rob75
2008-03-09, 10:24
Hello:
I scanned my computer with prevx csi and it came back with three problems. I was able to get rid of two of the problems. I need help getting rid of admggxp.dll and erasing all past restore points. Spybot does not note any problems. I used Regdllview to see if I could get more information on admgxp.dll. It tells me that admgxp.dll is on drive C and is integrated into 77 reg keys. I think I have said that correctly. Below are my HJT and Kaspersky logs. Thank you for your help. Rob
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 08, 2008 11:10:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/03/2008
Kaspersky Anti-Virus database records: 615488
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\
Scan Statistics:
Total number of scanned objects: 67342
Number of viruses found: 3
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:04:55
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Historial\History.IE5\MSHist012008030820080309\index.dat Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Temp\hpotdd001.log Object is locked skipped
C:\Documents and Settings\usuario\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\usuario\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\usuario\ntuser.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_628.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT03a52.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT03338.TMP Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\MESA_PEQUENA.ldb Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\admggxp.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bau skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP535\A0084189.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084299.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084386.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084398.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084398.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084398.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084447.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bau skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP542\change.log Object is locked skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP542\A0084464.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP542\A0084464.exe CreateInstall: infected - 1 skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:18, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Archivos de programa\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Microsoft Office\Office\3082\OLFSNT40.EXE
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\ARCHIV~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 172.26.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Archivos de programa\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\ARCHIV~1\ADVANC~1\ADVANC~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\ARCHIV~1\ADVANC~1\advancedsearchbar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Archivos de programa\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Archivos de programa\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Archivos de programa\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Puerto Symantec Fax Starter Edition.lnk = C:\Archivos de programa\Microsoft Office\Office\3082\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\ARCHIV~1\ADVANC~1\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\ARCHIV~1\ADVANC~1\advancedsearchbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175673536390
O17 - HKLM\System\CCS\Services\Tcpip\..\{07B2FC2A-EFCC-4927-9666-CD13E509EDB0}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07B2FC2A-EFCC-4927-9666-CD13E509EDB0}: NameServer = 194.224.52.36,194.224.52.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{07B2FC2A-EFCC-4927-9666-CD13E509EDB0}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{07B2FC2A-EFCC-4927-9666-CD13E509EDB0}: NameServer = 80.58.61.250,80.58.61.254
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servicio del iPod (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8099 bytes
I scanned my computer with prevx csi and it came back with three problems. I was able to get rid of two of the problems. I need help getting rid of admggxp.dll and erasing all past restore points. Spybot does not note any problems. I used Regdllview to see if I could get more information on admgxp.dll. It tells me that admgxp.dll is on drive C and is integrated into 77 reg keys. I think I have said that correctly. Below are my HJT and Kaspersky logs. Thank you for your help. Rob
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 08, 2008 11:10:16 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/03/2008
Kaspersky Anti-Virus database records: 615488
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\
Scan Statistics:
Total number of scanned objects: 67342
Number of viruses found: 3
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:04:55
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Historial\History.IE5\MSHist012008030820080309\index.dat Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\usuario\Configuración local\Temp\hpotdd001.log Object is locked skipped
C:\Documents and Settings\usuario\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\usuario\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\usuario\ntuser.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_628.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT03a52.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT03338.TMP Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\MESA_PEQUENA.ldb Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\admggxp.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bau skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP535\A0084189.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084299.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084386.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084398.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084398.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084398.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP541\A0084447.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bau skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP542\change.log Object is locked skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP542\A0084464.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\System Volume Information\_restore{8D8D847A-F913-445E-877B-8B6013BCC846}\RP542\A0084464.exe CreateInstall: infected - 1 skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:18, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Archivos de programa\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Microsoft Office\Office\3082\OLFSNT40.EXE
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\ARCHIV~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 172.26.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Archivos de programa\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\ARCHIV~1\ADVANC~1\ADVANC~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\ARCHIV~1\ADVANC~1\advancedsearchbar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [VOBID] C:\Archivos de programa\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Archivos de programa\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Archivos de programa\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Puerto Symantec Fax Starter Edition.lnk = C:\Archivos de programa\Microsoft Office\Office\3082\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\ARCHIV~1\ADVANC~1\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\ARCHIV~1\ADVANC~1\advancedsearchbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175673536390
O17 - HKLM\System\CCS\Services\Tcpip\..\{07B2FC2A-EFCC-4927-9666-CD13E509EDB0}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07B2FC2A-EFCC-4927-9666-CD13E509EDB0}: NameServer = 194.224.52.36,194.224.52.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{07B2FC2A-EFCC-4927-9666-CD13E509EDB0}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{07B2FC2A-EFCC-4927-9666-CD13E509EDB0}: NameServer = 80.58.61.250,80.58.61.254
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servicio del iPod (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 8099 bytes