\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 9748 bytes
steamwiz
2008-02-23, 16:29
Hi
Seeing as you can't run Kaspersky ... try this :-
Go here to run an online scan from ESET.
http://www.eset.eu/online-scanner
Note: You will need to use Internet explorer for this scan
1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is checkmarked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Copy and paste the log into your next reply
THEN ...
Download Superantispyware.
http://www.superantispyware.com/
Once downloaded and installed update the definitions
and then run a full system scan quarantine what it finds!
* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
http://www.superantispyware.com/definitions.html
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
THEN ...
Please download Combofix: http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
and save to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
Please remember to post :-
1. C:\Program Files\EsetOnlineScanner\log.txt
2. SUPERAntiSpyware Scan Log
3. C:\ComboFix.txt
4. a new hijackthis log.( run after everything else)
steam
Cheche Silveyra
2008-02-24, 21:19
Hey, thanks a lot man! Im trying to do everything you said but its taking forever. I'll post the results as soon as they're done. :red:
Cheche Silveyra
2008-02-25, 19:25
Hey Steam, I finally ran as much as I could. The ESET went on for 4 hours, SUPER ran for 9 and I had to ran ComboFix twice cuz I didn't turn of the firewall, tea timer, etc.
The thing here is that I CANT RUN HIJACKTHIS! I tried to download it again but everytime I make a search for it the virus or whatever closes the browser (IE or Firefox).
Anyway, here's the ESET log:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2898 (20080223)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=8a2a903eb96dfe44a1edddbb383999e4
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-02-25 12:26:10
# local_time=2008-02-24 05:26:10 (-0700, Hora estándar Montañas (México))
# country="Spain"
# osver=5.1.2600 NT Service Pack 2
# scanned=395703
# found=52
# scan_time=15109
C:\bot.exe Win32/Spy.Agent.NFB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\d.exe~ Win32/Agent.ALM trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\jupss.exe Win32/TrojanProxy.Wintu trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\jupss.exe~ Win32/TrojanProxy.Wintu trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\qrwkjyd.exe~ Win32/TrojanDownloader.Small.NSL trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\qsdjpwpb.exe a variant of Win32/TrojanDropper.Agent.NGU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\wpohl.exe Win32/Rustock.NDO trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Enigma Software Group\SpyHunter\keygen.exe Win32/TrojanDownloader.Small.NRS trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Enigma Software Group\SpyHunter\readme.bat probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\d.exe.vir Win32/Agent.ALM trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Archivos de programa\Helper\1203290901.dll.vir Win32/BHO.NCI trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Archivos de programa\Helper\1203444629.dll.vir Win32/BHO.NBZ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Archivos de programa\Helper\1203444932.dll.vir Win32/BHO.NBZ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\ajwmdgyd.dll.vir Win32/BHO.G trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\awtttst.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\balrcbvg.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\fgewhmha.dll.vir Win32/BHO.NCC trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\ftdlyxin.dll.vir Win32/BHO.G trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\mqmvgmia.dll.vir Win32/BHO.G trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\msvcrtd.exe.vir Win32/Agent.ALM trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\nkprroxx.dll.vir Win32/BHO.NCD trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\opnnmnl.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\umnvgpmn.dll.vir Win32/BHO.G trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Bcb34.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Csw70.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Dwjw82.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Gswn79.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Hrro73.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Hslu74.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Ikr51.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Kyg52.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Lej34.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Nrl47.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Plnd44.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Qhnl47.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Qixg53.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Raac17.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Rpl41.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\symavc32.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Toq43.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Txx59.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vpa26.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Xvnd46.sys.vir Win32/Rootkit.Agent.HU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\mmhren1.exe Win32/Spy.Agent.NFB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\10540e459d04652460ac514912b21a54.TMP Win32/TrojanDownloader.Agent.GYY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\logoff.log Win32/TrojanDownloader.Agent.GYY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\rxjddnvj.exe Win32/TrojanDownloader.FakeAlert.AK trojan (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\WINDOWS\system32\service.exe~ a variant of Win32/TrojanDropper.Agent.NIF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\service.sys Win32/TrojanProxy.Agent.YD trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\WLCtrl32.dll probably a variant of Win32/Wigon.AY trojan (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\WINDOWS\system32\WLCtrl32.dl_ probably a variant of Win32/Wigon.AY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\O7H01BU4\setup[1].exe Win32/TrojanDownloader.FakeAlert.AK trojan (unable to clean - deleted) 00000000000000000000000000000000
Cheche Silveyra
2008-02-25, 19:27
This is the SUPERAntispyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/25/2008 at 02:48 AM
Application Version : 3.9.1008
Core Rules Database Version : 3408
Trace Rules Database Version: 1400
Scan type : Complete Scan
Total Scan Time : 08:51:26
Memory items scanned : 576
Memory threats detected : 2
Registry items scanned : 7630
Registry threats detected : 34
File items scanned : 93646
File threats detected : 178
Rootkit.Runtime3/Mutant
C:\WINDOWS\SYSTEM32\WLCTRL32.DLL
C:\WINDOWS\SYSTEM32\WLCTRL32.DLL
HKLM\System\ControlSet006\Services\Jqa31
C:\WINDOWS\SYSTEM32\DRIVERS\JQA31.SYS
HKLM\System\ControlSet007\Services\Jqa31
HKLM\System\ControlSet008\Services\Jqa31
HKLM\System\CurrentControlSet\Services\Jqa31
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP321\A0074654.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP321\A0074657.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP321\A0074662.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP321\A0075657.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP321\A0075661.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0076678.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077658.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077666.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077671.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077674.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077678.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077686.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077690.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0078686.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0078690.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0079686.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0079709.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0079736.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0079760.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0080760.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0080764.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0081760.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0081765.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0081774.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0081780.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0081782.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0081786.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0082782.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0082787.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0082791.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0083791.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0083796.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP324\A0083803.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP324\A0083809.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP324\A0083812.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP324\A0083818.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP324\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP325\A0083826.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP325\A0083834.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP325\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0084013.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0085013.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0086013.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0087013.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0088013.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0089013.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0090013.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0091013.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0091017.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0092017.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0092021.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0092027.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP327\A0092041.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP327\SNAPSHOT\MFEX-1.DAT
C:\WINDOWS\SYSTEM32\WLCTRL32.VDLL
Trojan.Downloader-Gen/Burre
C:\WINDOWS\SYSTEM32\MARWIN32.DLL
C:\WINDOWS\SYSTEM32\MARWIN32.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}
HKCR\CLSID\{FFFFFFFF-F538-4F86-ABAF-E9D94D5C007C}
HKCR\CLSID\{FFFFFFFF-F538-4F86-ABAF-E9D94D5C007C}
HKCR\CLSID\{FFFFFFFF-F538-4F86-ABAF-E9D94D5C007C}\InprocServer32
HKCR\CLSID\{FFFFFFFF-F538-4F86-ABAF-E9D94D5C007C}\InprocServer32#ThreadingModel
HKCR\CLSID\{FFFFFFFF-F538-4F86-ABAF-E9D94D5C007C}\ProgID
HKCR\CLSID\{FFFFFFFF-F538-4F86-ABAF-E9D94D5C007C}\TypeLib
HKCR\CLSID\{FFFFFFFF-F538-4F86-ABAF-E9D94D5C007C}\VersionIndependentProgID
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP321\A0074653.DLL
C:\WINDOWS\SYSTEM32\CYGWN32.DLL
Adware.SimpleSearchAssistant
HKLM\Software\Classes\CLSID\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}
HKCR\CLSID\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}
HKCR\CLSID\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}
HKCR\CLSID\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}\InprocServer32
HKCR\CLSID\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}\InprocServer32#ThreadingModel
HKCR\CLSID\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}\ProgID
HKCR\CLSID\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\SSA.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{E1366A61-BE03-4267-BB31-9DD1B21E0D86}
HKCR\CLSID\{E1366A61-BE03-4267-BB31-9DD1B21E0D86}
HKCR\CLSID\{E1366A61-BE03-4267-BB31-9DD1B21E0D86}\InprocServer32
HKCR\CLSID\{E1366A61-BE03-4267-BB31-9DD1B21E0D86}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSTTS.DLL
Adware.AdBreak
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
C:\WINDOWS\FHFMM-UNINSTALLER.EXE
C:\WINDOWS\FHFMM.EXE
C:\WINDOWS\HCWPRN.EXE
C:\WINDOWS\KKCOMP.DLL
C:\WINDOWS\KKCOMP.EXE
C:\WINDOWS\KVNAB.DLL
C:\WINDOWS\KVNAB.EXE
C:\WINDOWS\LIQAD.DLL
C:\WINDOWS\LIQAD.EXE
C:\WINDOWS\LIQUI-UNINSTALLER.EXE
C:\WINDOWS\LIQUI.DLL
C:\WINDOWS\LIQUI.EXE
C:\WINDOWS\PBSYSIE.DLL
C:\WINDOWS\SETTN.DLL
C:\WINDOWS\WBECHECK.EXE
C:\WINDOWS\XADBRK.DLL
C:\WINDOWS\XADBRK.EXE
C:\WINDOWS\XADBRK_.EXE
411Ferret Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}
Adware.AdBlaster
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}
AdBars BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}
Adware.404Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}
Adware.Accoona
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}
Trojan.PBar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}
Adware.Tracking Cookie
C:\Documents and Settings\cheche.YOUR-A7454AE413\Cookies\cheche@media6degrees[1].txt
C:\Documents and Settings\cheche.YOUR-A7454AE413\Cookies\cheche@apmebf[1].txt
C:\Documents and Settings\cheche.YOUR-A7454AE413\Cookies\cheche@www.burstbeacon[1].txt
C:\Documents and Settings\cheche.YOUR-A7454AE413\Cookies\cheche@adopt.euroclick[2].txt
C:\Documents and Settings\cheche.YOUR-A7454AE413\Cookies\cheche@trafficmp[1].txt
C:\Documents and Settings\cheche.YOUR-A7454AE413\Cookies\cheche@ad.yieldmanager[1].txt
C:\Documents and Settings\cheche.YOUR-A7454AE413\Cookies\cheche@tribalfusion[2].txt
C:\Documents and Settings\cheche.YOUR-A7454AE413\Cookies\cheche@doubleclick[1].txt
C:\Documents and Settings\cheche.YOUR-A7454AE413\Cookies\cheche@www.burstnet[1].txt
C:\Documents and Settings\cheche.YOUR-A7454AE413\Cookies\cheche@fastclick[2].txt
C:\Documents and Settings\Administrador\Cookies\administrador@ads.hi5[1].txt
C:\Documents and Settings\Administrador\Cookies\administrador@ads.miarroba[2].txt
C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt
C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt
C:\Documents and Settings\Administrador\Cookies\administrador@mediaservices.myspace[1].txt
C:\Documents and Settings\Administrador\Cookies\administrador@partner2profit[1].txt
C:\Documents and Settings\Administrador\Cookies\administrador@revsci[2].txt
C:\Documents and Settings\Administrador\Cookies\administrador@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrador\Cookies\administrador@tacoda[2].txt
C:\Documents and Settings\Administrador\Cookies\administrador@www.burstnet[1].txt
C:\Documents and Settings\surfing\Cookies\surfing@ad.directanetworks[2].txt
C:\Documents and Settings\surfing\Cookies\surfing@ads.hi5[2].txt
C:\Documents and Settings\surfing\Cookies\surfing@ads.us.e-planning[1].txt
C:\Documents and Settings\surfing\Cookies\surfing@eas.apm.emediate[2].txt
C:\Documents and Settings\surfing\Cookies\surfing@join.porntube[2].txt
C:\Documents and Settings\surfing\Cookies\surfing@nextag[2].txt
C:\Documents and Settings\surfing\Cookies\surfing@oas.directaclick[1].txt
C:\Documents and Settings\surfing\Cookies\surfing@porntube[2].txt
C:\Documents and Settings\surfing\Cookies\surfing@track.bestbuy[2].txt
C:\Documents and Settings\surfing\Cookies\surfing@track.webgains[1].txt
C:\Documents and Settings\surfing\Cookies\surfing@tracker.myspacemaps[1].txt
C:\Documents and Settings\surfing\Cookies\surfing@www.porntube[1].txt
Adware.MMHRen-Trace
C:\WINDOWS\mmax_hren2.ini
Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP321\A0074637.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP323\A0081775.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083962.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083964.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083966.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083968.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083969.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083970.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083971.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083972.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083973.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083975.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083978.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083979.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083982.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083983.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083985.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083987.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083988.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083989.DLL
RootKit.Unclassified/PolyMorph-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP321\A0074647.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083888.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083942.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083943.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083944.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083945.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083946.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083947.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083948.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083949.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083950.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083951.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083952.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083953.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083954.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083955.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083956.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083957.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083958.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083959.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083960.SYS
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP321\A0074649.EXE
Trojan.Unclassified/MMHRen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0076686.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077668.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077669.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077684.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0077696.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP322\A0078696.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0092029.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP327\A0092038.EXE
Adware.E404 Helper/Variant-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083883.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083884.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083885.DLL
Trojan.Unclassifed/AffiliateBundle
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083963.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP326\A0083980.DLL
Rogue.Unclassified/Loader
C:\SYSTEM VOLUME INFORMATION\_RESTORE{58DEBF9E-8D38-41FB-BF88-3C8E6BEAA4D3}\RP327\A0092039.EXE
C:\WINDOWS\SYSTEM32\RXJDDNVJ.VEXE
Trojan.FakeDrop-764
C:\WINDOWS\764.EXE
Trojan.FakeDrop-7Search
C:\WINDOWS\7SEARCH.DLL
Trojan.FakeDrop-FLT
C:\WINDOWS\FLT.DLL
Trojan.FakeDrop-PBar
C:\WINDOWS\PBAR.DLL
Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\ESHOPEE.EXE
Trojan.Fakespy-B
C:\WINDOWS\SYSTEM32\MSOLE32.EXE
Cheche Silveyra
2008-02-25, 19:29
This is the log that ComboFix created after I ran it with the protection on:
ComboFix 08-02-20.2 - cheche 2008-02-25 10:02:32.4 - NTFSx86
Se ejecuta desde: C:\Documents and Settings\cheche.YOUR-A7454AE413\Escritorio\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xxxvideo.exe
.
(((((((((((((((((( Archivos creados desde 2008-01-25 - 2008-02-25 )))))))))))))))))))))))))))))))))
.
2008-02-25 09:53 . 2008-02-25 09:53 167,953 --a------ C:\WINDOWS\system32\ssa.dll
2008-02-24 17:47 . 2008-02-24 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-02-24 17:46 . 2008-02-24 17:46 <DIR> d-------- C:\Documents and Settings\cheche.YOUR-A7454AE413\Datos de programa\SUPERAntiSpyware.com
2008-02-24 17:46 . 2008-02-25 09:56 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-02-24 13:06 . 2008-02-24 17:26 <DIR> d-------- C:\Archivos de programa\EsetOnlineScanner
2008-02-20 09:52 . 2008-02-25 09:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 09:52 . 2008-02-20 09:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-19 18:25 . 2008-02-19 18:25 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-02-19 11:10 . 2008-02-19 11:11 122,385 --------- C:\WINDOWS\system32\dbafedacfbdafddbef.dll
2008-02-18 19:41 . 2008-02-19 11:15 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-17 14:51 . 2008-02-17 14:51 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-17 14:05 . 2004-08-20 06:00 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2008-02-17 14:05 . 2004-08-20 06:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys
2008-02-17 13:26 . 2008-02-17 18:58 2 --a------ C:\2035002859
2008-02-17 13:25 . 2008-02-17 18:58 10,240 --a------ C:\exujd.exe
2008-02-17 13:14 . 2008-02-17 13:15 <DIR> d-------- C:\Archivos de programa\Windows Defender
2008-02-17 00:40 . 2008-02-17 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Lavasoft
2008-02-16 16:54 . 2008-02-16 16:54 <DIR> d-------- C:\Archivos de programa\Enigma Software Group
2008-02-15 13:24 . 2008-02-22 10:46 13,264 --a------ C:\WINDOWS\BM7a789ed8.xml
2008-02-15 13:24 . 2008-02-21 18:27 21 --a------ C:\WINDOWS\pskt.ini
2008-02-14 17:11 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-14 16:39 . 2008-02-14 16:39 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-14 16:39 . 2008-02-14 16:39 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-14 14:51 . 2008-02-14 14:51 2,578 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-13 17:55 . 2008-02-14 00:25 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-13 17:34 . 2008-02-13 17:34 <DIR> d-------- C:\KAV
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\system32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 08:48 . 2008-02-05 08:48 77,824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 00:43 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-02-24 19:23 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-02-18 02:36 --------- d-----w C:\Archivos de programa\Spybot - Search & Destroy
2008-02-17 21:09 --------- d-----w C:\Archivos de programa\Archivos comunes\Symantec Shared
2008-02-17 20:24 --------- d-----w C:\Archivos de programa\BitTorrent_DNA
2008-02-17 20:22 --------- d-----w C:\Documents and Settings\cheche.YOUR-A7454AE413\Datos de programa\BitTorrent DNA
2008-02-17 07:41 --------- d-----w C:\Archivos de programa\Lavasoft
2008-02-15 02:10 --------- d-----w C:\Archivos de programa\QuickTime
2008-02-15 02:07 --------- d-----w C:\Archivos de programa\Norton AntiVirus
2008-02-15 02:05 --------- d-----w C:\Archivos de programa\MSN Messenger
2008-02-15 01:43 --------- d-----w C:\Archivos de programa\iTunes
2008-02-15 01:35 --------- d-----w C:\Archivos de programa\Google
2008-02-15 01:28 --------- d-----w C:\Archivos de programa\Bonjour
2008-02-14 20:45 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-02-14 07:11 --------- d-----w C:\Archivos de programa\Archivos comunes\Macromedia
2008-02-14 06:47 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-02-14 06:47 --------- d-----w C:\Archivos de programa\Macromedia
2008-02-14 04:20 --------- d-----w C:\Archivos de programa\WMR11
2008-02-14 04:18 --------- d-----w C:\Archivos de programa\MSN Games
2008-02-14 04:17 --------- d-----w C:\Archivos de programa\STATSv2
2008-02-14 04:15 --------- d-----w C:\Archivos de programa\SPSSEval
2008-02-14 03:56 --------- d-----w C:\Archivos de programa\Freecorder
2008-02-14 03:51 --------- d-----w C:\Archivos de programa\DEXPLORE
2008-02-14 03:41 --------- d-----w C:\Archivos de programa\Audio Converter
2008-01-11 06:29 --------- d-----w C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2
2008-01-11 05:37 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 20:15 --------- d-----w C:\Archivos de programa\Windows Live
2008-01-10 20:10 --------- d-----w C:\Archivos de programa\Microsoft SQL Server Compact Edition
2008-01-10 20:05 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-10 19:56 --------- dcsh--w C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-01-10 19:36 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-01-08 05:10 --------- d-----w C:\Archivos de programa\PKR
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 16:54 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-08 05:08 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:02 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:01 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-01 04:32 9,074 --sh--w C:\WINDOWS\system32\sttss.tmp
2007-07-27 00:06 482 ----a-w C:\Archivos de programa\Acceso directo a Winamp.lnk
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}]
2008-02-25 09:53 167953 --a------ C:\WINDOWS\system32\ssa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 13:14 68856]
"MsnMsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 06:00 15360]
"WMPNSCFG"="C:\Archivos de programa\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:02 204800]
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" [ ]
"SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Archivos de programa\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-10-24 05:23 499712]
"CognizanceTS"="C:\ARCHIV~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 11:12 17920]
"SynTPEnh"="C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 04:50 729178]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"QuickTime Task"="C:\Archivos de programa\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"ccApp"="C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" [2006-09-03 00:04 84640]
"osCheck"="C:\Archivos de programa\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22 26248]
"Windows Defender"="C:\Archivos de programa\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"System Support"="torrent.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-20 06:00 15360]
"DWQueuedReporting"="C:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]
C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Inicio r*pido de Adobe Reader.lnk - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
SnagIt 8.lnk - C:\Archivos de programa\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-16 17:40:52 6379080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxutsr]
byxutsr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbafedacfbdafddbef]
C:\WINDOWS\system32\dbafedacfbdafddbef.dll 2008-02-19 11:11 122385 C:\WINDOWS\system32\dbafedacfbdafddbef.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Archivos de programa\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 11:41 40960 C:\Archivos de programa\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 16:35 32768 C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2005-07-04 15:47 184320 C:\Archivos de programa\InterVideo\DVD Check\DVDCheck.exe
R2 ASChannel;Canal de comunicación local;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:00]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-17 18:00]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 07:01]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-02-19 18:25]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa0d219-54c1-11dc-90b9-0014a5a400c0}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4d8f380-a508-11db-8fc1-0014a5a400c0}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de3b9fb2-c8ef-11db-9005-0014a5a400c0}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contenido de carpeta 'Tareas Programadas'
"2008-02-25 13:55:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Archivos de programa\Windows Defender\MpCmdRun.exe
"2008-02-02 03:18:39 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - cheche.job"
- C:\ARCHIV~1\NORTON~1\Navw32.exei/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 10:10:21
Windows 5.1.2600 Service Pack 2 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
**************************************************************************
.
Tiempo completado: 2008-02-25 10:13:04
ComboFix-quarantined-files.txt 2008-02-25 17:12:14
ComboFix2.txt 2008-02-23 02:23:35
.
2008-02-24 20:37:08 --- E O F ---
Cheche Silveyra
2008-02-25, 19:31
And finally, this is the log created after running ComboFix with the protection off (please let me know if there's anything I can do to run hijackthis):
ComboFix 08-02-20.2 - cheche 2008-02-25 10:43:54.5 - NTFSx86
Se ejecuta desde: C:\Documents and Settings\cheche.YOUR-A7454AE413\Escritorio\ComboFix.exe
.
(((((((((((((((((( Archivos creados desde 2008-01-25 - 2008-02-25 )))))))))))))))))))))))))))))))))
.
2008-02-25 09:53 . 2008-02-25 09:53 167,953 --a------ C:\WINDOWS\system32\ssa.dll
2008-02-24 17:47 . 2008-02-24 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-02-24 17:46 . 2008-02-24 17:46 <DIR> d-------- C:\Documents and Settings\cheche.YOUR-A7454AE413\Datos de programa\SUPERAntiSpyware.com
2008-02-24 17:46 . 2008-02-25 09:56 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-02-24 13:06 . 2008-02-24 17:26 <DIR> d-------- C:\Archivos de programa\EsetOnlineScanner
2008-02-20 09:52 . 2008-02-25 09:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 09:52 . 2008-02-20 09:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-19 18:25 . 2008-02-19 18:25 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-02-19 11:10 . 2008-02-19 11:11 122,385 --------- C:\WINDOWS\system32\dbafedacfbdafddbef.dll
2008-02-18 19:41 . 2008-02-19 11:15 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-17 14:51 . 2008-02-17 14:51 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-17 14:05 . 2004-08-20 06:00 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2008-02-17 14:05 . 2004-08-20 06:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys
2008-02-17 13:26 . 2008-02-17 18:58 2 --a------ C:\2035002859
2008-02-17 13:25 . 2008-02-17 18:58 10,240 --a------ C:\exujd.exe
2008-02-17 13:14 . 2008-02-17 13:15 <DIR> d-------- C:\Archivos de programa\Windows Defender
2008-02-17 00:40 . 2008-02-17 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Lavasoft
2008-02-16 16:54 . 2008-02-16 16:54 <DIR> d-------- C:\Archivos de programa\Enigma Software Group
2008-02-15 13:24 . 2008-02-22 10:46 13,264 --a------ C:\WINDOWS\BM7a789ed8.xml
2008-02-15 13:24 . 2008-02-21 18:27 21 --a------ C:\WINDOWS\pskt.ini
2008-02-14 17:11 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-14 16:39 . 2008-02-14 16:39 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-14 16:39 . 2008-02-14 16:39 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-14 14:51 . 2008-02-14 14:51 2,578 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-13 17:55 . 2008-02-14 00:25 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-13 17:34 . 2008-02-13 17:34 <DIR> d-------- C:\KAV
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\system32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 08:48 . 2008-02-05 08:48 77,824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 00:43 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-02-24 19:23 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-02-18 02:36 --------- d-----w C:\Archivos de programa\Spybot - Search & Destroy
2008-02-17 21:09 --------- d-----w C:\Archivos de programa\Archivos comunes\Symantec Shared
2008-02-17 20:24 --------- d-----w C:\Archivos de programa\BitTorrent_DNA
2008-02-17 20:22 --------- d-----w C:\Documents and Settings\cheche.YOUR-A7454AE413\Datos de programa\BitTorrent DNA
2008-02-17 07:41 --------- d-----w C:\Archivos de programa\Lavasoft
2008-02-15 02:10 --------- d-----w C:\Archivos de programa\QuickTime
2008-02-15 02:07 --------- d-----w C:\Archivos de programa\Norton AntiVirus
2008-02-15 02:05 --------- d-----w C:\Archivos de programa\MSN Messenger
2008-02-15 01:43 --------- d-----w C:\Archivos de programa\iTunes
2008-02-15 01:35 --------- d-----w C:\Archivos de programa\Google
2008-02-15 01:28 --------- d-----w C:\Archivos de programa\Bonjour
2008-02-14 20:45 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-02-14 07:11 --------- d-----w C:\Archivos de programa\Archivos comunes\Macromedia
2008-02-14 06:47 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-02-14 06:47 --------- d-----w C:\Archivos de programa\Macromedia
2008-02-14 04:20 --------- d-----w C:\Archivos de programa\WMR11
2008-02-14 04:18 --------- d-----w C:\Archivos de programa\MSN Games
2008-02-14 04:17 --------- d-----w C:\Archivos de programa\STATSv2
2008-02-14 04:15 --------- d-----w C:\Archivos de programa\SPSSEval
2008-02-14 03:56 --------- d-----w C:\Archivos de programa\Freecorder
2008-02-14 03:51 --------- d-----w C:\Archivos de programa\DEXPLORE
2008-02-14 03:41 --------- d-----w C:\Archivos de programa\Audio Converter
2008-01-11 06:29 --------- d-----w C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2
2008-01-11 05:37 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 20:15 --------- d-----w C:\Archivos de programa\Windows Live
2008-01-10 20:10 --------- d-----w C:\Archivos de programa\Microsoft SQL Server Compact Edition
2008-01-10 20:05 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-10 19:56 --------- dcsh--w C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-01-10 19:36 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-01-08 05:10 --------- d-----w C:\Archivos de programa\PKR
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 16:54 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-08 05:08 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:02 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:01 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-01 04:32 9,074 --sh--w C:\WINDOWS\system32\sttss.tmp
2007-07-27 00:06 482 ----a-w C:\Archivos de programa\Acceso directo a Winamp.lnk
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 307,200 2005-10-24 22:53:40 C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
----a-w 110,592 2003-08-18 23:01:00 C:\Archivos de programa\Archivos comunes\Sonic\Update Manager\bak\sgtray.exe
----a-w 58,992 2004-12-13 16:30:00 C:\Archivos de programa\Archivos comunes\Symantec Shared\bak\ccApp.exe
----a-w 84,640 2006-09-03 07:04:26 C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
----a-w 344,064 2005-08-09 19:05:00 C:\Archivos de programa\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 163,576 2006-11-19 22:25:02 C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe
----a-w 233,534 2005-06-29 11:48:04 C:\Archivos de programa\HPQ\Default Settings\bak\cpqset.exe
----a-w 73,728 2005-04-08 09:08:08 C:\Archivos de programa\HPQ\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE
----a-w 409,600 2005-12-07 08:56:56 C:\Archivos de programa\HPQ\Quick Launch Buttons\bak\EabServr.exe
----a-w 301,776 2005-06-04 17:03:28 C:\Archivos de programa\Microsoft Encarta\Encarta 2006 Biblioteca Premium DVD\bak\EDICT.EXE
----a-w 77,824 2006-10-10 04:45:33 C:\Archivos de programa\QuickTime\bak\qttask.exe
----a-w 286,720 2007-11-15 06:43:10 C:\Archivos de programa\QuickTime\QTTask.exe
----a-w 196,608 2004-09-20 14:16:40 C:\Archivos de programa\Scroll Mouse\bak\MouseElf.EXE
----a-w 729,178 2005-06-20 11:50:08 C:\Archivos de programa\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 729,178 2005-06-20 11:50:08 C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
----a-w 15,360 2004-08-20 08:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-20 13:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 122,940 2005-08-31 03:20:00 C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}]
2008-02-25 09:53 167953 --a------ C:\WINDOWS\system32\ssa.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 13:14 68856]
"MsnMsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 06:00 15360]
"WMPNSCFG"="C:\Archivos de programa\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:02 204800]
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" [ ]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Archivos de programa\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-10-24 05:23 499712]
"CognizanceTS"="C:\ARCHIV~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 11:12 17920]
"SynTPEnh"="C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 04:50 729178]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"QuickTime Task"="C:\Archivos de programa\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"ccApp"="C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" [2006-09-03 00:04 84640]
"osCheck"="C:\Archivos de programa\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22 26248]
"Windows Defender"="C:\Archivos de programa\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"System Support"="torrent.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-20 06:00 15360]
"DWQueuedReporting"="C:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]
C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Inicio r*pido de Adobe Reader.lnk - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
SnagIt 8.lnk - C:\Archivos de programa\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-16 17:40:52 6379080]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxutsr]
byxutsr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbafedacfbdafddbef]
C:\WINDOWS\system32\dbafedacfbdafddbef.dll 2008-02-19 11:11 122385 C:\WINDOWS\system32\dbafedacfbdafddbef.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Archivos de programa\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 11:41 40960 C:\Archivos de programa\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 16:35 32768 C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2005-07-04 15:47 184320 C:\Archivos de programa\InterVideo\DVD Check\DVDCheck.exe
R2 ASChannel;Canal de comunicación local;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:00]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-17 18:00]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 07:01]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-02-19 18:25]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa0d219-54c1-11dc-90b9-0014a5a400c0}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4d8f380-a508-11db-8fc1-0014a5a400c0}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de3b9fb2-c8ef-11db-9005-0014a5a400c0}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contenido de carpeta 'Tareas Programadas'
"2008-02-02 03:18:39 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - cheche.job"
- C:\ARCHIV~1\NORTON~1\Navw32.exei/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 10:49:45
Windows 5.1.2600 Service Pack 2 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
**************************************************************************
.
Tiempo completado: 2008-02-25 10:54:21
ComboFix-quarantined-files.txt 2008-02-25 17:54:11
ComboFix2.txt 2008-02-25 17:13:05
ComboFix3.txt 2008-02-23 02:23:35
.
2008-02-24 20:37:08 --- E O F ---
steamwiz
2008-02-26, 00:08
HI
You first ran Combofix on 2008-02-23 02:23:35
Please post that log for me first ... it's the one called ComboFix3.txt
-
You still have lots of malware ... does Task Manager work now ?
1. Download SDFix and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
2. Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
3. Reboot into Safe Mode`:-
Reboot into >>>safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
4. Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.
THEN ...
Download Deckard's System Scanner (formerly Comboscan) (http://www.geekstogo.com/forum/index.php?automodule=downloads&showfile=19) to your Desktop.
1. Close all applications and windows.
2. Double-click on comboscan.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - ComboScan.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next reply.
5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
6. Please copy and paste the contents of Supplementary.txt to your post.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
steam
Cheche Silveyra
2008-02-26, 00:48
Hello Steam, yeah, I ran ComboFix preety much out of desperation (I needed some work done, which obviously I couldn't do) and follow the directions on Bleeping Computer www.bleepingcomputer.com/combofix/how-to-use-combofix
and this is the log:
ComboFix 08-02-20.2 - cheche 2008-02-22 11:32:38.1 - NTFSx86
Se ejecuta desde: C:\Documents and Settings\cheche.YOUR-A7454AE413\Escritorio\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\pmkhf.dll
C:\Archivos de programa\Helper
C:\Archivos de programa\Helper\1203290901.dll
C:\Archivos de programa\Helper\1203444629.dll
C:\Archivos de programa\Helper\1203444932.dll
C:\Archivos de programa\Internet Explorer\setupapi.dll
C:\d.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\ajwmdgyd.dll
C:\WINDOWS\system32\arqigbql.dll
C:\WINDOWS\system32\awtttst.dll
C:\WINDOWS\system32\balrcbvg.dll
C:\WINDOWS\system32\bdqprftf.dll
C:\WINDOWS\system32\bjclkabn.ini
C:\WINDOWS\system32\cbjeqfae.dll
C:\WINDOWS\system32\cmmuthwe.ini
C:\WINDOWS\system32\creqxemj.dll
C:\WINDOWS\system32\doygsfkh.dll
C:\WINDOWS\system32\drivers\Bcb34.sys
C:\WINDOWS\system32\drivers\Csw70.sys
C:\WINDOWS\system32\drivers\Dwjw82.sys
C:\WINDOWS\system32\drivers\Gswn79.sys
C:\WINDOWS\system32\drivers\Hrro73.sys
C:\WINDOWS\system32\drivers\Hslu74.sys
C:\WINDOWS\system32\drivers\Ikr51.sys
C:\WINDOWS\system32\drivers\Kyg52.sys
C:\WINDOWS\system32\drivers\Lej34.sys
C:\WINDOWS\system32\drivers\Nrl47.sys
C:\WINDOWS\system32\drivers\Plnd44.sys
C:\WINDOWS\system32\drivers\Qhnl47.sys
C:\WINDOWS\system32\drivers\Qixg53.sys
C:\WINDOWS\system32\drivers\Raac17.sys
C:\WINDOWS\system32\drivers\Rpl41.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\Toq43.sys
C:\WINDOWS\system32\drivers\Txx59.sys
C:\WINDOWS\system32\drivers\Vpa26.sys
C:\WINDOWS\system32\drivers\Xvnd46.sys
C:\WINDOWS\system32\ervfnokh.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\fgewhmha.dll
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\finance.txt
C:\WINDOWS\system32\fmqtnpdu.dll
C:\WINDOWS\system32\ftdlyxin.dll
C:\WINDOWS\system32\gpwiydqv.ini
C:\WINDOWS\system32\hkpcusts.ini
C:\WINDOWS\system32\hulgdcdp.ini
C:\WINDOWS\system32\hyphilts.dll
C:\WINDOWS\system32\jmwpgdnr.ini
C:\WINDOWS\system32\ksuchmbm.dll
C:\WINDOWS\system32\lpgdhcst.dll
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mokbdjko.dll
C:\WINDOWS\system32\mqmvgmia.dll
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\msvcrtd.exe
C:\WINDOWS\system32\nkprroxx.dll
C:\WINDOWS\system32\ofthojpm.ini
C:\WINDOWS\system32\ogslsubd.dll
C:\WINDOWS\system32\opnnmnl.dll
C:\WINDOWS\system32\oqmqxdya.dll
C:\WINDOWS\system32\other.txt
C:\WINDOWS\system32\pgwstiar.dll
C:\WINDOWS\system32\pharma.txt
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\qbdywxhp.ini
C:\WINDOWS\system32\rbetrtfc.ini
C:\WINDOWS\system32\redsxfef.ini
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\shpdfxdq.ini
C:\WINDOWS\system32\smamagud.dll
C:\WINDOWS\system32\smdhxwth.ini
C:\WINDOWS\system32\stlihpyh.ini
C:\WINDOWS\system32\teqayamd.dll
C:\WINDOWS\system32\udkvgqgc.dll
C:\WINDOWS\system32\ujvvotvu.ini
C:\WINDOWS\system32\umnvgpmn.dll
C:\WINDOWS\system32\vnmvhhvu.ini
C:\WINDOWS\system32\vqdyiwpg.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wkhdlmiu.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\xuhmgjcr.dll
C:\WINDOWS\system32\yesfqdub.ini
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MSUPDATE
-------\LEGACY_NPF
-------\LEGACY_SYMAVC32
-------\NPF
-------\symavc32
(((((((((((((((((( Archivos creados desde 2008-01-22 - 2008-02-22 )))))))))))))))))))))))))))))))))
.
2008-02-22 11:51 . 2008-02-22 12:12 <DIR> d-------- C:\WINDOWS\system32\acespy
2008-02-21 16:27 . 2008-02-21 16:27 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-02-20 09:52 . 2008-02-22 12:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 09:52 . 2008-02-20 09:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-19 18:25 . 2008-02-19 18:25 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-02-19 11:20 . 2008-02-19 11:20 167,953 --a------ C:\WINDOWS\system32\ssa.dll
2008-02-19 11:11 . 2008-02-19 11:11 122,385 --------- C:\WINDOWS\system32\10540e459d04652460ac514912b21a54.TMP
2008-02-19 11:10 . 2008-02-19 11:11 122,385 --------- C:\WINDOWS\system32\dbafedacfbdafddbef.dll
2008-02-18 19:41 . 2008-02-19 11:15 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-18 19:37 . 2008-02-18 19:37 94,227 --a------ C:\WINDOWS\system32\rxjddnvj.exe
2008-02-17 19:09 . 2008-02-18 10:12 40,960 --a------ C:\WINDOWS\mmhren1.exe
2008-02-17 19:09 . 2008-02-22 10:55 14 --ah----- C:\WINDOWS\mmax_hren2.ini
2008-02-17 19:08 . 2008-02-19 11:22 40,960 --a------ C:\bot.exe
2008-02-17 18:57 . 2008-02-17 18:57 35,840 --a------ C:\d.exe~
2008-02-17 18:57 . 2008-02-17 18:57 3,584 --a------ C:\qrwkjyd.exe~
2008-02-17 14:58 . 2008-02-17 18:57 26,112 --a------ C:\WINDOWS\system32\cygwn32.dll
2008-02-17 14:51 . 2008-02-17 18:57 58,368 --a------ C:\wpohl.exe
2008-02-17 14:51 . 2008-02-17 14:51 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-17 14:05 . 2004-08-20 06:00 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2008-02-17 14:05 . 2004-08-20 06:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys
2008-02-17 14:02 . 2008-02-21 16:27 21,632 --a------ C:\WINDOWS\system32\drivers\Jqa31.sys
2008-02-17 13:56 . 2008-02-17 18:57 52,236 --a------ C:\jupss.exe
2008-02-17 13:33 . 2008-02-22 12:07 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-17 13:32 . 2008-02-17 16:28 18,368 --a------ C:\WINDOWS\system32\service.sys
2008-02-17 13:31 . 2008-02-17 13:27 36,864 --a------ C:\WINDOWS\system32\service.exe~
2008-02-17 13:31 . 2008-02-17 18:57 26,112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-02-17 13:26 . 2008-02-17 18:58 2 --a------ C:\2035002859
2008-02-17 13:25 . 2008-02-17 18:57 54,272 --a------ C:\qsdjpwpb.exe
2008-02-17 13:25 . 2008-02-17 13:25 52,236 --a------ C:\jupss.exe~
2008-02-17 13:25 . 2008-02-17 18:58 10,240 --a------ C:\exujd.exe
2008-02-17 13:14 . 2008-02-17 13:15 <DIR> d-------- C:\Archivos de programa\Windows Defender
2008-02-17 00:40 . 2008-02-17 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Lavasoft
2008-02-16 16:54 . 2008-02-16 16:54 <DIR> d-------- C:\Archivos de programa\Enigma Software Group
2008-02-15 13:24 . 2008-02-22 10:46 13,264 --a------ C:\WINDOWS\BM7a789ed8.xml
2008-02-15 13:24 . 2008-02-21 18:27 21 --a------ C:\WINDOWS\pskt.ini
2008-02-14 17:11 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-14 16:39 . 2008-02-14 16:39 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-14 16:39 . 2008-02-14 16:39 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-14 14:51 . 2008-02-14 14:51 2,578 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-13 17:55 . 2008-02-14 00:25 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-13 17:34 . 2008-02-13 17:34 <DIR> d-------- C:\KAV
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 18:50 9,472 ----a-w C:\WINDOWS\fhfmm.exe
2008-02-22 18:50 29,952 ----a-w C:\WINDOWS\xadbrk.exe
2008-02-22 18:50 28,416 ----a-w C:\WINDOWS\xadbrk.dll
2008-02-22 18:50 27,136 ----a-w C:\WINDOWS\liqui.exe
2008-02-22 18:50 23,040 ----a-w C:\WINDOWS\eventlowg.dll
2008-02-22 18:50 20,992 ----a-w C:\WINDOWS\fhfmm-Uninstaller.exe
2008-02-22 18:50 19,968 ----a-w C:\WINDOWS\liqui-Uninstaller.exe
2008-02-22 18:50 12,288 ----a-w C:\WINDOWS\daxtime.dll
2008-02-22 18:50 12,032 ----a-w C:\WINDOWS\liqui.dll
2008-02-22 18:47 23,296 ----a-w C:\WINDOWS\764.exe
2008-02-18 02:36 --------- d-----w C:\Archivos de programa\Spybot - Search & Destroy
2008-02-17 21:09 --------- d-----w C:\Archivos de programa\Archivos comunes\Symantec Shared
2008-02-17 20:24 --------- d-----w C:\Archivos de programa\BitTorrent_DNA
2008-02-17 20:22 --------- d-----w C:\Documents and Settings\cheche.YOUR-A7454AE413\Datos de programa\BitTorrent DNA
2008-02-17 07:41 --------- d-----w C:\Archivos de programa\Lavasoft
2008-02-17 07:29 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-02-15 02:10 --------- d-----w C:\Archivos de programa\QuickTime
2008-02-15 02:07 --------- d-----w C:\Archivos de programa\Norton AntiVirus
2008-02-15 02:05 --------- d-----w C:\Archivos de programa\MSN Messenger
2008-02-15 01:43 --------- d-----w C:\Archivos de programa\iTunes
2008-02-15 01:35 --------- d-----w C:\Archivos de programa\Google
2008-02-15 01:28 --------- d-----w C:\Archivos de programa\Bonjour
2008-02-14 20:45 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-02-14 07:11 --------- d-----w C:\Archivos de programa\Archivos comunes\Macromedia
2008-02-14 06:47 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-02-14 06:47 --------- d-----w C:\Archivos de programa\Macromedia
2008-02-14 04:20 --------- d-----w C:\Archivos de programa\WMR11
2008-02-14 04:18 --------- d-----w C:\Archivos de programa\MSN Games
2008-02-14 04:17 --------- d-----w C:\Archivos de programa\STATSv2
2008-02-14 04:15 --------- d-----w C:\Archivos de programa\SPSSEval
2008-02-14 03:56 --------- d-----w C:\Archivos de programa\Freecorder
2008-02-14 03:51 --------- d-----w C:\Archivos de programa\DEXPLORE
2008-02-14 03:41 --------- d-----w C:\Archivos de programa\Audio Converter
2008-01-11 06:29 --------- d-----w C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2
2008-01-11 05:37 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 20:15 --------- d-----w C:\Archivos de programa\Windows Live
2008-01-10 20:10 --------- d-----w C:\Archivos de programa\Microsoft SQL Server Compact Edition
2008-01-10 20:05 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-10 19:56 --------- dcsh--w C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-01-10 19:36 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-01-08 05:10 --------- d-----w C:\Archivos de programa\PKR
2007-12-22 05:30 --------- d-----w C:\Documents and Settings\cheche.YOUR-A7454AE413\Datos de programa\BitTorrent
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 16:54 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-08 05:08 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:02 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:01 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-01 04:32 9,074 --sh--w C:\WINDOWS\system32\sttss.tmp
2007-07-27 00:06 482 ----a-w C:\Archivos de programa\Acceso directo a Winamp.lnk
.
I'll do the SDFix now and post the log later. Thanx again man.
Cheche Silveyra
2008-02-26, 00:53
Oh, the Task Manager is working now.
steamwiz
2008-02-26, 01:28
Hi
Thanks ... I wanted to see what Combofix had originally deleted ... I'll check your other logs when you post them tomorrow ... it's well past midnight here ...
steam
Cheche Silveyra
2008-02-26, 05:02
Ok yeah we'll see about it tomorrow. I can't connect to www.safer-networking.org, that's why it took me so long (I think the server's down or something) but here are the logs.
This is the log produced by SDFix:
SDFix: Version 1.147
Run by cheche on 25/02/2008 at 17:19
Microsoft Windows XP [Versión 5.1.2600]
Running From: C:\SDFix\SDFix
Checking Services :
Name:
USB2_04
wer32
Path:
\??\C:\WINDOWS\system32\drivers\nkv2.sys
\??\C:\WINDOWS\system32\jkghje.dll
USB2_04 - Deleted
wer32 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\NSPRS.DLL - Deleted
C:\WINDOWS\SYSTEM32\SERAUTH1.DLL - Deleted
C:\WINDOWS\SYSTEM32\SERAUTH2.DLL - Deleted
C:\WINDOWS\SYSTEM32\SSPRS.DLL - Deleted
C:\203500~1 - Deleted
C:\WINDOWS\System32\drivers\nkv2.sys - Deleted
C:\WINDOWS\system32\jkghje.dll - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 17:39:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:36,a7,6e,91,3b,dd,e2,b0,a3,80,ac,da,fc,98,53,2e,52,dc,4a,4b,61,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c0,91,33,5b,bc,c9,60,e0,da,34,59,38,f8,56,cd,26,fb,a3,dc,4f,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c0,91,33,5b,bc,c9,60,e0,da,34,59,38,f8,56,cd,26,fb,a3,dc,4f,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c0,91,33,5b,bc,c9,60,e0,da,34,59,38,f8,56,cd,26,fb,a3,dc,4f,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c0,91,33,5b,bc,c9,60,e0,da,34,59,38,f8,56,cd,26,fb,a3,dc,4f,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:49,c1,63,72,9a,2a,20,0d,b5,a1,40,3c,df,18,95,57,38,b7,2a,5e,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:49,c1,63,72,9a,2a,20,0d,b5,a1,40,3c,df,18,95,57,38,b7,2a,5e,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:49,c1,63,72,9a,2a,20,0d,b5,a1,40,3c,df,18,95,57,38,b7,2a,5e,72,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\x9ac0\x23b\x9ac0\x23b\1"
"DeviceDesc"="\x9ac0\x23b\x9ac0\x23b\1"
"ProviderName"="\xfed4\21\xee18\x7c91\xff44\21\b"
"MFG"="\x59c"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\swsetup\vid2\sbdrv\smbus\smbusati.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"passwordexpirywarninghash"="n2pig9O8Y3Jc/luyQJ+J/291sGPwcOxG6/k2lWA60xqicbclGcQrY/K37my2tyK+XMpbUiYJyUx1qV2Evh5K7C3sZej6efjtJErtCPElGtmKWpm+q1hudX1LJiBv2JK6812+w6cTurDz68faZOeVUWLmeGoWYU6qGS1t/kJKYhsyoH3hWx8ibOMg3IR0PZoM4+3qdAZNduAPw4gNn69hC3hhnearKQXCIpAezqnTBrYtH9X6nJDHVnwVGptiK8UnbWKwCFu2O+0NyWayExwkOzuMCQF4bWw/yirjJRq1LrDc2ULUpCzXDgNKAt+WsO3muJ2r1gXLXhRkHXsonQfyTYpoHgPy5GGd43zz4KhUTFSGyPUCJioujHiZC7v7QJUYVFTr/bqbkunstpFT4ylLs1eVedrv39GQ89BWUCPtVugCqV0smHvCCdqBEZJPxl98o+ISoGtuOlhZZwuYUUMtxD1mTt1CJPkL8PausIER3w9Ldw5Mh1NstpqzKZ3mANKz7SNaB8PJs4eluw21CDMZ6b59MS+qsYMSWpnbVHJ8O3ngveA6nkEEUaVgkOmvkeIdqrNmbxzsqPrc23SEPDfEkL3GRVQEorW+OjVy6xszpBvZ1DEWmMxYgA+m0WHBkVys17kio3JNHKrakzifV8KhxI60dfDFZP1rEqj9of2FWyubdP2RIEClplQwkZsEDZcUHM8JHvMUz3aLmR87O2QyzWJ2RnEUy0aIMrLB1Vy2cAA+T+SYd0qqhd0k6TZXY1fvd2i/ipMQqb17I89Vr8jkjpqja8TG5pRBsHL2zNu8rz7hyv+Eb0tiJCCuAkX3aBqykR+masvFQuBal9TiCmfEpSQlI6TQoKbxn5DJbQWLoonPF5aUNoSb7byQkI/ZPZe4"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 23
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files :
File Backups: - C:\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 30 Nov 2007 9,074 ..SH. --- "C:\WINDOWS\system32\sttss.tmp"
Tue 20 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 31 Aug 2007 211 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti3.tmp"
Tue 23 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT5.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6302cd953d4f96eddfc52b796b65351e\BIT7.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT4.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT6.tmp"
Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT2.tmp"
Sat 2 Feb 2008 14,683 ...H. --- "C:\Documents and Settings\cheche.YOUR-A7454AE413\Mis documentos\Escritos\LAS FLORES\~WRL0916.tmp"
Finished!
Cheche Silveyra
2008-02-26, 05:09
These are the Deckard's System Scanner logs but ther's a thing, they're called different. ComboScan is (I guess this is it) called main.txt and Supplementary is (I guess again) called extra.txt.
Anyway this is the one called MAIN (the log is too long so this is part one):
Deckard's System Scanner v20071014.68
Run by cheche on 2008-02-25 18:31:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2008-02-26 01:33:21 UTC - RP330 - Deckard's System Scanner Restore Point
3: 2008-02-25 14:08:12 UTC - RP329 - Punto de control del sistema
2: 2008-02-25 12:51:51 UTC - RP328 - Installed SUPERAntiSpyware Professional
1: 2008-02-24 20:34:03 UTC - RP327 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 384 MiB (512 MiB recommended).
-- HijackThis (run as cheche.exe) ----------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-25 18:39:48
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\HPQ\IAM\Bin\asghost.exe
C:\Archivos de programa\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\HPQ\Shared\HpqToaster.exe
C:\Archivos de programa\HPQ\Shared\hpqwmi.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\QuickTime\QTTask.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Windows Defender\MSASCui.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\Windows Media Player\wmpnscfg.exe
C:\Archivos de programa\TechSmith\SnagIt 8\SnagIt32.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\TechSmith\SnagIt 8\TscHelp.exe
C:\Archivos de programa\TechSmith\SnagIt 8\SnagPriv.exe
C:\Documents and Settings\cheche.YOUR-A7454AE413\Escritorio\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Archivos de programa\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Complemento del Asistente para Internet de Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Archivos de programa\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Asistente para Internet de Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\GoogleToolbar4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Archivos de programa\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Archivos de programa\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\ARCHIV~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Archivos de programa\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Archivos de programa\TechSmith\SnagIt 8\SnagIt32.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel.com/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxutsr - C:\WINDOWS\system32\byxutsr.dll (file missing)
O20 - Winlogon Notify: dbafedacfbdafddbef - C:\WINDOWS\system32\dbafedacfbdafddbef.dll
O20 - Winlogon Notify: OneCard - C:\Archivos de programa\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\system32\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\CHECHE~1.YOU\CONFIG~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product=
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Archivos de programa\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 13528 bytes
Cheche Silveyra
2008-02-26, 05:10
Part 2 of the MAIN DSS log:
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 ClntMgmt.sys - c:\windows\system32\drivers\clntmgmt.sys <Not Verified; Hewlett-Packard; Client Management Driver>
R1 SASDIFSV - c:\archivos de programa\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\archivos de programa\superantispyware\saskutil.sys
R3 catchme - c:\docume~1\cheche~1.you\config~1\temp\catchme.sys (file missing)
R3 SASENUM - c:\archivos de programa\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\archivos de programa\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R3 hpqwmi (HP WMI Interface) - c:\archivos de programa\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S2 hpdj - c:\docume~1\cheche~1.you\config~1\temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product= (file missing)
S3 FLEXnet Licensing Service - "c:\archivos de programa\archivos comunes\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\archivos de programa\winpcap\rpcapd.exe" -d -f "c:\archivos de programa\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-02-25 17:35:56 344 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-01 20:18:39 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - cheche.job
-- Files created between 2008-01-25 and 2008-02-25 -----------------------------
2008-02-25 17:13:29 0 d-------- C:\WINDOWS\ERUNT
2008-02-24 17:46:00 0 d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-02-24 13:06:56 0 d-------- C:\Archivos de programa\EsetOnlineScanner
2008-02-22 11:17:36 260272 --a------ C:\cmldr
2008-02-22 11:17:18 0 d-------- C:\cmdcons
2008-02-22 11:00:56 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-22 11:00:56 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-22 11:00:56 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-22 11:00:56 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-19 23:22:06 0 d--hs---- C:\WINDOWS\CSC
2008-02-19 11:10:33 122385 -----n--- C:\WINDOWS\system32\dbafedacfbdafddbef.dll
2008-02-18 19:41:11 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-17 13:25:41 10240 --a------ C:\exujd.exe
2008-02-17 13:14:45 0 d-------- C:\Archivos de programa\Windows Defender
2008-02-16 16:54:26 0 d-------- C:\Archivos de programa\Enigma Software Group
2008-02-14 17:11:13 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-02-14 14:51:24 2578 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-13 17:55:22 0 d-------- C:\WINDOWS\system32\appmgmt
2008-02-13 17:55:12 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-02-13 17:34:22 0 d-------- C:\KAV
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>
-- Find3M Report ---------------------------------------------------------------
2008-02-24 17:46:00 0 d-------- C:\Documents and Settings\cheche.YOUR-A7454AE413\Datos de programa\SUPERAntiSpyware.com
2008-02-24 17:43:03 0 d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-02-17 14:09:05 0 d-------- C:\Archivos de programa\Archivos comunes\Symantec Shared
2008-02-17 13:24:14 0 d-------- C:\Archivos de programa\BitTorrent_DNA
2008-02-17 13:22:34 0 d-------- C:\Documents and Settings\cheche.YOUR-A7454AE413\Datos de programa\BitTorrent DNA
2008-02-17 00:41:07 0 d-------- C:\Archivos de programa\Lavasoft
2008-02-14 19:10:15 0 d-------- C:\Archivos de programa\QuickTime
2008-02-14 19:07:28 0 d-------- C:\Archivos de programa\Norton AntiVirus
2008-02-14 19:05:15 0 d-------- C:\Archivos de programa\MSN Messenger
2008-02-14 18:43:02 0 d-------- C:\Archivos de programa\iTunes
2008-02-14 18:35:09 0 d-------- C:\Archivos de programa\Google
2008-02-14 18:28:02 0 d-------- C:\Archivos de programa\Bonjour
2008-02-14 00:11:04 0 d-------- C:\Archivos de programa\Archivos comunes\Macromedia
2008-02-13 23:47:22 0 d--h----- C:\Archivos de programa\InstallShield Installation Information
2008-02-13 23:47:11 0 d-------- C:\Archivos de programa\Macromedia
2008-02-13 23:44:39 0 d-------- C:\Archivos de programa\Archivos comunes
2008-02-13 23:44:32 0 d-------- C:\Documents and Settings\cheche.YOUR-A7454AE413\Datos de programa\Macromedia
2008-02-13 21:20:21 0 d-------- C:\Archivos de programa\WMR11
2008-02-13 21:18:38 0 d-------- C:\Archivos de programa\MSN Games
2008-02-13 21:17:22 0 d-------- C:\Archivos de programa\STATSv2
2008-02-13 21:15:29 0 d-------- C:\Archivos de programa\SPSSEval
2008-02-13 20:56:33 0 d-------- C:\Archivos de programa\Freecorder
2008-02-13 20:51:58 0 d-------- C:\Archivos de programa\DEXPLORE
2008-02-13 20:41:39 0 d-------- C:\Archivos de programa\Audio Converter
2008-01-10 23:29:25 0 d-------- C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2
2008-01-10 13:15:09 0 d-------- C:\Archivos de programa\Windows Live
2008-01-10 13:10:13 0 d-------- C:\Archivos de programa\Microsoft SQL Server Compact Edition
2008-01-10 13:05:38 586240 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
2008-01-10 12:56:38 0 d--hs--c- C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-01-07 22:10:14 0 d-------- C:\Archivos de programa\PKR
2007-12-04 12:16:08 444150 --a------ C:\WINDOWS\system32\perfh00A.dat
2007-12-04 12:16:08 70502 --a------ C:\WINDOWS\system32\perfc00A.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Archivos de programa\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [24/10/2005 05:23]
"CognizanceTS"="C:\ARCHIV~1\HPQ\IAM\Bin\AsTsVcc.dll" [22/12/2003 11:12]
"SynTPEnh"="C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [20/06/2005 04:50]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00:47]
"QuickTime Task"="C:\Archivos de programa\QuickTime\QTTask.exe" [14/11/2007 23:43]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [15/11/2007 13:11]
"ccApp"="C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" [03/09/2006 00:04]
"osCheck"="C:\Archivos de programa\Norton AntiVirus\osCheck.exe" [05/09/2006 18:22]
"Windows Defender"="C:\Archivos de programa\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/07/2007 13:14]
"MsnMsgr"="C:\Archivos de programa\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 06:00]
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" []
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
"WMPNSCFG"="C:\Archivos de programa\Windows Media Player\WMPNSCFG.exe" [03/11/2006 10:02]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\ARCHIV~1\ARCHIV~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Inicio r pido de Adobe Reader.lnk - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
SnagIt 8.lnk - C:\Archivos de programa\TechSmith\SnagIt 8\SnagIt32.exe [16/02/2007 17:40:52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxutsr]
byxutsr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbafedacfbdafddbef]
C:\WINDOWS\system32\dbafedacfbdafddbef.dll 19/02/2008 11:11 122385 C:\WINDOWS\system32\dbafedacfbdafddbef.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Archivos de programa\HPQ\IAM\Bin\AsWlnPkg.dll 25/07/2005 11:41 40960 C:\Archivos de programa\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jqa31.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Archivos de programa\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASChannel
Usnsvc usnsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa0d219-54c1-11dc-90b9-0014a5a400c0}]
AutoRun\command- E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4d8f380-a508-11db-8fc1-0014a5a400c0}]
AutoRun\command- E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de3b9fb2-c8ef-11db-9005-0014a5a400c0}]
AutoRun\command- E:\LaunchU3.exe
-- End of Deckard's System Scanner: finished at 2008-02-25 18:41:48 ------------
Cheche Silveyra
2008-02-26, 05:20
Just one question, my computer is unplugged from the electricity and it doesn't show the battery icon, is this ok?
This is the first part of the EXTRA DSS log:
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Spanish
CPU 0: Mobile AMD Sempron(tm) 3300+
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 383.36 MiB / 93.36 MiB
Pagefile Memory (total/avail): 920.82 MiB / 539.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.53 MiB
C: is Fixed (NTFS) - 55.88 GiB total, 23.3 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - FUJITSU MHV2060AH - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Sistema de archivos instalables - 55.88 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation) Outdated
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\cheche.YOUR-A7454AE413\Datos de programa
CLASSPATH=.;C:\Archivos de programa\Java\jre1.5.0_04\lib\ext\QTJava.zip
CommonProgramFiles=C:\Archivos de programa\Archivos comunes
COMPUTERNAME=YOUR-A7454AE413
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\cheche.YOUR-A7454AE413
LOGONSERVER=\\YOUR-A7454AE413
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Archivos de programa\ATI Technologies\ATI Control Panel;C:\Archivos de programa\HPQ\IAM\bin;C:\Archivos de programa\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Archivos de programa
PROMPT=$P$G
QTJAVA=C:\Archivos de programa\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHECHE~1.YOU\CONFIG~1\Temp
TMP=C:\DOCUME~1\CHECHE~1.YOU\CONFIG~1\Temp
USERDOMAIN=YOUR-A7454AE413
USERNAME=cheche
USERPROFILE=C:\Documents and Settings\cheche.YOUR-A7454AE413
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
cheche.YOUR-A7454AE413 (admin)
surfing
Administrador (admin)
Invitado (guest)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Archivos de programa\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUn040a.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{4B039A59-1E82-4009-9335-19BD99A6FBC0}
--> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0xa -removeonly -S
--> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actualización de seguridad para el Reproductor de Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Actualización de seguridad para el Reproductor de Windows Media 9 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Actualización de seguridad para Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Actualización de seguridad para Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Actualización de seguridad para Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Actualización para Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Actualización para Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Actualización para Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Actualización para Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Actualización para Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Actualización para Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Actualización para Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Actualización para Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Actualización para Windows XP (KB912945) -->
Actualización para Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Actualización para Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Actualización para Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Actualización para Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Actualización para Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Actualización para Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Actualización para Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Actualización para Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Actualización para Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Actualización para Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Personal --> C:\ARCHIV~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\ARCHIV~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Archivos de programa\Archivos comunes\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.7 - Español --> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A70500000002}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Cheche Silveyra
2008-02-26, 05:22
This is part 2 of the EXTRA DSS log:
Athlon 64 Processor Driver --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0xa
ATI - Utilidad de desinstalación de software --> C:\Archivos de programa\ATI Technologies\UninstallAll\AtiCimUn.exe
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
BitTorrent 6.0 --> C:\Archivos de programa\BitTorrent\uninst.exe
BitTorrent DNA --> "C:\Archivos de programa\BitTorrent_DNA\dna.exe" /UNINSTALL
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Conexant AC-Link Audio --> C:\Archivos de programa\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL308BA.INF
DivX Codec --> C:\Archivos de programa\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Archivos de programa\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Archivos de programa\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Archivos de programa\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Archivos de programa\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Egipto Kids --> C:\WINDOWS\IsUn040a.exe -f"C:\Archivos de programa\CRYO\Egipto Kids\Uninst.isu"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\archivos de programa\google\googletoolbar4.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP BIOS Configuration for ProtectTools 1.00 D4 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\Setup.exe" -l0xa biosuninst
HP Credential Manager for ProtectTools --> MsiExec.exe /X{55CDD6B8-12A2-4665-94C0-21C6C3CD223D}
hp deskjet 3500 series --> rundll32 hpzcon09.dll,VendorJettison hp deskjet 3500 series
HP Help and Support --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0xa -removeonly
HP Notebook Accessories Product Tour --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9 -removeonly
HP ProtectTools Security Manager 2.00 A4 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\Setup.exe" -l0xa hpquninst
HP Wireless Assistant 2.00 B1 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0xa hpquninst
HP_User_Guides_0003 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{5821272A-4A0B-4A0B-AE3B-9D8D04D39487}\setup.exe" -l0xa -removeonly
InFlac 1.1.1 --> "C:\Archivos de programa\Winamp\InFlac-Uninstall.exe"
Instant Source --> C:\Program Files\Instant Source\uninstall.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo DVD Check --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Archivos de programa\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
L&H TTS3000 Español --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSSPE.inf, Uninstall
LimeWire 4.12.11 --> "C:\Archivos de programa\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Archivos de programa\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta 2006 Biblioteca Premium DVD --> MsiExec.exe /I{06140081-3E21-46D6-9A91-D927BA08F41D}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170C0A-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Archivos de programa\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero OEM --> C:\Archivos de programa\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Archivos de programa\Archivos comunes\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Panel de Control de ATI --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PKR --> "C:\Archivos de programa\PKR\uninstall-pkr.exe"
PowerDVD --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quick Launch Buttons 5.20 F2 --> RunDll32 C:\ARCHIV~1\ARCHIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Archivos de programa\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0xa -uninst
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Revisión de Windows XP - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Revisión de Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Revisión de Windows XP - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Revisión de Windows XP - KB884575 --> C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
Revisión de Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Revisión de Windows XP - KB885464 --> C:\WINDOWS\$NtUninstallKB885464$\spuninst\spuninst.exe
Revisión de Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Revisión de Windows XP - KB885855 --> C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Revisión de Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Revisión de Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Revisión de Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Revisión de Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Revisión de Windows XP - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Revisión de Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Revisión de Windows XP - KB888401 --> C:\WINDOWS\$NtUninstallKB888401$\spuninst\spuninst.exe
Revisión de Windows XP - KB888402 --> C:\WINDOWS\$NtUninstallKB888402$\spuninst\spuninst.exe
Revisión de Windows XP - KB889673 --> C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Revisión de Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Revisión de Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Revisión de Windows XP - KB892559 --> "C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe"
Revisión para el Reproductor de Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Revisión para Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Revisión para Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Scroll Mouse --> C:\Archivos de programa\Scroll Mouse\Setup.exe /Uninstall
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SnagIt 8 --> MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}
SoftV.90 Data Fax Modem with SmartCP --> C:\Archivos de programa\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_308x103C\HXFSETUP.EXE -U -Ihpm308bk.inf
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoulSeek Client 157 test 12b --> "C:\Archivos de programa\Soulseek-Test\uninstall.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Archivos de programa\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Archivos de programa\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1034
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
Virtual Showroom --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.b-g.be/showroom/showroom.jnlp"
Winamp (remove only) --> "C:\Archivos de programa\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /I{1692CC0E-8798-493A-9580-23555E21C14B}
Windows Live Messenger --> MsiExec.exe /I{B0FE9AD8-6063-4D40-A8AF-DF3BDF11508F}
Windows Live Photo Gallery --> MsiExec.exe /X{257E440F-781F-459B-9A68-A0872B80C1D6}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Archivos de programa\WinRAR\uninstall.exe
WinZip --> "C:\Archivos de programa\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.2 final uninstall --> "C:\Archivos de programa\Xvid\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type3647 / Warning
Event Submitted/Written: 02/25/2008 05:04:47 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows no puede descargar su archivo del Registro de clases - todavía está en uso por otras aplicaciones o servicios. El archivo se descargará cuando no esté en uso.
Event Record #/Type3633 / Warning
Event Submitted/Written: 02/25/2008 09:44:06 AM
Event ID/Source: 4356 / EventSystem
Event Description:
El sistema de sucesos COM+ no pudo crear una instancia del suscriptor partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject devolvió como HRESULT 8000401A.
Event Record #/Type3632 / Warning
Event Submitted/Written: 02/25/2008 09:43:50 AM
Event ID/Source: 4356 / EventSystem
Event Description:
El sistema de sucesos COM+ no pudo crear una instancia del suscriptor partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject devolvió como HRESULT 8000401A.
Event Record #/Type3629 / Warning
Event Submitted/Written: 02/25/2008 07:01:40 AM
Event ID/Source: 4356 / EventSystem
Event Description:
El sistema de sucesos COM+ no pudo crear una instancia del suscriptor partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject devolvió como HRESULT 8000401A.
Event Record #/Type3573 / Error
Event Submitted/Written: 02/22/2008 02:47:07 PM / 02/22/2008 02:47:24 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error
Initialization of the COM subsystem failed. Error code: 0x8007041D
Cheche Silveyra
2008-02-26, 05:24
Thanx again man, this is the last part of the EXTRA DSS log:
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type41219 / Warning
Event Submitted/Written: 02/25/2008 06:41:09 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-A7454AE41327 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-A7454AE41327 can't undo changes that you allow.
For more information please see the following:
%YOUR-A7454AE413275
Scan ID: {FBB684A3-B526-43CD-BBB9-DB397EBF50B5}
User: YOUR-A7454AE413\cheche
Name: %YOUR-A7454AE413271
ID: %YOUR-A7454AE413272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-A7454AE413276
Alert Type: %YOUR-A7454AE413278
Detection Type: 1.1.1593.02
Event Record #/Type41218 / Warning
Event Submitted/Written: 02/25/2008 06:41:09 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-A7454AE41327 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-A7454AE41327 can't undo changes that you allow.
For more information please see the following:
%YOUR-A7454AE413275
Scan ID: {46E50423-B2A3-4D99-86DC-179997CB007C}
User: YOUR-A7454AE413\cheche
Name: %YOUR-A7454AE413271
ID: %YOUR-A7454AE413272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-A7454AE413276
Alert Type: %YOUR-A7454AE413278
Detection Type: 1.1.1593.02
Event Record #/Type41217 / Warning
Event Submitted/Written: 02/25/2008 06:41:09 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-A7454AE41327 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-A7454AE41327 can't undo changes that you allow.
For more information please see the following:
%YOUR-A7454AE413275
Scan ID: {184AC598-90B9-4C6A-916B-472E9740183F}
User: YOUR-A7454AE413\cheche
Name: %YOUR-A7454AE413271
ID: %YOUR-A7454AE413272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-A7454AE413276
Alert Type: %YOUR-A7454AE413278
Detection Type: 1.1.1593.02
Event Record #/Type41216 / Warning
Event Submitted/Written: 02/25/2008 06:41:09 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-A7454AE41327 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-A7454AE41327 can't undo changes that you allow.
For more information please see the following:
%YOUR-A7454AE413275
Scan ID: {B10826B3-E9E3-45DF-93F4-69C55A71614C}
User: YOUR-A7454AE413\cheche
Name: %YOUR-A7454AE413271
ID: %YOUR-A7454AE413272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-A7454AE413276
Alert Type: %YOUR-A7454AE413278
Detection Type: 1.1.1593.02
Event Record #/Type41215 / Warning
Event Submitted/Written: 02/25/2008 06:12:05 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-A7454AE41327 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-A7454AE41327 can't undo changes that you allow.
For more information please see the following:
%YOUR-A7454AE413275
Scan ID: {189113DA-7E3B-4AE4-9A07-FFFB4EDC2CDD}
User: YOUR-A7454AE413\cheche
Name: %YOUR-A7454AE413271
ID: %YOUR-A7454AE413272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %YOUR-A7454AE413276
Alert Type: %YOUR-A7454AE413278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2008-02-25 18:41:48 ------------
steamwiz
2008-02-26, 20:33
Hi
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\BM7a789ed8.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dbafedacfbdafddbef.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\sttss.tmp
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft hren1"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxutsr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbafedacfbdafddbef]
Save this as "CFScript.txt"
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (run from the link on your desktop)
Let me know if your problems are resolved ?
steam
Cheche Silveyra
2008-02-26, 21:55
Hey man, I just did what you posted and something bad happened. I can´t start Windows. First I saw a blue screen saying something like (I didn't have time to read it all because it disappeared):
STOP:c000021a {Serious system error}
Then it disappeared and changed to black and says:
Windows not started because the next file is missing or damaged:
<windows root>\system32\hal.dll.
reinstall a copy of the mentioned file.
This is a translation since everything comes up in spanish but its what it says. It starts and stays in that black screen. What do I do?
steamwiz
2008-02-27, 00:16
Hi
There was nothing in the script I gave which would, on the face of it cause any problems, but there is always an element of risk when removing malware ...
I think it's highly probable that the hal.dll is OK & your boot.ini file has been corrupted by the malware ...
Do you have the recovery console installed ? if so follow the instructions here :-
Use ...
Type bootcfg /list to show the current entries in the BOOT.INI file ( please make a copy of the corrupt boot.ini file and post it back here )
Type bootcfg /rebuild to repair it
http://pcsupport.about.com/od/termsb/p/bootcfg.htm
http://pcsupport.about.com/od/fixtheproblem/ht/repairbootini.htm
If this doesn't work, you may want to look for other remedies in google search as I have to get to bed now ...
http://www.google.com
search with the words ...
missing or corrupt hal.dll
steam
Cheche Silveyra
2008-02-27, 02:38
Hey man, I can't type anything, any key I press reboots the computer. It starts and shows the HP logo and then goes to the black screen again.
The first time I ran ComboFix I dragged the Recovery Console into it and I have the option to start in Windows XP or in Recovery Console but if I choose the console it says Starting Windows Recovery and then it says:
"The recovery console provides system repair and recovery functionality. Type EXIT to quit the recovery console and restart the computer.
C:\:"
Thats it, but it says this for a moment too:
"To select non default keyboard layout press enter now" and a countdown.
Before it loads it says:
"press f6 if you need to install a third party SCSI or RAID driver"
Should I insert the Service Pack? Im replying from another computer.
Cheche Silveyra
2008-02-27, 03:51
Ok ok I got it now. Sorry about last post. It says "There are currently no boot entries available to display" after typing BOOTCFG /LIST
steamwiz
2008-02-27, 20:42
Go to recovery console & do this :-
Type bootcfg /rebuild to repair it
Cheche Silveyra
2008-02-29, 04:36
Hello Steam, I did the boot but now it says that the system32\config\system doesn't exist. I did a lot of stuff, one of them being another installation of Windows (named Windows2) and I was looking through the folders and found out that the original windows\system32 folder is quarantined inside the quoobox folder. That folder was created by combofix right?
What can I do?
Thanx man.
steamwiz
2008-02-29, 18:02
HI
Yes that's Combofix quarantine ... Obviously there are safeguards in place so that Combofix can't do this sort of thing ... the malware you have/had has interfered with the running if Combofix.
I have informed sUBs, the author of Combofix as he will want to try and find out what has happened ...
It should be possible to replace everything from the qoobox quarantine folder, but I want to hear what sUBs has to say first before I tell you to do anything.
Could you post the exact path where you see the windows/system32 folder in qoobox ...
Unfortunately I have to leave soon & will be away for a few days ... someone else may post to this thread while I'm gone.
steam
steamwiz
2008-02-29, 18:08
One other thing, once the files are back in place, the Boot.ini will probably have to be rebuilt again, running bootcfg /rebuild when there was no o/s to find will probably have corrupted it.
Did you perform a parallel install? Or was it a Repair install?
Cheche Silveyra
2008-02-29, 20:46
Hey whats up guys? Hum, the path to the system32 folder is this
c:\qoobox\quarantine\c\windows\system32
And im really sUBs but I don't know about parallel or repair. I tried to repair it using the Sevice Pack 2 but couldnt do much so I installed another folder with windows (windows2) and then I was able to do the bootcfg. But after that it said that the system32\config\system file was missing.
Thats how I was able to look inside the folders and found out the system32 folder was quarantined.
Thanx guys, thanx steam.
Please excuse me for I don't quite understand your last statement.
I tried to repair it using the Sevice Pack 2 but couldnt do much so I installed another folder with windows (windows2)
By Service Pack 2, do you mean an installation CD for Windows XP with SP2 included?
Where is this Windows2 folder located? Is it C:\Windows2 ?
Do you have another folder by the name of C:\Windows ... i.e. without numbers?
Cheche Silveyra
2008-02-29, 21:49
Hello.
Yes, it's c:windows2.
The original windows path is c:windows.
And yes, that's the cd.
steamwiz
2008-03-03, 21:26
Hi
Sorry for the delay, been away for a few days ...
when you look at the hard-drive from your second installation of XP...
Do you see a c:\windows2\ folder which includes a system32 folder & a lot of other files & folders ?
&
Do you see a c:\windows\ folder which DOES NOT include a system32 but has more or less the same files & folders as the windows2\ folder ?
This statement by you is confusing :-
And yes, that's the cd.
It almost sounds as if you are booting from a "live" CD ?
steam